Wargame22 [Rookiss] fsb fsb.c 소스 #include #include #include unsigned long long key; char buf[100]; char buf2[100]; int fsb(char** argv, char** envp){ char* args[]={"/bin/sh", 0}; int i; char*** pargv = &argv; char*** penvp = &envp; char** arg; char* c; for(arg=argv;*arg;arg++) for(c=*arg; *c;c++) *c='\0'; for(arg=envp;*arg;arg++) for(c=*arg; *c;c++) *c='\0'; *pargv=0; *penvp=0; for(i=0; i 2014. 7. 7. [LOB_FC3] gate ->iron_golem #Env - NX- ascii armor- random stack #Technic - &ret sled로 RTL 인자 구성 iron_golem.c 소스 [gate@Fedora_1stFloor ~]$ cat iron_golem.c /* The Lord of the BOF : The Fellowship of the BOF - iron_golem - Local BOF on Fedora Core 3 - hint : fake ebp */ int main(int argc, char *argv[]) { char buffer[256]; if(argc < 2){ printf("argv error\n"); exit(0); } strcpy(buffer, argv[1]); printf("%s\n", buffer); } 1] .. 2014. 7. 5. [exploit-exercises] fusion level02 [ fusion level02 ] 1#include "../common/common.c" 2 3#define XORSZ 32 4 5void cipher(unsigned char *blah, size_t len) 6{ 7 static int keyed; 8 static unsigned int keybuf[XORSZ]; 9 10 int blocks; 11 unsigned int *blahi, j; 12 13 if(keyed == 0) { 14 int fd; 15 fd = open("/dev/urandom", O_RDONLY); 16 if(read(fd, &keybuf, sizeof(keybuf)) != sizeof(keybuf)) exit(EXIT_FAILURE); 17 close(fd); 18 keyed .. 2014. 4. 25. [exploit-exercises] fusion level01 [ fusion level01 ] 1#include "../common/common.c" 2 3int fix_path(char *path) 4{ 5 char resolved[128]; 6 7 if(realpath(path, resolved) == NULL) return 1; // can't access path. will error trying to open 8 strcpy(path, resolved); 9} 10 11char *parse_http_request() 12{ 13 char buffer[1024]; 14 char *path; 15 char *q; 16 17 // printf("[debug] buffer is at 0x%08x :-)\n", buffer); :D 18 19 if(read(0, .. 2014. 4. 20. 이전 1 2 3 4 5 6 다음