Wargame
-
Protostar - Stack 1Wargame/Exploit-Exercises 2014. 5. 15. 14:26
1. 문제 Source#include #include #include #include int main(int argc, char **argv) { volatile int modified; char buffer[64]; if(argc == 1) { errx(1, "please specify an argument\n"); } modified = 0; strcpy(buffer, argv[1]); if(modified == 0x61626364) { printf("you have correctly got the variable to the right value\n"); } else { printf("Try again, you got 0x%08x\n", modified); } } 2. 풀이 user@protosta..
-
Protostar - Stack 0Wargame/Exploit-Exercises 2014. 5. 14. 16:43
1. 문제 Source#include #include #include int main(int argc, char **argv) { volatile int modified; char buffer[64]; modified = 0; gets(buffer); if(modified != 0) { printf("you have changed the 'modified' variable\n"); } else { printf("Try again?\n"); } } 2. 풀이 user@protostar:/opt/protostar/bin$ python -c "print 'A'*65" | ./stack0 you have changed the 'modified' variable
-
Protostar 시작Wargame/Exploit-Exercises 2014. 5. 14. 16:39
1. 소개Exploit-Exercises.com의 두번째 단계인 Protostar ( Introducing memory corruption in Linux/x86 ) 페이지를 살펴보면 이번 파트에서 실습하며 공부할 수 있는 공격 기법은 아래와 같다.또한 이번 파트는 ASLR(Address Space Layout Randomisation) 이나 NX(Non-Executable memory) 와 같은 설정이 꺼져있어 입문자에겐 아주 좋은듯 (다음 파트인 Fusion에서 이 설정들을 우회해야 하는듯 하다.) 2. 시작하기시작방법은 Nebula와 동일하다.Exploit-Exercises.com 으로 접속 후 Download 페이지에서 exploit-exercises-protostar-2.iso 이미지를 다운받자..
-
[LEVEL11] (skeleton -> golem) : stack destroyerWargame/LordOfTheBof (redhat) 2013. 7. 5. 10:49
1. 문제 Source/* The Lord of the BOF : The Fellowship of the BOF - golem - stack destroyer */ #include #include extern char **environ; main(int argc, char *argv[]) { char buffer[40]; int i; if(argc < 2){ printf("argv error\n"); exit(0); } if(argv[1][47] != '\xbf') { printf("stack is still your friend.\n"); exit(0); } strcpy(buffer, argv[1]); printf("%s\n", buffer); // stack destroyer! memset(buffe..
-
[LEVEL10] (vampire -> skeleton) : argv hunterWargame/LordOfTheBof (redhat) 2013. 6. 28. 16:20
1. 문제 Source/* The Lord of the BOF : The Fellowship of the BOF - skeleton - argv hunter */ #include #include extern char **environ; main(int argc, char *argv[]) { char buffer[40]; int i, saved_argc; if(argc < 2){ printf("argv error\n"); exit(0); } // egghunter for(i=0; environ[i]; i++) memset(environ[i], 0, strlen(environ[i])); if(argv[1][47] != '\xbf') { printf("stack is still your friend.\n");..
-
[LEVEL9] (troll -> vampire) : check 0xbfffWargame/LordOfTheBof (redhat) 2013. 6. 28. 16:08
1. 문제 Source/* The Lord of the BOF : The Fellowship of the BOF - vampire - check 0xbfff */ #include #include main(int argc, char *argv[]) { char buffer[40]; if(argc < 2){ printf("argv error\n"); exit(0); } if(argv[1][47] != '\xbf') { printf("stack is still your friend.\n"); exit(0); } // here is changed! if(argv[1][46] == '\xff') { printf("but it's not forever\n"); exit(0); } strcpy(buffer, argv..
-
[LEVEL8] (orge -> troll) : check argcWargame/LordOfTheBof (redhat) 2013. 6. 27. 17:58
1. 문제 Source/* The Lord of the BOF : The Fellowship of the BOF - troll - check argc + argv hunter */ #include #include extern char **environ; main(int argc, char *argv[]) { char buffer[40]; int i; // here is changed if(argc != 2){ printf("argc must be two!\n"); exit(0); } // egghunter for(i=0; environ[i]; i++) memset(environ[i], 0, strlen(environ[i])); if(argv[1][47] != '\xbf') { printf("stack i..
-
[LEVEL7] (darkelf -> orge) : check argv[0]Wargame/LordOfTheBof (redhat) 2013. 6. 27. 16:45
1. 문제 Source/* The Lord of the BOF : The Fellowship of the BOF - orge - check argv[0] */ #include #include extern char **environ; main(int argc, char *argv[]) { char buffer[40]; int i; if(argc < 2){ printf("argv error\n"); exit(0); } // here is changed! if(strlen(argv[0]) != 77){ printf("argv[0] error\n"); exit(0); } // egghunter for(i=0; environ[i]; i++) memset(environ[i], 0, strlen(environ[i])..