8.9k words 8 mins.

# 2018 强网杯 core,作为 kernel 学习开始的记录,栈溢出,ret2rop # 前置 zhishi # 1. 题目环境 题目保护环境有两类,一类可执行文件的保护机制,一类是文件系统驱动内核的保护机制 123456789101112131415161718dreamcat@ubuntu:~/Desktop/kernel/2018qwb_core/give_to_player$ checksec core.ko[*]...
28k words 25 mins.

# MRCTF pwn ezbash 拿到题目的时候,直接运行起来发现是一个文件系统,怀疑是不是一个 kernel 的题目,但是并没有给出内核文件,所以认定了就是一道堆题。这也是我坚持做下去的原因。 # 题目链接 https://github.com/dreamkecat/dreamkecat.github.io/tree/main/challenge/MRctf_ezbash # 环境 1234567dreamcat@ubuntu:~/Desktop/mrctf/ezbash$ strings libc.so.6 |grep ubuntuGNU C Library (Ubuntu...
24k words 21 mins.

# starctf babynote musl1.2.2 # 环境以及保护 1234567891011dreamcat@ubuntu:~/Desktop/*ctf/babbynote/attachment$ file babynote babynote: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib/ld-musl-x86_64.so.1,...
6.5k words 6 mins.

# from 2022.4.18 *ctf pwn examination # 保护: 1234567dreamcat@ubuntu:~/Desktop/*ctf/examin$ checksec --file=examinationRELRO STACK CANARY NX PIE Full RELRO Canary found NX enabled PIE enabled RPATH RUNPATH Symbols FORTIFY Fortified Fortifiable FILENo RPATH RW-RUNPATH No Symbols ...
11k words 10 mins.

# pwnable.tw bookwriter ubuntu16,libc 2.23 # 保护: 12345678giantbranch@ubuntu:~/Desktop/pwnabletw/BookWriter$ checksec --file=bookwriter[*] '/home/giantbranch/Desktop/pwnabletw/BookWriter/bookwriter' Arch: amd64-64-little RELRO: Full RELRO Stack: Canary found NX: NX enabled PIE: No...
3.2k words 3 mins.

# pwnable.tw tcache_tear # 保护: 1234567dreamcat@ubuntu:~/Desktop/pwnable/Tcache Tear$ checksec --file=tcache_tearRELRO STACK CANARY NX PIE RPATH RUNPATH Symbols FORTIFY Fortified Fortifiable FILEFull RELRO Canary found NX enabled No PIE No RPATH No RUNPATH No Symbols ...
5.6k words 5 mins.

# unsortedbin_attack global_max_fast # 保护 1234567891011giantbranch@ubuntu:~/Desktop/ruan/attack_global_max_fast$ file note_five note_five: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32,...
4.4k words 4 mins.

# # I IO_buf_base 劫持技术, # 文章写的会比较凌乱,是在一边解题同时记录 # 环境以及保护 1234567891011121314giantbranch@ubuntu:~/Desktop/pwnabletw/hijack_io_buf_base$ strings libc.so.6 | grep ubuntu GNU C Library (Ubuntu GLIBC 2.23-0ubuntu11) stable release version 2.23, by Roland McGrath et...
15k words 14 mins.

# 这次的题比较难搞,但是攻击点挺单一,过程中里到了 2 个手法 # 环境以及保护 1234567giantbranch@ubuntu:~/Desktop/buuoj/roarctf_2019_easy_pwn$ checksec --file=roarctf[*] '/home/giantbranch/Desktop/buuoj/roarctf_2019_easy_pwn/roarctf' Arch: amd64-64-little RELRO: Full RELRO Stack: Canary found NX: NX enabled PIE: PIE...