@d0razi

[Dreamhack] Kind kid list Write up

Dec 30, 2024 · 5 min read · 코드 분석 int __fastcall __noreturn main(int argc, const char ** argv, const char ** envp) { char * v3; // rsi char * v4; // rdi __int64 v5; // rdx __int64 v6; // rcx __int64 v7; // r8 __int64 v8; // r9 const char * v9; // rsi...

[HTB] racecar

Dec 30, 2024 · 7 min read · 문제 풀이 파일은 바이너리만 제공해주고, 보호기법은 모두 적용되어 있네요. ❯ ls racecar ❯ checksec racecar [*] '/HTB/pwn_racecar/racecar' Arch: i386-32-little RELRO: Full RELRO Stack: Canary found NX: NX enabled PIE: PIE enabled 먼저 IDA로 디컴파일...

[Dreamhack] Overwrite _rtld_global Write up

Dec 30, 2024 · 5 min read · // Name: ow_rtld.c // Compile: gcc -o ow_rtld ow_rtld.c #include <stdio.h> #include <stdlib.h> void init() { setvbuf(stdin, 0, 2, 0); setvbuf(stdout, 0, 2, 0); } int main() { long addr; long data; int idx; init(); pri...

[Dreamhack] rop Write up

Dec 30, 2024 · 1 min read · 문제 분석 // Name: rop.c // Compile: gcc -o rop rop.c -fno-PIE -no-pie #include <stdio.h> #include <unistd.h> int main() { char buf[0x30]; setvbuf(stdin, 0, _IONBF, 0); setvbuf(stdout, 0, _IONBF, 0); // Leak canary puts("[1] Leak ...

[Dreamhack] basic_rop_x6(RTC) Write up

Dec 30, 2024 · 2 min read · 문제 분석 #include <stdio.h> #include <stdlib.h> #include <signal.h> #include <unistd.h> void alarm_handler() { puts("TIME OUT"); exit(-1); } void initialize() { setvbuf(stdin, NULL, _IONBF, 0); setvbuf(stdout, NULL, _IONBF, 0); si...