![[pwnable.kr] mistake(1 pts) :: Write-Up 포스팅 썸네일 이미지](https://img1.daumcdn.net/thumb/R750x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FR8U8l%2FbtqFrVeEIyz%2FyjinEHQkXGr25c0oMvIe21%2Fimg.png)
War Games/pwnable.kr
[pwnable.kr] mistake(1 pts) :: Write-Up
We all make mistakes, let's move on. (don't take this too seriously, no fancy hacking skill is required at all) This task is based on real event Thanks to dhmonkey hint : operator priority ssh mistake@pwnable.kr -p2222 (pw: guest) mistake@ubuntu:~$ cat mistake.c #include #include #define PW_LEN 10 #define XORKEY 1 void xor(char* s, int len){ int i; for(i=0; i 0)){ printf("read error\n"); close(f..
![[pwnable.kr] leg(2 pts) :: Write-Up 포스팅 썸네일 이미지](https://img1.daumcdn.net/thumb/R750x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2Fk5wll%2FbtqCinRStPF%2Ffd6PnyCqjayKtER4Cy8JO0%2Fimg.png)
War Games/pwnable.kr
[pwnable.kr] leg(2 pts) :: Write-Up
Daddy told me I should study arm. But I prefer to study my leg! Download : http://pwnable.kr/bin/leg.c Download : http://pwnable.kr/bin/leg.asm ssh leg@pwnable.kr -p2222 (pw:guest) 우선 c코드를 봅시다. #include #include int key1(){ asm("mov r3, pc\n"); } int key2(){ asm( "push{r6}\n" "addr6, pc, $1\n" "bxr6\n" ".code 16\n" "movr3, pc\n" "addr3, $0x4\n" "push{r3}\n" "pop{pc}\n" ".code32\n" "pop{r6}\n" );..
![[pwnable.kr] input(4 pts) :: Write-Up 포스팅 썸네일 이미지](https://img1.daumcdn.net/thumb/R750x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FbScOHM%2FbtqChFkydaB%2F7dNE9C61sraKK28J31iPK0%2Fimg.png)
War Games/pwnable.kr
[pwnable.kr] input(4 pts) :: Write-Up
Mom? how can I pass my input to a computer program? ssh input2@pwnable.kr -p2222 (pw:guest) input2@pwnable:~$ cat input.c #include #include #include #include #include int main(int argc, char* argv[], char* envp[]){ printf("Welcome to pwnable.kr\n"); printf("Let's see if you know how to give input to program\n"); printf("Just give me correct inputs then you will get the flag :)\n"); // argv if(ar..
![[pwnable.kr] random(1 pt) :: Write-Up 포스팅 썸네일 이미지](https://img1.daumcdn.net/thumb/R750x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FvXa8F%2FbtqCgReuzKz%2F1kDT7KAdJ4zWdkKtNKQT41%2Fimg.png)
War Games/pwnable.kr
[pwnable.kr] random(1 pt) :: Write-Up
Daddy, teach me how to use random value in programming! ssh random@pwnable.kr -p2222 (pw:guest) 사실 이건 제목을 보자마자 알아버렸습니다,, 일단 random함수에 대한 기본적인 개형을 봅시다. http://bitly.kr/lZJ4aJ3T 위 링크를 봐도 되고, 정리를 하자면 보통 이런 식으로 사용이 됩니다 #include #include #include int main(){ srand(time(NULL)); printf("%d", rand()); return 0; } 그냥 정말정말 간단한 코드를 짜보았는데, 여기서 중요한 것은 srand(time(NULL))이라는 부분입니다. 일단 기존의 rand()함수는 난수가 생성되긴 하지만..
![[pwnable.kr] passcode(10 pts) :: Write-Up 포스팅 썸네일 이미지](https://img1.daumcdn.net/thumb/R750x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FDw3JK%2FbtqBAD2oNS3%2FMnQzQeM3HT15PMQscrNhJ0%2Fimg.png)
War Games/pwnable.kr
[pwnable.kr] passcode(10 pts) :: Write-Up
Mommy told me to make a passcode based login system. My initial C code was compiled without any error! Well, there was some compiler warning, but who cares about that? ssh passcode@pwnable.kr -p2222 (pw:guest) passcode입니다. 우선 컴파일러 경고가 있었지만, 뭐 문제가 있겠냐고 하네요. 코드를 봅시다. 권한을 얻어 flag를 열어야겠네요. passcode@pwnable:~$ cat passcode.c #include #include void login(){ int passcode1; int passcode2; printf("enter ..
![[pwnable.kr] flag (7 pts) :: Write-Up 포스팅 썸네일 이미지](https://img1.daumcdn.net/thumb/R750x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FciD2Xr%2FbtqzE2ivdoz%2FKnFiJ3ULYESpqhUn4h7A0k%2Fimg.png)
War Games/pwnable.kr
[pwnable.kr] flag (7 pts) :: Write-Up
Papa brought me a packed present! let's open it. Download : http://pwnable.kr/bin/flag This is reversing task. all you need is binary 리버싱 문제라고 하네요. 일단 파일을 받아서 까봅시다. malloc한후 그곳에 flag를 넣어놓는다고 하네요. gdb로는 얻어지는게 없으니 아이다로 봅시다. 근데 아이다로 열어보니까 수상합니다. 함수도 얻어지는게 없고, 어셈블리어 코드를 봐도 이상한게 너무 많네요. 이 문제를 풀면서 공부한 것이 꽤 있는데, 일단 reversing문제로 접근할 때는, 어떤 언어로 작성되어있는지, packing이 되어있는지 여부를 보는 것이 중요하다는 것을 알게되었습니다. 따라서 언어 확..
![[pwnable.kr] bof(5 pts) :: Write-Up 포스팅 썸네일 이미지](https://img1.daumcdn.net/thumb/R750x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2F3QJUa%2FbtqzECqNgCG%2FR2ixXy31JDQYlmyYopkemk%2Fimg.png)
War Games/pwnable.kr
[pwnable.kr] bof(5 pts) :: Write-Up
Nana told me that buffer overflow is one of the most common software vulnerability. Is that true? Download : http://pwnable.kr/bin/bof Download : http://pwnable.kr/bin/bof.c Running at : nc pwnable.kr 9000 우선 코드를 봅시다. #include #include #include void func(int key){ char overflowme[32]; printf("overflow me : "); gets(overflowme);// smash me! if(key == 0xcafebabe){ system("/bin/sh"); } else{ printf..
![[pwnable.kr] collision(3 pts) :: Write-Up 포스팅 썸네일 이미지](https://img1.daumcdn.net/thumb/R750x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2Fcz1Jdo%2FbtqzC34ahkC%2FxB5Zt7cKlpKMaYXxLzPFvk%2Fimg.png)
War Games/pwnable.kr
[pwnable.kr] collision(3 pts) :: Write-Up
Daddy told me about cool MD5 hash collision today. I wanna do something like that too! ssh col@pwnable.kr -p2222 (pw:guest) col@prowl:~$ ls col col.c flag col@prowl:~$ nl col.c 1#include 2#include 3unsigned long hashcode = 0x21DD09EC; 4unsigned long check_password(const char* p){ 5int* ip = (int*)p; 6int i; 7int res=0; 8for(i=0; i
![[pwnable.kr] fd(1 pt) :: Write-Up 포스팅 썸네일 이미지](https://img1.daumcdn.net/thumb/R750x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FcxjFbx%2FbtqzCNN00Dt%2FZ2kj78c0kUMBSLhuOgKDM0%2Fimg.png)
War Games/pwnable.kr
[pwnable.kr] fd(1 pt) :: Write-Up
Mommy! what is a file descriptor in Linux? - try to play the wargame your self but if you are ABSOLUTE beginner, follow this tutorial link: https://youtu.be/971eZhMHQQw ssh fd@pwnable.kr -p2222 (pw:guest) fd@prowl:~$ ls fd fd.c flag fd@prowl:~$ cat flag cat: flag: Permission denied fd, fd.c, flag파일이 있네요. 보아하니 flag파일이 있는데 당연히도 권한이 없구요. 그래서 fd.c파일을 열어보았습니다. fd@prowl:~$ nl fd.c 1 #include 2 #includ..
독학두비니
절.대.독.학.해
📚 평소 공부한 걸 올리는 공간입니다. 💻 보안에 관심있는 대학생입니다! 🎨 Photoshop for fun. 🎭 틀린 내용이 있다면 댓글 부탁드릴게요~
