독학두비니

War Games/pwnable.kr

[pwnable.kr] horcruxes(7 pts) :: Write-Up

Voldemort concealed his splitted soul inside 7 horcruxes. Find all horcruxes, and ROP it! author: jiwon choi ssh horcruxes@pwnable.kr -p2222(pw: guest) 와 toddler's bottle 마지막 문제네요. 대놓고 ROP라고 주어져있네요. 봅시다 일단 readme를 보니 9032로 들어가서 익스하라고하네요. 아무튼 그렇고, 아이다로 열어봅시다. main함수입니다. 음 저기있는 함수들을 확인해 보았을 때, init_ABCDEFG()는 랜덤값을 할당해주는 함수였고, seccomp_* 함수들이 있는데, 이는 찾아보니 프로그램을 보호하기 위해 샌드박스 안에서 실행이 될 수 있도록 하는 함수라고 하..

War Games/pwnable.kr

[pwnable.kr] unlink(10 pts) :: Write-Up

Daddy! how can I exploit unlink corruption? ssh unlink@pwnable.kr -p2222 (pw: guest) 음 저는 이문제를 unsafe unlink라고 생각했는데, 뭔가 느낌이 다르더라구요? 제가 요점을 못찾은거일수도 있지만, 일단 봅시다. unlink@pwnable:~$ ls -l total 20 -r--r----- 1 root unlink_pwn 49 Nov 23 2016 flag -rw-r----- 1 root unlink_pwn 543 Nov 28 2016 intended_solution.txt -r-xr-sr-x 1 root unlink_pwn 7540 Nov 23 2016 unlink -rw-r--r-- 1 root root 749 Nov 23 2..

War Games/Bandit - OverTheWire

[Bandit-OverTheWire] Level 25 -> Level 26

Bandit Level 25 → Level 26 Level Goal Logging in to bandit26 from bandit25 should be fairly easy… The shell for user bandit26 is not /bin/bash, but something else. Find out what it is, how it works and how to break out of it. Commands you may need to solve this level ssh, cat, more, vi, ls, id, pwd 접속 접속 : ssh bandit25@bandit.labs.overthewire.org -p2220 pw : uNG9O58gUE7snukf3bvZ0rxhtnjzSGzG band..

War Games/Bandit - OverTheWire

[Bandit-OverTheWire] Level 24 -> Level 25

Bandit Level 24 → Level 25 Level Goal A daemon is listening on port 30002 and will give you the password for bandit25 if given the password for bandit24 and a secret numeric 4-digit pincode. There is no way to retrieve the pincode except by going through all of the 10000 combinations, called brute-forcing. 접속 접속 : ssh bandit24@bandit.labs.overthewire.org -p2220 pw : UoMYTrfrBFHyQXmg6gzctqAwOmw1I..

War Games/Bandit - OverTheWire

[Bandit-OverTheWire] Level 23 -> Level 24

Bandit Level 23 → Level 24 Level Goal A program is running automatically at regular intervals from cron, the time-based job scheduler. Look in /etc/cron.d/ for the configuration and see what command is being executed. NOTE: This level requires you to create your own first shell-script. This is a very big step and you should be proud of yourself when you beat this level! NOTE 2: Keep in mind that..

War Games/Bandit - OverTheWire

[Bandit-OverTheWire] Level 22 -> Level 23

Bandit Level 22 → Level 23 Level Goal A program is running automatically at regular intervals from cron, the time-based job scheduler. Look in /etc/cron.d/ for the configuration and see what command is being executed. NOTE: Looking at shell scripts written by other people is a very useful skill. The script for this level is intentionally made easy to read. If you are having problems understandin..

War Games/Bandit - OverTheWire

[Bandit-OverTheWire] Level 21 -> Level 22

Bandit Level 21 → Level 22 Level Goal A program is running automatically at regular intervals from cron, the time-based job scheduler. Look in /etc/cron.d/ for the configuration and see what command is being executed. Commands you may need to solve this level cron, crontab, crontab(5) (use “man 5 crontab” to access this) 접속 접속 : ssh bandit21@bandit.labs.overthewire.org -p2220 pw : gE269g2h3mw3pw..

War Games/Bandit - OverTheWire

[Bandit-OverTheWire] Level 20 -> Level 21

Bandit Level 20 → Level 21 Level Goal There is a setuid binary in the homedirectory that does the following: it makes a connection to localhost on the port you specify as a commandline argument. It then reads a line of text from the connection and compares it to the password in the previous level (bandit20). If the password is correct, it will transmit the password for the next level (bandit21)...

War Games/Bandit - OverTheWire

[Bandit-OverTheWire] Level 19 -> Level 20

Bandit Level 19 → Level 20 Level Goal To gain access to the next level, you should use the setuid binary in the homedirectory. Execute it without arguments to find out how to use it. The password for this level can be found in the usual place (/etc/bandit_pass), after you have used the setuid binary. Helpful Reading Material setuid on Wikipedia 접속 접속 : ssh bandit19@bandit.labs.overthewire.org -p..

War Games/Bandit - OverTheWire

[Bandit-OverTheWire] Level 18 -> Level 19

Bandit Level 18 → Level 19 Level Goal The password for the next level is stored in a file readme in the homedirectory. Unfortunately, someone has modified .bashrc to log you out when you log in with SSH. Commands you may need to solve this level ssh, ls, cat 접속 접속 : ssh bandit18@bandit.labs.overthewire.org -p2220 pw : kfBf3eYk5BPBRzwjqutbbfE887SVc5Yd readme라는 파일을 읽으면 비밀번호를 알아낼 수 있습니다. 그러나 .bashr..

War Games/Bandit - OverTheWire

[Bandit-OverTheWire] Level 17 -> Level 18

Bandit Level 17 → Level 18 Level Goal There are 2 files in the homedirectory: passwords.old and passwords.new. The password for the next level is in passwords.new and is the only line that has been changed between passwords.old and passwords.new NOTE: if you have solved this level and see ‘Byebye!’ when trying to log into bandit18, this is related to the next level, bandit19 Commands you may nee..

War Games/Bandit - OverTheWire

[Bandit-OverTheWire] Level 16 -> Level 17

Bandit Level 16 → Level 17 Level Goal The credentials for the next level can be retrieved by submitting the password of the current level to a port on localhost in the range 31000 to 32000. First find out which of these ports have a server listening on them. Then find out which of those speak SSL and which don’t. There is only 1 server that will give the next credentials, the others will simply ..