As the title indicates, this is a very small introduction to return oriented programing (ROP) and format strings for people that don't yet know what this techniques are and what they are used for.
This post is meant for people willing to understand what this 2 exploitation techniques are so experts will get bored only seeing the title :).
Boogy's binary lifestyle
0100001001101111011011110110011101111001011100110010000001100010011010010110111001100001011100100111100100100000011011000110100101100110011001010111001101110100011110010110110001100101
2015/05/22
2015/05/21
Defcon 2015 Quals - babycmd writeup
We are given the folowing information and a binary to download:
babycmd_3ad28b10e8ab283d7df81795075f600b.quals.shallweplayaga.me:15491 (Download)
$ file babycmd_3ad28b10e8ab283d7df81795075f600b babycmd_3ad28b10e8ab283d7df81795075f600b: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.24, stripped
$ checksec.sh --file babycmd_3ad28b10e8ab283d7df81795075f600b RELRO STACK CANARY NX PIE RPATH RUNPATH FILE No RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH babycmd_3ad28b10e8ab283d7df81795075f600b
Running the binary, it provides us with 3 functionalities:
ping
, host
, dig
2015/05/19
Defcon 2015 Quals - mathwhiz solution
Category: Baby's First
Points: 1
The information given to us:
The information given to us:
mathwhiz_c951d46fed68687ad93a84e702800b7a.quals.shallweplayaga.me:21249After connecting to it we can see it's giving us mathematical operations and he's waiting for the result. The solution is pretty easy. Get the data and pass it to python eval and return the result to the server.
Defcon 2015 Quals - Babyecho Writeup
This write-up is made by boogy of the on_est_pas_contents ctf team
This was an cool challenge which was worth 1 point. But nevertheless we enjoyed solving it. The binary is 32bit and striped:2015/01/18
Ghost in the Shellcode 2015: Cloudfs writeup
Category: Forensics Points: 200
The file we were given if a pcapng file. To be able to read'it with scapy we need to convert it to pcap. The easiest way is to use tcpdump as so:
tcpdump -r cloudfs-31c938df3531611b82fddf0685784a2b67373305ec689015f193a555b756beb2 -w cloudfs.pcap
Use scapy to extract all icmp packets:
Subscribe to:
Posts (Atom)