Blog

Tags

Uaf - Pwnable.kr

Posted on Sept. 6, 2016

Let's have a look to the code of uaf.cpp:

#include <fcntl.h>
#include <iostream>
#include <cstring>
#include <cstdlib>
#include <unistd.h>
using namespace std;

class Human{
private:
    virtual void give_shell(){
        system("/bin/sh");
    }
protected:
    int age;
    string name;
public:
    virtual void introduce(){
        cout << "My name is ...


Fsb - Pwnable.kr

Posted on Sept. 6, 2016

The format string bug is one of the oldest bugs/vulnerabilities related to the standard lib. It involves a wrong use of an user-controlled string which is passed to a function that makes use of format strings (usually printf) and hence allows to easily read/write data.

Here is a ...


Ascii_easy - Pwnable.kr

Posted on July 19, 2016

As usual, we have a program: ascii_easy, which has the permissions to get the flag. After a fast reverse-engineering we can imagine that the source code from where it comes from should look more or less like this:

#define MEM 0x80000000

int is_ascii(char c){
    if (c <= 0x1f || c ...


IOLI - crackme0x09

Posted on July 19, 2016

This level adds nothing new to the previous nine crackmes of the IOLI - suite Let's have a look to the function main:

[0x08048420]> pdf @ main
/ (fcn) main 120
|           ; var int local_78h @ ebp-0x78
|           ; var int local_4h @ ebp-0x4
|           ; arg int arg_10h @ ebp+0x10
|           ; var int local_4h @ esp+0x4
|           ; DATA ...


Memcpy - Pwnable.kr

Posted on June 29, 2016

This time we have to test the performance of two different implementations of the function memcpy. This is the code:

// compiled with : gcc -o memcpy memcpy.c -m32 -lm
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <signal.h>
#include <unistd.h>
#include <sys/mman.h>
#include <math ...