Blog category: Writeups

Tags

Cmd2 - Pwnable.kr

Posted on Jan. 17, 2016

Another challenge where we need to escape from a restricted situation. This time we have complete control on the argument passed the function system but, just to make sure we will not do anything harmful, the content of the environment is deleted and the content of the argument passed to ...


Memcpy - Pwnable.kr

Posted on June 29, 2016

This time we have to test the performance of two different implementations of the function memcpy. This is the code:

// compiled with : gcc -o memcpy memcpy.c -m32 -lm
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <signal.h>
#include <unistd.h>
#include <sys/mman.h>
#include <math ...


Ascii_easy - Pwnable.kr

Posted on July 19, 2016

As usual, we have a program: ascii_easy, which has the permissions to get the flag. After a fast reverse-engineering we can imagine that the source code from where it comes from should look more or less like this:

#define MEM 0x80000000

int is_ascii(char c){
    if (c <= 0x1f || c ...


IOLI - crackme0x09

Posted on July 19, 2016

This level adds nothing new to the previous nine crackmes of the IOLI - suite Let's have a look to the function main:

[0x08048420]> pdf @ main
/ (fcn) main 120
|           ; var int local_78h @ ebp-0x78
|           ; var int local_4h @ ebp-0x4
|           ; arg int arg_10h @ ebp+0x10
|           ; var int local_4h @ esp+0x4
|           ; DATA ...


Uaf - Pwnable.kr

Posted on Sept. 6, 2016

Let's have a look to the code of uaf.cpp:

#include <fcntl.h>
#include <iostream>
#include <cstring>
#include <cstdlib>
#include <unistd.h>
using namespace std;

class Human{
private:
    virtual void give_shell(){
        system("/bin/sh");
    }
protected:
    int age;
    string name;
public:
    virtual void introduce(){
        cout << "My name is ...