Blog search: #Pwnable.kr

Cmd2 - Pwnable.kr

Posted on Jan. 17, 2016

Writeups Pwnable.kr; Bash; Escape restricted env;

Another challenge where we need to escape from a restricted situation. This time we have complete control on the argument passed the function system but, just to make sure we will not do anything harmful, the content of the environment is deleted and the content of the argument passed to ...

Memcpy - Pwnable.kr

Posted on June 29, 2016

Writeups Pwnable.kr;

This time we have to test the performance of two different implementations of the function memcpy. This is the code:

// compiled with : gcc -o memcpy memcpy.c -m32 -lm
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <signal.h>
#include <unistd.h>
#include <sys/mman.h>
#include <math ...

Ascii_easy - Pwnable.kr

Posted on July 19, 2016

Writeups Pwnable.kr; Ret2libc; Buffer overflow; ASLR; Ascii armor;

As usual, we have a program: ascii_easy, which has the permissions to get the flag. After a fast reverse-engineering we can imagine that the source code from where it comes from should look more or less like this:

#define MEM 0x80000000

int is_ascii(char c){
    if (c <= 0x1f || c ...

Uaf - Pwnable.kr

Posted on Sept. 6, 2016

Writeups Pwnable.kr; UAF;

Let's have a look to the code of uaf.cpp:

#include <fcntl.h>
#include <iostream>
#include <cstring>
#include <cstdlib>
#include <unistd.h>
using namespace std;

class Human{
private:
    virtual void give_shell(){
        system("/bin/sh");
    }
protected:
    int age;
    string name;
public:
    virtual void introduce(){
        cout << "My name is ...

Fsb - Pwnable.kr

Posted on Sept. 6, 2016

Writeups Pwnable.kr; Format string;

The format string bug is one of the oldest bugs/vulnerabilities related to the standard lib. It involves a wrong use of an user-controlled string which is passed to a function that makes use of format strings (usually printf) and hence allows to easily read/write data.

Here is a ...