Banker is a big statically linked executable:
root@ubuntu-test:~/defcon/banker# file banker
banker: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.24, stripped
root@ubuntu-test:~/defcon/banker# ls banker -lh
-rwxr-xr-x 1 root root 726K May 20 16:38 banker
root@ubuntu-test:~/defcon/banker# checksec banker
RELRO: No RELRO
Stack: No canary found
NX: NX enabled
PIE: No PIE
After the pain reversing the elf which contains 965 functions for about 8 hours(too slow)… I am clear what the server is doing and two vuls are found: Continue reading “DEFCON 2016 CTF Quals pwnable banker writeup”
This is the pwn challenge for the SSCTF final. It is a good example of hijacking the length field of a structure to achieve arbitrary read and write primitive. It also provides a playground to practice heap fengshui. Continue reading “SSCTF 2016 final pwn writeup”
这是我们第一次线下赛，也是一次被全面吊打的经历(ToT)/~~~。 Continue reading “ZCTF线下赛总结”
This is a write-up for the 0ctf 2016 quals “VM” reverse challenge worth 7 points.
The main process of solving this challenge contains 3 phase:
- Find the location of input check algorithm
- Reverse input transform algorithm
I wasted much life in the second phase. This function is flattend by a big switch structure and contains a lot of goto instruction. It’s hard to reverse such a function statically, So we use dynamic analysis and black box analysis. we make a few assumptions on the transform pattern. We can reverse the algorithm without understanding assembly or decompiled code.
Continue reading “0ctf 2016 writeup for VM challenge(reverse 7 pts)”
The program implements some matrix multiplication function, first we should input size of matrix, and than there matrix will be allocated on the stack and calculate multiplication of first two matrix into the third one.
Continue reading “[+]HITCON CTF 2015 Matrix X Matrix (Pwnable, 175 points)”