고정 헤더 영역
상세 컨텐츠
본문
프로젝트 결산물 (단기) - 정이원님
정이원님이 이번에, 단기 프로젝트로 진행하신 pwnable.kr 풀이(fd, collison, flag, cmd1, cmd2) 라이트업을 블로그에 업로드하셨습니다.
라이트업을 영어로 작성하시고, 상세한 풀이를 적어두셔서, pwnable.kr 을 풀이하시는 분들이나, 다른 풀이를 보고 싶은 분들에게 많은 도움이 될 것 같습니다 :)
https://pywc.github.io/pwnable-kr-fd/index.html
pwnable.kr - fd (file descriptor)
Mommy! what is a file descriptor in Linux? ssh fd@pwnable.kr -p2222 (pw:guest) The flag can only be viewed by root or fd_pwn. Since there's a setgid of fd_pwn on fd, we could utilize it. #include #include #include
pywc.github.io
https://pywc.github.io/pwnable-kr-collision/index.html
pwnable.kr - collision
Daddy told me about cool MD5 hash collision today. I wanna do something like that too! ssh col@pwnable.kr -p2222 (pw:guest) Setgid of col_pwn on col, so we utilize it. #include #include unsigned long hashcode = 0x21DD09EC; unsigned lon
pywc.github.io
https://pywc.github.io/pwnable-kr-flag/index.html
pwnable.kr - flag
Papa brought me a packed present! let's open it. Download : http://pwnable.kr/bin/flag This is reversing task. all you need is binary Well I have IDA pro, so open the binary with it and we encounter it’s a linux ELF binary. But somehow, the analysis fail
pywc.github.io
https://pywc.github.io/pwnable-kr-cmd1/index.html
pwnable.kr - cmd1
Mommy! what is PATH environment in Linux? ssh cmd1@pwnable.kr -p2222 (pw:guest) setgid of cmd1_pwn is on cmd1, so we utilize it. #include #include int filter(char* cmd){ int r=0; r += strstr(cmd, "flag")!=0; r += strstr(cmd,
pywc.github.io
https://pywc.github.io/pwnable-kr-cmd2/index.html
pwnable.kr - cmd2
Daddy bought me a system command shell. but he put some filters to prevent me from playing with it without his permission... but I wanna play anytime I want! ssh cmd2@pwnable.kr -p2222 (pw:flag of cmd1) setgid of cmd2_pwn is on cmd2, so we utilize it. #inc
pywc.github.io
'Research > PWN' 카테고리의 다른 글
| 박세훈 | 프로젝트 해커스쿨 LOB 풀이 (0) | 2020.05.19 |
|---|
