상세 컨텐츠

본문 제목

정이원 | 단기 프로젝트 pwnable.kr 풀이

Research/PWN

by 알 수 없는 사용자 2020. 5. 19. 01:20

본문

프로젝트 결산물 (단기) - 정이원님 

정이원님이 이번에, 단기 프로젝트로 진행하신 pwnable.kr 풀이(fd, collison, flag, cmd1, cmd2) 라이트업을 블로그에 업로드하셨습니다.

 

라이트업을 영어로 작성하시고, 상세한 풀이를 적어두셔서, pwnable.kr 을 풀이하시는 분들이나, 다른 풀이를 보고 싶은 분들에게 많은 도움이 될 것 같습니다 :)

 

https://pywc.github.io/pwnable-kr-fd/index.html

 

pwnable.kr - fd (file descriptor)

Mommy! what is a file descriptor in Linux? ssh fd@pwnable.kr -p2222 (pw:guest) The flag can only be viewed by root or fd_pwn. Since there's a setgid of fd_pwn on fd, we could utilize it. #include #include #include

pywc.github.io

https://pywc.github.io/pwnable-kr-collision/index.html

 

pwnable.kr - collision

Daddy told me about cool MD5 hash collision today. I wanna do something like that too! ssh col@pwnable.kr -p2222 (pw:guest) Setgid of col_pwn on col, so we utilize it. #include #include unsigned long hashcode = 0x21DD09EC; unsigned lon

pywc.github.io

https://pywc.github.io/pwnable-kr-flag/index.html

 

pwnable.kr - flag

Papa brought me a packed present! let's open it. Download : http://pwnable.kr/bin/flag This is reversing task. all you need is binary Well I have IDA pro, so open the binary with it and we encounter it’s a linux ELF binary. But somehow, the analysis fail

pywc.github.io

https://pywc.github.io/pwnable-kr-cmd1/index.html

 

pwnable.kr - cmd1

Mommy! what is PATH environment in Linux? ssh cmd1@pwnable.kr -p2222 (pw:guest) setgid of cmd1_pwn is on cmd1, so we utilize it. #include #include int filter(char* cmd){ int r=0; r += strstr(cmd, "flag")!=0; r += strstr(cmd,

pywc.github.io

https://pywc.github.io/pwnable-kr-cmd2/index.html

 

pwnable.kr - cmd2

Daddy bought me a system command shell. but he put some filters to prevent me from playing with it without his permission... but I wanna play anytime I want! ssh cmd2@pwnable.kr -p2222 (pw:flag of cmd1) setgid of cmd2_pwn is on cmd2, so we utilize it. #inc

pywc.github.io

 

'Research > PWN' 카테고리의 다른 글

박세훈 | 프로젝트 해커스쿨 LOB 풀이  (0) 2020.05.19

관련글 더보기