[Hack.lu CTF 2012] #12 Donn Beach - 500
hhc0null hhc0null
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| int filter(int size, char *shellcode) | |
| { | |
| int b1; // -0x10(%ebp) | |
| int b2; // -0x14(%ebp) | |
| int x; // -0xc(%ebp) | |
| int y; // -0x8(%ebp) | |
| int i; // -0x4(%ebp) | |
| for(int i = 0; i < size; i+=2) { | |
| b1 = (unsigned int)shellcode[i]; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python2 | |
| # too sleepy.....it's kimoi. | |
| # N = p*q | |
| # C = M*(M+B) mod N | |
| import binascii | |
| import itertools | |
| import string |
hhc0null
/ old_bata_collections.md
Last active
September 8, 2020 13:22
bata's CTF problem collections
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| int table[255] = {0}; | |
| int mark = 0xdeadbeef; | |
| int index = 0; | |
| void generate_table() | |
| { | |
| for(index; index < 0xff; index++) { | |
| if(table[index] == 0) { | |
| table[index] = mark; | |
| } else if((index+1)&2) { |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| " vim: set fdm=marker commentstring=: | |
| " neobundle {{{ | |
| set nocompatible | |
| filetype off | |
| if has('vim_starting') | |
| set runtimepath+=~/.vim/bundle/neobundle.vim | |
| call neobundle#begin(expand('~/.vim/bundle/')) | |
| endif |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python2 | |
| from pwning import * | |
| import sys | |
| if len(sys.argv) != 2: | |
| print "Usage: {} [align]".format(sys.argv[0]) | |
| rhp = ("pwnable.katsudon.org", 32100) | |
| #rhp = ("localhost", 32100) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| i. identify the version | |
| ii. pwn it! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| int sub_8049110() | |
| { | |
| 8049110: 5d pop %ebp // return address: 0x8048f06 | |
| 8049111: 8b 45 00 mov 0x0(%ebp),%eax // eax = 0xfffffff | |
| 8049114: 83 e0 03 and $0x3,%eax | |
| *ebp &= 3; | |
| 8049117: 83 f8 03 cmp $0x3,%eax | |
| 804911a: 75 42 jne 804915e <exit@plt+0xb8e> | |
| if(*ebp == 3) { | |
| 804911c: 6a 00 push $0x0 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* I might me making some mistakes... */ | |
| #define NONUSE 0xfffffffe | |
| #define INUSE 1 | |
| typedef struct _chunk { | |
| int size; | |
| chunk_t *next; | |
| chunk_t *back; | |
| } chunk_t; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // .data section | |
| char data_602800[] = "192.168.000.100"; | |
| char data_602810[] = "192.168.000.200"; | |
| char data_602820[] = "255.255.255.000"; | |
| char data_602830[] = "8.8.8.8"; | |
| // .bss section | |
| char bss_602880[128]; // buffer | |
| bool bss_602900; // flag: is_not_authenticated | |
| int bss_602904; // sockfd |