parksjin01/Bitsctf 2017 writeup.md

Last active June 14, 2017 12:56

Star () You must be signed in to star a gist
Fork () You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/parksjin01/2d20c2cd9819f9a7ba44bfeb5a35823e.js"></script>
Save parksjin01/2d20c2cd9819f9a7ba44bfeb5a35823e to your computer and use it in GitHub Desktop.

Download ZIP

Bitsctf 2017 writeup

Raw

Bitsctf 2017 writeup.md

pwn1

pwn1 is really basic problem about buffer overflow.
When we excute program, they just print buffer address to us to calculate address easier.
Buffer size is only 0x10 so I'll write shellcode after ret
This simple python script will help you to pwning it.

third

This problem is not hard too. Only difficulty is that I couldn't see library function name.
I make my own function table too make reversing more easily

0x7f8: srand
0x7f0: rand
0x7d8: printf
0x810: scarf
0x818: exit
0x808: fopen
0x7e8: read
0x7e0: fclose

But function name maybe different with real.
I made some c program that create same number with third program.
This simple python script will give you flag

mission-impropable

This file type is Intel hex type file. I heard about it at this time. I recommand you to read this blog if you are korean.
I tried to recover it to bin but I failed to do it correctly. So I use linux strings command to my imperfect program.
flag: BITCTF{B4d_bad_U5B}

Riskv and Reword

It was too hard to me to guess solution. I refer this blog

Sherlock

If you see that ebook carefully you can see some strange things. letter I isn't capital in that book and some letter is capital even if that's middle in word.
If you collect capital letter than you can get strings like ZEROONEZEROZERO... than change it to real number like 0100...
Now change it to ascii letter than we can get flag
flag: BITSCTF{h1d3_1n_pl41n_5173}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment