CTF-All-In-One/doc/7.4_writeup.md

58 lines
1.4 KiB
Markdown
Raw Normal View History

2017-11-05 16:21:02 +07:00
# 7.4 习题答案
2017-07-17 21:02:41 +07:00
2017-09-12 14:38:29 +07:00
## 3.3.1 格式化字符串漏洞
#### **pwn** - UIUCTF 2017 - goodluck - 200
2017-08-16 20:49:30 +07:00
## 5.2 Pin 动态二进制插桩
2017-09-12 14:38:29 +07:00
#### **RE** - picoCTF 2014 - Baleful
2017-07-17 21:02:41 +07:00
2017-09-12 14:38:29 +07:00
#### **RE** - Hack You 2014 - reverse - 400
2017-07-17 21:02:41 +07:00
2017-09-12 14:38:29 +07:00
#### **RE** - th3jackers CTF 2015 - rev100 - 100
2017-07-17 21:02:41 +07:00
2017-08-16 14:45:24 +07:00
## 6.1 更多 Linux 工具
2017-07-17 21:02:41 +07:00
#### Strings - strings_crackme
```text
2017-09-12 14:38:29 +07:00
$ strings -e L strings_crackme
2017-07-17 21:02:41 +07:00
w0wgreat
```
2017-09-12 14:38:29 +07:00
#### **Pwn** - Strings - flag_pwnablekr
2017-07-17 21:02:41 +07:00
```text
2017-09-12 14:38:29 +07:00
$ ./flag_pwnablekr
2017-07-17 21:02:41 +07:00
I will malloc() and strcpy the flag there. take it.
2017-09-12 14:38:29 +07:00
$ strings flag_pwnablekr | grep UPX
2017-07-17 21:02:41 +07:00
UPX!
$Info: This file is packed with the UPX executable packer http://upx.sf.net $
$Id: UPX 3.08 Copyright (C) 1996-2011 the UPX Team. All Rights Reserved. $
UPX!
UPX!
2017-09-12 14:38:29 +07:00
$ upx -d flag_pwnablekr
2017-07-17 21:02:41 +07:00
Ultimate Packer for eXecutables
Copyright (C) 1996 - 2017
UPX 3.94 Markus Oberhumer, Laszlo Molnar & John Reiser May 12th 2017
File size Ratio Format Name
-------------------- ------ ----------- -----------
883745 <- 335288 37.94% linux/amd64 flag_pwnablekr
Unpacked 1 file.
2017-09-12 14:38:29 +07:00
$ strings flag_pwnablekr | grep -i upx
2017-07-17 21:02:41 +07:00
UPX...? sounds like a delivery service :)
```
#### xxd - xxd_crackme
```text
2017-09-12 14:38:29 +07:00
$ xxd -g1 xxd_crackme
2017-07-17 21:02:41 +07:00
......
00001020: 00 00 00 00 67 30 30 64 4a 30 42 21 00 00 00 00 ....g00dJ0B!....
......
```
```text
2017-09-12 14:38:29 +07:00
$ strings -d xxd_crackme
2017-07-17 21:02:41 +07:00
......
g00dJ0B!
......
```