CTF-All-In-One/doc/8.4_writeup.md

# 8.4 习题答案


## 3.3.1 格式化字符串漏洞
#### **pwn** - UIUCTF 2017 - goodluck - 200


## 6.1 更多 Linux 工具
#### Strings - strings_crackme
```text
$ strings -e L strings_crackme
w0wgreat
```

#### **Pwn** - Strings - flag_pwnablekr
```text
$ ./flag_pwnablekr
I will malloc() and strcpy the flag there. take it.
$ strings flag_pwnablekr | grep UPX
UPX!
$Info: This file is packed with the UPX executable packer http://upx.sf.net $
$Id: UPX 3.08 Copyright (C) 1996-2011 the UPX Team. All Rights Reserved. $
UPX!
UPX!
$ upx -d flag_pwnablekr
                       Ultimate Packer for eXecutables
                          Copyright (C) 1996 - 2017
UPX 3.94        Markus Oberhumer, Laszlo Molnar & John Reiser   May 12th 2017
        File size         Ratio      Format      Name
   --------------------   ------   -----------   -----------
    883745 <-    335288   37.94%   linux/amd64   flag_pwnablekr
Unpacked 1 file.
$ strings flag_pwnablekr | grep -i upx
UPX...? sounds like a delivery service :)
```

#### xxd - xxd_crackme
```text
$ xxd -g1 xxd_crackme
......
00001020: 00 00 00 00 67 30 30 64 4a 30 42 21 00 00 00 00  ....g00dJ0B!....
......
```
```text
$ strings -d xxd_crackme
......
g00dJ0B!
......
```
add new chapter 7 exploit 2017-12-07 08:30:58 +07:00			`# 8.4 习题答案`
update 2017-07-17 21:02:41 +07:00

fix writeup 2017-09-12 14:38:29 +07:00			`## 3.3.1 格式化字符串漏洞`
			`#### pwn - UIUCTF 2017 - goodluck - 200`


fix 2017-08-16 14:45:24 +07:00			`## 6.1 更多 Linux 工具`
update 2017-07-17 21:02:41 +07:00			`#### Strings - strings_crackme`
			```text
fix writeup 2017-09-12 14:38:29 +07:00			`$ strings -e L strings_crackme`
update 2017-07-17 21:02:41 +07:00			`w0wgreat`
			```

fix writeup 2017-09-12 14:38:29 +07:00			`#### Pwn - Strings - flag_pwnablekr`
update 2017-07-17 21:02:41 +07:00			```text
fix writeup 2017-09-12 14:38:29 +07:00			`$ ./flag_pwnablekr`
update 2017-07-17 21:02:41 +07:00			`I will malloc() and strcpy the flag there. take it.`
fix writeup 2017-09-12 14:38:29 +07:00			`$ strings flag_pwnablekr \| grep UPX`
update 2017-07-17 21:02:41 +07:00			`UPX!`
			$Info: This file is packed with the UPX executable packer http://upx.sf.net $
			$Id: UPX 3.08 Copyright (C) 1996-2011 the UPX Team. All Rights Reserved. $
			`UPX!`
			`UPX!`
fix writeup 2017-09-12 14:38:29 +07:00			`$ upx -d flag_pwnablekr`
update 2017-07-17 21:02:41 +07:00			`Ultimate Packer for eXecutables`
			`Copyright (C) 1996 - 2017`
			`UPX 3.94 Markus Oberhumer, Laszlo Molnar & John Reiser May 12th 2017`
			`File size Ratio Format Name`
			`-------------------- ------ ----------- -----------`
			`883745 <- 335288 37.94% linux/amd64 flag_pwnablekr`
			`Unpacked 1 file.`
fix writeup 2017-09-12 14:38:29 +07:00			`$ strings flag_pwnablekr \| grep -i upx`
update 2017-07-17 21:02:41 +07:00			`UPX...? sounds like a delivery service :)`
			```

			`#### xxd - xxd_crackme`
			```text
fix writeup 2017-09-12 14:38:29 +07:00			`$ xxd -g1 xxd_crackme`
update 2017-07-17 21:02:41 +07:00			`......`
			`00001020: 00 00 00 00 67 30 30 64 4a 30 42 21 00 00 00 00 ....g00dJ0B!....`
			`......`
			```
			```text
fix writeup 2017-09-12 14:38:29 +07:00			`$ strings -d xxd_crackme`
update 2017-07-17 21:02:41 +07:00			`......`
			`g00dJ0B!`
			`......`
			```