diff --git a/SUMMARY.md b/SUMMARY.md index f3f692d..d2034d2 100644 --- a/SUMMARY.md +++ b/SUMMARY.md @@ -137,6 +137,7 @@ GitHub 地址:https://github.com/firmianay/CTF-All-In-One * [6.1.13 pwn 34C3CTF2017 readme_revenge](doc/6.1.13_pwn_34c3ctf2017_readme_revenge.md) * [6.1.14 pwn 32C3CTF2015 readme](doc/6.1.14_pwn_32c3ctf2015_readme.md) * [6.1.15 pwn 34C3CTF2017 SimpleGC](doc/6.1.15_pwn_34c3ctf2017_simplegc.md) + * [6.1.16 pwn HITBGSECCTF2017 1000levels](doc/6.1.16_pwn_hitbgsecctf2017_1000levels.md) * re * [6.2.1 re XHPCTF2017 dont_panic](doc/6.2.1_re_xhpctf2017_dont_panic.md) * [6.2.2 re ECTF2016 tayy](doc/6.2.2_re_ectf2016_tayy.md) diff --git a/doc/6.1.16_pwn_hitbgsecctf2017_1000levels.md b/doc/6.1.16_pwn_hitbgsecctf2017_1000levels.md new file mode 100644 index 0000000..15475ba --- /dev/null +++ b/doc/6.1.16_pwn_hitbgsecctf2017_1000levels.md @@ -0,0 +1,28 @@ +# 6.1.16 pwn HITBGSECCTF2017 1000levels + +- [题目复现](#题目复现) +- [题目解析](#题目解析) +- [Exploit](#exploit) +- [参考资料](#参考资料) + + +[下载文件](../src/writeup/6.1.16_pwn_hitbgsecctf2017_1000levels) + +## 题目复现 +``` +$ file 1000levels +1000levels: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=d0381dfa29216ed7d765936155bbaa3f9501283a, not stripped +$ checksec -f 1000levels +RELRO STACK CANARY NX PIE RPATH RUNPATH FORTIFY Fortified Fortifiable FILE +Partial RELRO No canary found NX enabled PIE enabled No RPATH No RUNPATH No 0 6 1000levels +$ strings libc.so.6 | grep -i ubuntu +GNU C Library (Ubuntu GLIBC 2.23-0ubuntu9) stable release version 2.23, by Roland McGrath et al. +``` + + +## 题目解析 + +## Exploit + +## 参考资料 +- https://ctftime.org/task/4539 diff --git a/doc/6_writeup.md b/doc/6_writeup.md index 59134b0..0d755bf 100644 --- a/doc/6_writeup.md +++ b/doc/6_writeup.md @@ -16,6 +16,7 @@ - [6.1.13 pwn 34C3CTF2017 readme_revenge](6.1.13_pwn_34c3ctf2017_readme_revenge.md) - [6.1.14 pwn 32C3CTF2015 readme](6.1.14_pwn_32c3ctf2015_readme.md) - [6.1.15 pwn 34C3CTF2017 SimpleGC](6.1.15_pwn_34c3ctf2017_simplegc.md) + - [6.1.16 pwn HITBGSECCTF2017 1000levels](6.1.16_pwn_hitbgsecctf2017_1000levels.md) - re - [6.2.1 re XHPCTF2017 dont_panic](6.2.1_re_xhpctf2017_dont_panic.md) - [6.2.2 re ECTF2016 tayy](6.2.2_re_ectf2016_tayy.md) diff --git a/src/writeup/6.1.16_pwn_hitbgsecctf2017_1000levels/1000levels b/src/writeup/6.1.16_pwn_hitbgsecctf2017_1000levels/1000levels new file mode 100755 index 0000000..69653b6 Binary files /dev/null and b/src/writeup/6.1.16_pwn_hitbgsecctf2017_1000levels/1000levels differ diff --git a/src/writeup/6.1.16_pwn_hitbgsecctf2017_1000levels/libc.so.6 b/src/writeup/6.1.16_pwn_hitbgsecctf2017_1000levels/libc.so.6 new file mode 100755 index 0000000..0101d5c Binary files /dev/null and b/src/writeup/6.1.16_pwn_hitbgsecctf2017_1000levels/libc.so.6 differ