diff --git a/SUMMARY.md b/SUMMARY.md index 9ea869b..0c99c3f 100644 --- a/SUMMARY.md +++ b/SUMMARY.md @@ -138,8 +138,9 @@ GitHub 地址:https://github.com/firmianay/CTF-All-In-One * [6.1.13 pwn 34C3CTF2017 readme_revenge](doc/6.1.13_pwn_34c3ctf2017_readme_revenge.md) * [6.1.14 pwn 32C3CTF2015 readme](doc/6.1.14_pwn_32c3ctf2015_readme.md) * [6.1.15 pwn 34C3CTF2017 SimpleGC](doc/6.1.15_pwn_34c3ctf2017_simplegc.md) - * [6.1.16 pwn HITBGSECCTF2017 1000levels](doc/6.1.16_pwn_hitbgsecctf2017_1000levels.md) + * [6.1.16 pwn HITBCTF2017 1000levels](doc/6.1.16_pwn_hitbctf2017_1000levels.md) * [6.1.17 pwn SECCONCTF2016 jmper](doc/6.1.17_pwn_secconctf2016_jmper.md) + * [6.1.18 pwn HITBCTF2017 Sentosa](doc/6.1.18_pwn_hitbctf2017_sentosa.md) * re * [6.2.1 re XHPCTF2017 dont_panic](doc/6.2.1_re_xhpctf2017_dont_panic.md) * [6.2.2 re ECTF2016 tayy](doc/6.2.2_re_ectf2016_tayy.md) diff --git a/doc/6.1.16_pwn_hitbgsecctf2017_1000levels.md b/doc/6.1.16_pwn_hitbctf2017_1000levels.md similarity index 99% rename from doc/6.1.16_pwn_hitbgsecctf2017_1000levels.md rename to doc/6.1.16_pwn_hitbctf2017_1000levels.md index 6331bcd..c9d712f 100644 --- a/doc/6.1.16_pwn_hitbgsecctf2017_1000levels.md +++ b/doc/6.1.16_pwn_hitbctf2017_1000levels.md @@ -1,4 +1,4 @@ -# 6.1.16 pwn HITBGSECCTF2017 1000levels +# 6.1.16 pwn HITBCTF2017 1000levels - [题目复现](#题目复现) - [题目解析](#题目解析) @@ -6,7 +6,7 @@ - [参考资料](#参考资料) -[下载文件](../src/writeup/6.1.16_pwn_hitbgsecctf2017_1000levels) +[下载文件](../src/writeup/6.1.16_pwn_hitbctf2017_1000levels) ## 题目复现 ``` diff --git a/doc/6.1.18_pwn_hitbctf2017_sentosa.md b/doc/6.1.18_pwn_hitbctf2017_sentosa.md new file mode 100644 index 0000000..174f59b --- /dev/null +++ b/doc/6.1.18_pwn_hitbctf2017_sentosa.md @@ -0,0 +1,29 @@ +# 6.1.18 pwn HITBCTF2017 Sentosa + +- [题目复现](#题目复现) +- [题目解析](#题目解析) +- [Exploit](#exploit) +- [参考资料](#参考资料) + + +[下载文件](../src/writeup/6.1.18_pwn_hitbctf2017_sentosa) + +## 题目复现 +``` +$ file sentosa +sentosa: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=556ed41f51d01b6a345af2ffc2a135f7f8972a5f, stripped +$ checksec -f sentosa +RELRO STACK CANARY NX PIE RPATH RUNPATH FORTIFY Fortified Fortifiable FILE +Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH Yes 1 3 sentosa +$ strings libc.so.6| grep "GNU C" +GNU C Library (Ubuntu GLIBC 2.23-0ubuntu4) stable release version 2.23, by Roland McGrath et al. +Compiled by GNU CC version 5.4.0 20160609. +``` + + +## 题目解析 + +## Exploit + +## 参考资料 +- https://ctftime.org/task/4460 diff --git a/doc/6_writeup.md b/doc/6_writeup.md index d039781..5e3e14a 100644 --- a/doc/6_writeup.md +++ b/doc/6_writeup.md @@ -16,8 +16,9 @@ - [6.1.13 pwn 34C3CTF2017 readme_revenge](6.1.13_pwn_34c3ctf2017_readme_revenge.md) - [6.1.14 pwn 32C3CTF2015 readme](6.1.14_pwn_32c3ctf2015_readme.md) - [6.1.15 pwn 34C3CTF2017 SimpleGC](6.1.15_pwn_34c3ctf2017_simplegc.md) - - [6.1.16 pwn HITBGSECCTF2017 1000levels](6.1.16_pwn_hitbgsecctf2017_1000levels.md) + - [6.1.16 pwn HITBCTF2017 1000levels](6.1.16_pwn_hitbctf2017_1000levels.md) - [6.1.17 pwn SECCONCTF2016 jmper](6.1.17_pwn_secconctf2016_jmper.md) + - [6.1.18 pwn HITBCTF2017 Sentosa](6.1.18_pwn_hitbctf2017_sentosa.md) - re - [6.2.1 re XHPCTF2017 dont_panic](6.2.1_re_xhpctf2017_dont_panic.md) - [6.2.2 re ECTF2016 tayy](6.2.2_re_ectf2016_tayy.md) diff --git a/src/writeup/6.1.16_pwn_hitbgsecctf2017_1000levels/1000levels b/src/writeup/6.1.16_pwn_hitbctf2017_1000levels/1000levels similarity index 100% rename from src/writeup/6.1.16_pwn_hitbgsecctf2017_1000levels/1000levels rename to src/writeup/6.1.16_pwn_hitbctf2017_1000levels/1000levels diff --git a/src/writeup/6.1.16_pwn_hitbgsecctf2017_1000levels/libc.so.6 b/src/writeup/6.1.16_pwn_hitbctf2017_1000levels/libc.so.6 similarity index 100% rename from src/writeup/6.1.16_pwn_hitbgsecctf2017_1000levels/libc.so.6 rename to src/writeup/6.1.16_pwn_hitbctf2017_1000levels/libc.so.6 diff --git a/src/writeup/6.1.18_pwn_hitbctf2017_sentosa/libc.so.6 b/src/writeup/6.1.18_pwn_hitbctf2017_sentosa/libc.so.6 new file mode 100755 index 0000000..d08f5f5 Binary files /dev/null and b/src/writeup/6.1.18_pwn_hitbctf2017_sentosa/libc.so.6 differ diff --git a/src/writeup/6.1.18_pwn_hitbctf2017_sentosa/sentosa b/src/writeup/6.1.18_pwn_hitbctf2017_sentosa/sentosa new file mode 100644 index 0000000..297ace3 Binary files /dev/null and b/src/writeup/6.1.18_pwn_hitbctf2017_sentosa/sentosa differ