diff --git a/SUMMARY.md b/SUMMARY.md index 5d86da4..a30e22d 100644 --- a/SUMMARY.md +++ b/SUMMARY.md @@ -142,6 +142,7 @@ GitHub 地址:https://github.com/firmianay/CTF-All-In-One * [6.1.17 pwn SECCONCTF2016 jmper](doc/6.1.17_pwn_secconctf2016_jmper.md) * [6.1.18 pwn HITBCTF2017 Sentosa](doc/6.1.18_pwn_hitbctf2017_sentosa.md) * [6.1.19 pwn HITBCTF2018 gundam](doc/6.1.19_pwn_hitbctf2018_gundam.md) + * [6.1.20 pwn 33C3CTF2016 babyfengshui](doc/6.1.20_pwn_33c3ctf2016_babyfengshui.md) * re * [6.2.1 re XHPCTF2017 dont_panic](doc/6.2.1_re_xhpctf2017_dont_panic.md) * [6.2.2 re ECTF2016 tayy](doc/6.2.2_re_ectf2016_tayy.md) diff --git a/doc/6.1.20_pwn_33c3ctf2016_babyfengshui.md b/doc/6.1.20_pwn_33c3ctf2016_babyfengshui.md new file mode 100644 index 0000000..552a920 --- /dev/null +++ b/doc/6.1.20_pwn_33c3ctf2016_babyfengshui.md @@ -0,0 +1,30 @@ +# 6.1.20 pwn 33C3CTF2016 babyfengshui + +- [题目复现](#题目复现) +- [题目解析](#题目解析) +- [Exploit](#exploit) +- [参考资料](#参考资料) + + +[下载文件](../src/writeup/6.1.20_pwn_33c3ctf2016_babyfengshui) + +## 题目复现 +``` +$ file babyfengshui +babyfengshui: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=cecdaee24200fe5bbd3d34b30404961ca49067c6, stripped +$ checksec -f babyfengshui +RELRO STACK CANARY NX PIE RPATH RUNPATH FORTIFY Fortified Fortifiable FILE +Partial RELRO Canary found NX enabled No PIE No RPATH No RUNPATH Yes 0 3 babyfengshui +$ strings libc-2.19.so | grep "GNU C" +GNU C Library (Debian GLIBC 2.19-18+deb8u6) stable release version 2.19, by Roland McGrath et al. +Compiled by GNU CC version 4.8.4. +``` + + +## 题目解析 + +## Exploit + +## 参考资料 +- https://ctftime.org/task/3282 +- https://github.com/bkth/babyfengshui diff --git a/doc/6_writeup.md b/doc/6_writeup.md index d5bbcca..edfe56d 100644 --- a/doc/6_writeup.md +++ b/doc/6_writeup.md @@ -20,6 +20,7 @@ - [6.1.17 pwn SECCONCTF2016 jmper](6.1.17_pwn_secconctf2016_jmper.md) - [6.1.18 pwn HITBCTF2017 Sentosa](6.1.18_pwn_hitbctf2017_sentosa.md) - [6.1.19 pwn HITBCTF2018 gundam](6.1.19_pwn_hitbctf2018_gundam.md) + - [6.1.20 pwn 33C3CTF2016 babyfengshui](6.1.20_pwn_33c3ctf2016_babyfengshui.md) - re - [6.2.1 re XHPCTF2017 dont_panic](6.2.1_re_xhpctf2017_dont_panic.md) - [6.2.2 re ECTF2016 tayy](6.2.2_re_ectf2016_tayy.md) diff --git a/src/writeup/6.1.20_pwn_33c3ctf2016_babyfengshui/babyfengshui b/src/writeup/6.1.20_pwn_33c3ctf2016_babyfengshui/babyfengshui new file mode 100755 index 0000000..d924cbf Binary files /dev/null and b/src/writeup/6.1.20_pwn_33c3ctf2016_babyfengshui/babyfengshui differ diff --git a/src/writeup/6.1.20_pwn_33c3ctf2016_babyfengshui/libc-2.19.so b/src/writeup/6.1.20_pwn_33c3ctf2016_babyfengshui/libc-2.19.so new file mode 100755 index 0000000..e7ec308 Binary files /dev/null and b/src/writeup/6.1.20_pwn_33c3ctf2016_babyfengshui/libc-2.19.so differ