nganhkhoa/CTF-All-In-One
1
0
Fork 0
mirror of https://github.com/nganhkhoa/CTF-All-In-One.git synced 2024-12-25 11:41:16 +07:00
Code Issues Projects Releases Wiki Activity

add 6.1.35

Browse Source
This commit is contained in:
firmianay 2018-10-16 15:26:45 +08:00
parent e1ec70c894
commit c5d5900af8
9 changed files with 1089 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
SUMMARY.md
View File

@ -167,7 +167,8 @@ GitHub 地址:<https://github.com/firmianay/CTF-All-In-One>
* [6.1.31 pwn HITBCTF2018 mutepig](doc/6.1.31_pwn_hitbctf2018_mutepig.md) * [6.1.31 pwn HITBCTF2018 mutepig](doc/6.1.31_pwn_hitbctf2018_mutepig.md)
* [6.1.32 pwn SECCONCTF2017 vm_no_fun](doc/6.1.32_pwn_secconctf2017_vm_no_fun.md) * [6.1.32 pwn SECCONCTF2017 vm_no_fun](doc/6.1.32_pwn_secconctf2017_vm_no_fun.md)
* [6.1.33 pwn 34C3CTF2017 LFA](doc/6.1.33_pwn_34c3ctf2017_lfa.md) * [6.1.33 pwn 34C3CTF2017 LFA](doc/6.1.33_pwn_34c3ctf2017_lfa.md)
* [6.2.34 pwn N1CTF2018 memsafety](doc/6.1.34_pwn_n1ctf2018_memsafety.md) * [6.1.34 pwn N1CTF2018 memsafety](doc/6.1.34_pwn_n1ctf2018_memsafety.md)
* [6.1.35 pwn 0CTF2018 heapstorm2](doc/6.1.35_pwn_0ctf2018_heapstorm2.md)
* Reverse * Reverse
* [6.2.1 re XHPCTF2017 dont_panic](doc/6.2.1_re_xhpctf2017_dont_panic.md) * [6.2.1 re XHPCTF2017 dont_panic](doc/6.2.1_re_xhpctf2017_dont_panic.md)
* [6.2.2 re ECTF2016 tayy](doc/6.2.2_re_ectf2016_tayy.md) * [6.2.2 re ECTF2016 tayy](doc/6.2.2_re_ectf2016_tayy.md)

2
doc/6.1.34_pwn_n1ctf2018_memsafety.md
View File

@ -1,4 +1,4 @@
# 6.2.34 pwn N1CTF2018 memsafety # 6.1.34 pwn N1CTF2018 memsafety
- [题目复现](#题目复现) - [题目复现](#题目复现)
- [题目解析](#题目解析) - [题目解析](#题目解析)

34
doc/6.1.35_pwn_0ctf2018_heapstorm2.md Normal file
View File

@ -0,0 +1,34 @@
# 6.1.35 pwn 0CTF2018 heapstorm2
- [题目复现](#题目复现)
- [题目解析](#题目解析)
- [漏洞利用](#漏洞利用)
- [参考资料](#参考资料)
[下载文件](../src/writeup/6.1.35_pwn_0ctf2018_heapstorm2)
## 题目复现
```text
$ file heapstorm2
heapstorm2: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=875a94fee796b76933b4142702569c3f57adadc9, stripped
$ pwn checksec --file heapstorm2
[*] '/home/firmy/Desktop/heapstorm2/heapstorm2'
Arch: amd64-64-little
RELRO: Full RELRO
Stack: Canary found
NX: NX enabled
PIE: PIE enabled
$ strings libc-2.24.so | grep "GNU C"
GNU C Library (Debian GLIBC 2.24-11+deb9u3) stable release version 2.24, by Roland McGrath et al.
Compiled by GNU CC version 6.3.0 20170516.
```
## 题目解析
## 漏洞利用
## 参考资料
- <https://ctftime.org/task/5701>
- <https://dangokyo.me/2018/04/07/0ctf-2018-pwn-heapstorm2-write-up/>

3
doc/6_writeup.md
View File

@ -34,7 +34,8 @@
* [6.1.31 pwn HITBCTF2018 mutepig](6.1.31_pwn_hitbctf2018_mutepig.md) * [6.1.31 pwn HITBCTF2018 mutepig](6.1.31_pwn_hitbctf2018_mutepig.md)
* [6.1.32 pwn SECCONCTF2017 vm_no_fun](6.1.32_pwn_secconctf2017_vm_no_fun.md) * [6.1.32 pwn SECCONCTF2017 vm_no_fun](6.1.32_pwn_secconctf2017_vm_no_fun.md)
* [6.1.33 pwn 34C3CTF2017 LFA](6.1.33_pwn_34c3ctf2017_lfa.md) * [6.1.33 pwn 34C3CTF2017 LFA](6.1.33_pwn_34c3ctf2017_lfa.md)
* [6.2.34 pwn N1CTF2018 memsafety](6.1.34_pwn_n1ctf2018_memsafety.md) * [6.1.34 pwn N1CTF2018 memsafety](6.1.34_pwn_n1ctf2018_memsafety.md)
* [6.1.35 pwn 0CTF2018 heapstorm2](doc/6.1.35_pwn_0ctf2018_heapstorm2.md)
* Reverse * Reverse
* [6.2.1 re XHPCTF2017 dont_panic](6.2.1_re_xhpctf2017_dont_panic.md) * [6.2.1 re XHPCTF2017 dont_panic](6.2.1_re_xhpctf2017_dont_panic.md)
* [6.2.2 re ECTF2016 tayy](6.2.2_re_ectf2016_tayy.md) * [6.2.2 re ECTF2016 tayy](6.2.2_re_ectf2016_tayy.md)

BIN
src/.DS_Store vendored Normal file
View File

Binary file not shown.

BIN
src/writeup/.DS_Store vendored Normal file
View File

Binary file not shown.

1050
src/writeup/6.1.34_pwn_n1ctf2018_memsafety/main.rs Normal file
View File

File diff suppressed because it is too large Load Diff

BIN
src/writeup/6.1.35_pwn_0ctf2018_heapstorm2/heapstorm2 Executable file
View File

Binary file not shown.

BIN
src/writeup/6.1.35_pwn_0ctf2018_heapstorm2/libc-2.24.so Executable file
View File

Binary file not shown.