add 6.1.21 6.1.22

This commit is contained in:
firmianay 2018-04-30 23:45:54 +08:00
parent f6656821eb
commit ec5de95c15
8 changed files with 63 additions and 0 deletions

View File

@ -151,6 +151,8 @@ GitHub 地址https://github.com/firmianay/CTF-All-In-One
* [6.1.18 pwn HITBCTF2017 Sentosa](doc/6.1.18_pwn_hitbctf2017_sentosa.md) * [6.1.18 pwn HITBCTF2017 Sentosa](doc/6.1.18_pwn_hitbctf2017_sentosa.md)
* [6.1.19 pwn HITBCTF2018 gundam](doc/6.1.19_pwn_hitbctf2018_gundam.md) * [6.1.19 pwn HITBCTF2018 gundam](doc/6.1.19_pwn_hitbctf2018_gundam.md)
* [6.1.20 pwn 33C3CTF2016 babyfengshui](doc/6.1.20_pwn_33c3ctf2016_babyfengshui.md) * [6.1.20 pwn 33C3CTF2016 babyfengshui](doc/6.1.20_pwn_33c3ctf2016_babyfengshui.md)
* [6.1.21 pwn HITCONCTF2016 Sleepy_Holder](doc/6.1.21_pwn_hitconctf2016_sleepy_holder.md)
* [6.1.22 pwn BCTF2016 bcloud](doc/6.1.22_pwn_bctf2016_bcloud.md)
* Reverse * Reverse
* [6.2.1 re XHPCTF2017 dont_panic](doc/6.2.1_re_xhpctf2017_dont_panic.md) * [6.2.1 re XHPCTF2017 dont_panic](doc/6.2.1_re_xhpctf2017_dont_panic.md)
* [6.2.2 re ECTF2016 tayy](doc/6.2.2_re_ectf2016_tayy.md) * [6.2.2 re ECTF2016 tayy](doc/6.2.2_re_ectf2016_tayy.md)

View File

@ -0,0 +1,30 @@
# 6.1.21 pwn HITCONCTF2016 Sleepy_Holder
- [题目复现](#题目复现)
- [题目解析](#题目解析)
- [漏洞利用](#漏洞利用)
- [参考资料](#参考资料)
[下载文件](../src/writeup/6.1.21_pwn_hitconctf2016_sleepy_holder)
## 题目复现
```
$ file SleepyHolder
SleepyHolder: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.24, BuildID[sha1]=46f0e70abd9460828444d7f0975a8b2f2ddbad46, stripped
$ checksec -f SleepyHolder
RELRO STACK CANARY NX PIE RPATH RUNPATH FORTIFY Fortified Fortifiable FILE
Partial RELRO Canary found NX enabled No PIE No RPATH No RUNPATH Yes 0 2 SleepyHolder
$ strings libc.so.6 | grep "GNU C"
GNU C Library (Ubuntu GLIBC 2.23-0ubuntu3) stable release version 2.23, by Roland McGrath et al.
Compiled by GNU CC version 5.3.1 20160413.
```
## 题目解析
## 漏洞利用
## 参考资料
- https://ctftime.org/task/4812
- https://github.com/mehQQ/public_writeup/tree/master/hitcon2016/SleepyHolder

View File

@ -0,0 +1,29 @@
# 6.1.22 pwn BCTF2016 bcloud
- [题目复现](#题目复现)
- [题目解析](#题目解析)
- [漏洞利用](#漏洞利用)
- [参考资料](#参考资料)
[下载文件](../src/writeup/6.1.22_pwn_bctf2016_bcloud)
## 题目复现
```
$ file bcloud
bcloud: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.2, for GNU/Linux 2.6.24, BuildID[sha1]=96a3843007b1e982e7fa82fbd2e1f2cc598ee04e, stripped
$ checksec -f bcloud
RELRO STACK CANARY NX PIE RPATH RUNPATH FORTIFY Fortified Fortifiable FILE
Partial RELRO Canary found NX enabled No PIE No RPATH No RUNPATH Yes 0 4 bcloud
$ strings libc-2.19.so | grep "GNU C"
GNU C Library (Ubuntu EGLIBC 2.19-0ubuntu6.7) stable release version 2.19, by Roland McGrath et al.
Compiled by GNU CC version 4.8.2.
```
## 题目解析
## 漏洞利用
## 参考资料
- https://ctftime.org/task/2165

View File

@ -21,6 +21,8 @@
* [6.1.18 pwn HITBCTF2017 Sentosa](6.1.18_pwn_hitbctf2017_sentosa.md) * [6.1.18 pwn HITBCTF2017 Sentosa](6.1.18_pwn_hitbctf2017_sentosa.md)
* [6.1.19 pwn HITBCTF2018 gundam](6.1.19_pwn_hitbctf2018_gundam.md) * [6.1.19 pwn HITBCTF2018 gundam](6.1.19_pwn_hitbctf2018_gundam.md)
* [6.1.20 pwn 33C3CTF2016 babyfengshui](6.1.20_pwn_33c3ctf2016_babyfengshui.md) * [6.1.20 pwn 33C3CTF2016 babyfengshui](6.1.20_pwn_33c3ctf2016_babyfengshui.md)
* [6.1.21 pwn HITCONCTF2016 Sleepy_Holder](6.1.21_pwn_hitconctf2016_sleepy_holder.md)
* [6.1.22 pwn BCTF2016 bcloud](6.1.22_pwn_bctf2016_bcloud.md)
* Reverse * Reverse
* [6.2.1 re XHPCTF2017 dont_panic](6.2.1_re_xhpctf2017_dont_panic.md) * [6.2.1 re XHPCTF2017 dont_panic](6.2.1_re_xhpctf2017_dont_panic.md)
* [6.2.2 re ECTF2016 tayy](6.2.2_re_ectf2016_tayy.md) * [6.2.2 re ECTF2016 tayy](6.2.2_re_ectf2016_tayy.md)

Binary file not shown.

Binary file not shown.

Binary file not shown.