CTF-All-In-One/doc/6.4_writeup.md
2017-09-12 15:38:29 +08:00

2.9 KiB

6.4 习题答案

3.3.1 格式化字符串漏洞

pwn - UIUCTF 2017 - goodluck - 200

Pwn - NJCTF 2017 - pingme - 200

5.2 Pin 动态二进制插桩

RE - picoCTF 2014 - Baleful

RE - Hack You 2014 - reverse - 400

RE - CSAW CTF 2015 - wyvern - 500

RE - th3jackers CTF 2015 - rev100 - 100

6.1 更多 Linux 工具

Strings - strings_crackme

$ strings -e L strings_crackme
w0wgreat

Pwn - Strings - flag_pwnablekr

$ ./flag_pwnablekr
I will malloc() and strcpy the flag there. take it.
$ strings flag_pwnablekr | grep UPX
UPX!
$Info: This file is packed with the UPX executable packer http://upx.sf.net $
$Id: UPX 3.08 Copyright (C) 1996-2011 the UPX Team. All Rights Reserved. $
UPX!
UPX!
$ upx -d flag_pwnablekr
                       Ultimate Packer for eXecutables
                          Copyright (C) 1996 - 2017
UPX 3.94        Markus Oberhumer, Laszlo Molnar & John Reiser   May 12th 2017
        File size         Ratio      Format      Name
   --------------------   ------   -----------   -----------
    883745 <-    335288   37.94%   linux/amd64   flag_pwnablekr
Unpacked 1 file.
$ strings flag_pwnablekr | grep -i upx
UPX...? sounds like a delivery service :)

xxd - xxd_crackme

$ xxd -g1 xxd_crackme
......
00001020: 00 00 00 00 67 30 30 64 4a 30 42 21 00 00 00 00  ....g00dJ0B!....
......
$ strings -d xxd_crackme
......
g00dJ0B!
......