Programming VIP

1. Check protection mechanism Result of checksec: 2. Source code The source code of the program is: #undef _FORTIFY_SOURCE #include <stdio.h> #include <stdlib.h> #include <unistd.h> void vulnerable_function() { char buf[128]; read(STDIN_FILENO, buf, 512); } int main(int argc, char** argv) { write(STDOUT_FILENO, " ...

script Picture blasting width and height script in Knowledge points of ctf misc picture questions in Binary to QR code Before running, change the image side length, that is, the value of MAX. for example, the binary string length is 625 (25 * 25), which is changed to 25 here import PIL from PIL import Image MAX = 25 #Picture side lengt ...

preface Vegetable chicken summary, if there is something wrong, I hope you can give advice in time to avoid harming people's children. 0x1: basic knowledge: Everyone must know the problem solved by stack migration technology - the overflow length is not enough and can only cover the return address. As for the length of the rop chain to ...

1, Title Description The second BMZCTF network security open, sponsored by: white hat community · WHT team, white hat cup, January 1, 2022 misc Title: game script As a programmer, I can't call out 30 lives. I wrote it down in my notes. Game script hint: compressed package, pay attention to the logo, and then reorganize. Game script ...

preface After hitting the peak of geeks, talk about your feelings: it's really becoming more and more delicious?? They didn't sign in and didn't leave. They scored 0 directly, which was worse than when they first started There are two Pwns, one five or six libc + two executable files. They don't bother to decompress them. A malloc direc ...

1, Title 2, WriteUp [1]. Get compressed package Directly modify the suffix of the document to zip or use binwalk -e [file name] in kalinux to obtain a compressed package The contents are as follows [2]. Tips In_ There is a key in rels Txt, said to move forward bravely, indicating that the flag is likely to be i ...

It's kernal pwn Three documents were given boot.sh: a script used to start the shell of the kernel. It uses qemu. The protection measures are related to different startup parameters of qemu bzImage: packaged kernel code. vmlinx is usually extracted through it. It is also here to find gadget s rootfs.cpio: file system image, that is, the file ...

Foreword: I just started the core problem recently, so I'll learn from ctfwiki here. Don't spray... The first step is classic... If the title is not given to vmlinux, it can be extracted through extract vmlinux. See start SH finds that kalsr randomization is enabled, and the base address needs to be leaked. This is very similar to the pwn pro ...

Part1 Bypass skills about intval() function web89 clude("flag.php"); highlight_file(__FILE__); if(isset($_GET['num'])){ $num = $_GET['num']; if(preg_match("/[0-9]/", $num)){ die("no no no!"); } if(intval($num)){ echo $flag; } } It can be recognized as a number by intval, excluding the numbers 0-9 After ...

Phar What is Phar PHp ARchive, like a Java JAR, but for PHP. Phar (PHp ARchive) is a packaged file similar to JAR. PHP ≥ 5.3 supports phar suffix files by default. You can use it without any other installation. The phar extension provides a way to put an entire PHP application into a. Phar file for easy movement and installation The bigge ...