kow

pwnable.kr-cmd1

题目描述： Mommy! what is PATH environment in Linux? ssh [email protected] -p2222 (pw:guest)cmd1.c的源码为：#include <stdio.h>#include <string.h>int filter(char* cmd){ int r=0; r += strstr(cmd, "flag")!=0; r += strstr(cmd, "sh")!=0; r += strstr(...…

2016-08-09 • cmd pwnable.kr shell拼接继续阅读
pwnable.kr-lotto

题目描述： Mommy! I made a lotto program for my homework. do you want to play? ssh [email protected] -p2222 (pw:guest)看下源码，是个简易的lotto系统，输入6个字符，与系统/dev/urandom生成的6个字符进行比较，如果相同的话就中奖了，但是在检查的地方代码出现了问题：int match = 0, j = 0; for(i=0; i<6; i++){ for(j=0...…

2016-08-09 • lotto pwnable.kr继续阅读
pwnable.kr-blackjack

题目描述： Hey! check out this C implementation of blackjack game! I found it online http://cboard.cprogramming.com/c-programming/114023-simple-blackjack-program.html I like to give my flags to millionares. how much money you got? Running a...…

2016-08-09 • 21点 blackjack bypass pwnable.kr继续阅读
pwnable.kr-coin1

题目描述： Mommy, I wanna play a game! (if your network response time is too slow, try nc 0 9007 inside pwnable.kr server) Running at : nc pwnable.kr 9007运行连接后发现是个小游戏： ————————————————— – Shall we play a game? – ————————————————— You have given ...…

2016-08-05 • coin payload pwnable.kr socket 二分法继续阅读
pwnable.kr-shellshock

题目描述： Mommy, there was a shocking news about bash. I bet you already know, but lets just make it sure 🙂 ssh [email protected] -p2222 (pw:guest)shellshock.c的源码为：#include <stdio.h>int main(){ setresuid(getegid(), getegid(), getegid()); ...…

2016-07-25 • bash payload pwn pwnable.kr shellshock继续阅读
pwnable.kr-mistake

题目描述： We all make mistakes, let’s move on. (don’t take this too seriously, no fancy hacking skill is required at all) This task is based on real event Thanks to dhmonkey hint : operator priority ssh [email protected] -p2222 (pw:guest)mistak...…

2016-07-25 • fd mistake pwnable.kr read()继续阅读
pwnable.kr-leg

题目描述： Daddy told me I should study arm. But I prefer to study my leg! Download : http://pwnable.kr/bin/leg.c Download : http://pwnable.kr/bin/leg.asm ssh [email protected] -p2222 (pw:guest)这题的描述比较有意思，这题主要考察arm的汇编指令，当然此ARM非彼arm（胳膊），leg.c的代码：#incl...…

2016-07-23 • arm arm指令 bx exploit lr pc pwnable.kr r0 thumb继续阅读
pwnable.kr-input

题目描述： Mom? how can I pass my input to a computer program? ssh [email protected] -p2222 (pw:guest)连接上ssh后，input.c的源码如下：#include <stdio.h>#include <stdlib.h>#include <string.h>#include <sys/socket.h>#include <arpa/inet.h&...…

2016-07-22 • exploit fd fork pipe pwn pwnable.kr read() shellcode socket 管道传输重定向继续阅读
pwnable.kr-random

题目描述： Daddy, teach me how to use random value in programming! ssh [email protected] -p2222 (pw:guest)其中random.c的代码为：#include <stdio.h>int main(){ unsigned int random; random = rand(); // random value! unsigned int key=0; scanf("%d", &k...…

2016-07-15 • exploit pwn pwnable.kr random random seed seed shellcode 溢出继续阅读
pwnable.kr-passcode

依然是题目描述： Mommy told me to make a passcode based login system. My initial C code was compiled without any error! Well, there was some compiler warning, but who cares about that? ssh [email protected] -p2222 (pw:guest)连上后，目录下有c源码和可执行文件，首先查看下程序...…

2016-07-15 • canary exploit gdb GOT覆盖 peda pwn pwnable.kr shellcode 溢出继续阅读