Wargame Write-Up/Pwnable.xyz8 (Pwnable.xyz) two gargets Canary : ✓ NX : ✓ PIE : ✘ Fortify : ✘ RelRO : Partial first, check the security options, PIE isn’t enabled. int __cdecl __noreturn main(int argc, const char **argv, const char **envp) { int int32; // eax char s[32]; // [rsp+10h] [rbp-40h] BYREF _QWORD v5[2]; // [rsp+30h] [rbp-20h] BYREF __int64 v6; // [rsp+40h] [rbp-10h] unsigned __int64 v7; // [rsp+48h] [rbp-8h] v7 = __readfsqword(0x28u); setup.. 2022. 1. 14. (Pwnable.xyz) xor int __cdecl __noreturn main(int argc, const char **argv, const char **envp) { int v3; // [rsp+Ch] [rbp-24h] __int64 v4; // [rsp+10h] [rbp-20h] BYREF __int64 v5; // [rsp+18h] [rbp-18h] BYREF __int64 v6[2]; // [rsp+20h] [rbp-10h] BYREF v6[1] = __readfsqword(0x28u); puts("The Poopolator"); setup(); while ( 1 ) { v6[0] = 0LL; printf(format); v3 = _isoc99_scanf("%ld %ld %ld", &v4, &v5, v6); if ( !v4 .. 2022. 1. 14. (Pwnable.xyz) note writeup int __cdecl main(int argc, const char **argv, const char **envp) { int int32; // eax setup(argc, argv, envp); puts("Note taking 101."); while ( 1 ) { while ( 1 ) { while ( 1 ) { print_menu(); int32 = read_int32(); if ( int32 != 1 ) break; edit_note(); } if ( int32 != 2 ) break; edit_desc(); } if ( !int32 ) break; puts("Invalid"); } return 0; } It looks like a heap challenge. There are notable fu.. 2022. 1. 12. (Pwnable.xyz) GrownUp writeup int __cdecl main(int argc, const char **argv, const char **envp) { char *src; // [rsp+8h] [rbp-28h] char buf[24]; // [rsp+10h] [rbp-20h] BYREF unsigned __int64 v6; // [rsp+28h] [rbp-8h] v6 = __readfsqword(0x28u); setup(); *buf = 0LL; *&buf[8] = 0LL; printf("Are you 18 years or older? [y/N]: "); buf[(read(0, buf, 0x10uLL) - 1)] = 0; if ( buf[0] != 'y' && buf[0] != 'Y' ) return 0; src = malloc(0x8.. 2022. 1. 11. 이전 1 2 다음
