Vài dòng tâm sự

although this event i can only finished 1 one challenge but i learnt a lot from others writeup. It’s make me feel that I only have the width not the depth in exploiting. Now I need to reflect meself about what i’ve been doing right now. That’s some random shit…

###phân tích rõ các hàm trong challenge

đầu tiên chương trình thực hiện gọi hàm ssignalalarm

The function ssignal() defines the action to take when the software  signal  with  number  signum  is raised  using  the  function gsignal(), and returns the previous such action or SIG_DFL.

nom na là chương trình sẽ gọi signal-handler…

If you read my previous writeup about rop32 then this one should be easy for you, i just need to remind you about the registers before execute syscall

rax == 0x3b (59 in dec)
rdi == point to address contain ‘/bin/sh’
rsi == NULL
rdx == NULL

now we need…

It’s been a long time since my last writeup, now i came back with this exciting challenge. I knew that there’s a lot of writeup about this challenge on the internet but this one I only based my own limited knowledge.

so let’s jump in!!!


Can you exploit the following…

i know it’s kinda old but i really love this kind of rop challenge.

1. Source code

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/types.h>
#include <stdbool.h>
#define BUFSIZE 16bool win1 = false;
bool win2 = false;
void win_function1() {
win1 = true;
void win_function2(unsigned int arg_check1) {…

#voting machine 1 (bof)

  • objdump -dđể dump ra các hàm có thể disassembly được (vì đây là file unstripped) => có được địa chỉ flag (hàm secret)
  • tìm offset + p32(secret)

#voting machine 2 (format string)

test thử bin

Nguyễn Tín

a loner

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store