although this event i can only finished 1 one challenge but i learnt a lot from others writeup. It’s make me feel that I only have the width not the depth in exploiting. Now I need to reflect meself about what i’ve been doing right now. That’s some random shit…

###gathering

###gathering

###gathering because the binary was statistically linked, all of the function will be harder to reversing main creating buf at rbp -0x20 sub_40EE70 when I first jump in and back out again it’s only passing 1 arg

###phân tích rõ các hàm trong challenge hàm main đầu tiên chương trình thực hiện gọi hàm ssignal và alarm The function ssignal() defines the action to take when the software signal with number signum is raised using the function gsignal(), and returns the previous such action or SIG_DFL. nom na là chương trình sẽ gọi signal-handler…

If you read my previous writeup about rop32 then this one should be easy for you, i just need to remind you about the registers before execute syscall rax == 0x3b (59 in dec) rdi == point to address contain ‘/bin/sh’ rsi == NULL rdx == NULL now we need…

It’s been a long time since my last writeup, now i came back with this exciting challenge. I knew that there’s a lot of writeup about this challenge on the internet but this one I only based my own limited knowledge. so let’s jump in!!! DESCRIPTION Can you exploit the following…

i know it’s kinda old but i really love this kind of rop challenge. 1. Source code #include <stdio.h> #include <stdlib.h> #include <string.h> #include <unistd.h> #include <sys/types.h> #include <stdbool.h> #define BUFSIZE 16 bool win1 = false; bool win2 = false; void win_function1() { win1 = true; } void win_function2(unsigned int arg_check1) {…

#voting machine 1 (bof) cái này bof cơ bản. mình sẽ nói sơ cách solve objdump -dđể dump ra các hàm có thể disassembly được (vì đây là file unstripped) => có được địa chỉ flag (hàm secret) tìm offset + p32(secret) #voting machine 2 (format string) mở trình disassembler lên tìm hàm main test thử bin