![[Pico CTF 2021]pwn-Here's a Libc](https://img.kn0sky.com/typora/image-20231106175918-c6us53j.png)
题目分析 无PIE,有NX,无Canary,一眼疑似栈溢出 [*] "/home/selph/Downloads/PicoCTF/pwn-Here's a LIBC/vuln" Arch: amd64-64-little RELRO: Partial RELRO
Published on 2023-11-07
![[Pico CTF 2021]pwn-Cache Me Outside](https://img.kn0sky.com/typora/image-20231103142822-wbm71ya.png)
题目分析 题目给了三个文件,libc版本是2.27,其中给了个makefile: ➜ pwn-Cache Me Outside cat Makefile all: gcc -Xlinker -rpath=./ -Wall -m64 -pedantic -no-pie --std=gnu99 -
Published on 2023-11-03
![[Pico CTF 2021]pwn-Stonks](https://img.kn0sky.com/typora/image-20231102150829-5xzo7v7.png)
题目分析 pwn题目的一种形式是,直接给源码,本题就是: #include <stdlib.h> #include <stdio.h> #include <string.h> #include <time.h> #define FLAG_BUFFER 128 #define MAX_SYM_LEN
Published on 2023-11-02
![[Google CTF 2023]rev-zermatt](https://img.kn0sky.com/typora/image-20231031164406-9s6gsl3.png)
分析 这里给了个超长的lua脚本,格式化之后,首先看到的就是一个解密函数: local v0 = string.char; local v1 = string.byte; local v2 = string.sub; local v3 = bit32 or bit
Published on 2023-10-31
![[Google CTF 2023]pwn-write-flag-where3](https://img.kn0sky.com/typora/image-20230907143013-4y5jg1p.png)
题目分析 int __cdecl main(int argumentCount, const char **arguments, const char **environmentVariables) { __int64 buffer[9]; // [rsp+0h] [rbp-70h] BYREF
Published on 2023-10-26
![[Google CTF 2023]pwn-write-flag-where2](https://img.kn0sky.com/typora/image-20230906160036-lq35taf.png)
题目分析 直接看代码: int __cdecl main(int argumentCount, const char **arguments, const char **environmentVariables) { __int64 buffer[9]; // [rsp+0h] [rbp-70h
Published on 2023-10-25
文件信息: [*] '/home/selph/CTF-Exercise/Google CTF 2023/write-flag-where/chal' Arch: amd64-64-little RELRO: Partial RELRO Stack: No
Published on 2023-10-23
2023 SunShine CTF Writeup(1re, 2pwn) 共解出:1crypto, 1scripting, 1re, 2pwn 剩下几个pwn看了,没思路,有wp了学习了再更新分享 Crypto-BeepBoop Cryptography 题目文件: beep beep beep b
Published on 2023-10-10
软件基本信息 软件名称 软件版本 编程语言 加壳情况 难度 难度说明 练习日期 Acala DVD Ripper Pro 6.1.2 C++ 无 简单 无 2023.08.01 练手用的老旧软件(购买页面已经无法访问) 启动窗口:显示未注册,需要输入激活码 内容界面: help显示未注册 窗口
Published on 2023-08-01
从libc2.23开始,到最新版,都会有的,慢慢更新ing 本文源码版本:2.23 从fastbin中申请chunk __libc_malloc 首先是调用malloc函数: void * __libc_malloc (size_t bytes) { mstate ar_ptr; void
Published on 2023-07-14
