Saturday, 31 August 2013
ASIS CTF 2013 - Reverse 50 - Simple Binary
In "Simple binary" task teams were provided a MS-DOS binary that asked for 6 numbers.
ASIS CTF 2013 - Stego 50 - Fragmentation
In the first stegano task there was given a picture of a class board. As the task title says the flag is probably split into couple of fragments.
Task |
Tuesday, 27 August 2013
Exploit exercises - Protostar - Heap 0
Heap 0 level teaches us that variables that are placed in a heap are referenced by different addresses in memory far from stack. Two sequential allocations have a high probability to be one after the other in memory. We can exploit this by overflowing buffer.
Format String vulnerability exploiting - General algorithm
I would like to sum up the format section tasks with some general algorithm that is probably will be good to solve easy tasks for this kind of vulnerability. You can try to apply this algorithm if you are sure that application has a format string vulnerability.
Saturday, 24 August 2013
Exploit exercises - Protostar - Format 4
Last level of the format section was more interesting. It supposed you to change code execution sequence. Immediately after printf is called there is a call to exit() function. But in order to reuse code in memory there is a PLT(procedure linkage table) that redirects execution to the place according the address of the specified function in GOT (Global Offset Table). Since .plt section in or binary is read-only and jump is made after address dereference we have to change a value that this address references to our value. This article contains very detailed description of PLT, GOT, PIC(Position Independent Code).
Exploit exercises - Protostar - Format 3
Format 3 was quite easy after the way I've tried to solve Format 0 :) . Third task in format section required to write four bytes into specific location in memory.
Exploit exercises - Protostar - Format 2
Format 2 was quite easy, even easier than format 1 for me. All you need is to write appropriate byte to the target address.
Exploit exercises - Protostar - Format 1
Format1 task differs from format0 task in a way where target variable is located. In this case target is located in .bss segment.
Wednesday, 21 August 2013
Exploit exercises - Protostar - Format 0
This task was quite educating for me. It contained very simple buffer overflow vulnerability that should be done via format string in less than 10 bytes of input.
Exploit exercises - Protostar - Stack 5
After a lot of effort spend on trying to exploit this simple program (http://www.exploit-exercises.com/protostar/stack5) I've finally executed root shell.
Here are some difficulties that I have encountered:
Subscribe to:
Posts (Atom)