문제 Sometimes, pwnable is strange... hint: if this challenge is hard, you are a skilled player. ssh blukat@pwnable.kr -p2222 (pw: guest) 풀이 blukat@ubuntu:~$ ls blukat blukat.c password blukat@ubuntu:~$ cat password cat: password: Permission denied blukat@ubuntu:~$ cat: password: Permission denied.....? 뭔가 이상합니다. 그대로 입력해볼까요? blukat@ubuntu:~$ ./blukat guess the password! cat: password: Permission d..

문제 Daddy! how can I exploit unlink corruption? ssh unlink@pwnable.kr -p2222 (pw: guest) 풀이 unlink@ubuntu:~$ ls flag intended_solution.txt unlink unlink.c unlink@ubuntu:~$ cat intended_solution.txt cat: intended_solution.txt: Permission denied #include #include #include typedef struct tagOBJ{ struct tagOBJ* fd; struct tagOBJ* bk; char buf[8]; }OBJ; void shell(){ system("/bin/sh"); } void unlink(O..

문제 Mommy! I think I know how to make shellcodes ssh asm@pwnable.kr -p2222 (pw: guest) 풀이 asm@pwnable:~$ ls -al total 48 drwxr-x--- 5 root asm 4096 Jan 2 2017 . drwxr-xr-x 116 root root 4096 Nov 11 2021 .. -rwxr-xr-x 1 root root 13704 Nov 29 2016 asm -rw-r--r-- 1 root root 1793 Nov 29 2016 asm.c d--------- 2 root root 4096 Nov 19 2016 .bash_history dr-xr-xr-x 2 root root 4096 Nov 25 2016 .irssi d..

문제 Are you tired of hacking?, take some rest here. Just help me out with my small experiment regarding memcpy performance. after that, flag is yours. http://pwnable.kr/bin/memcpy.c ssh memcpy@pwnable.kr -p2222 (pw:guest) 풀이 // compiled with : gcc -o memcpy memcpy.c -m32 -lm #include #include #include #include #include #include #include unsigned long long rdtsc(){ asm("rdtsc"); } char* slow_memcp..

문제 Mommy, what is Use After Free bug? ssh uaf@pwnable.kr -p2222 (pw:guest) 풀이 #include #include #include #include #include using namespace std; class Human{ private: virtual void give_shell(){ system("/bin/sh"); } protected: int age; string name; public: virtual void introduce(){ cout

문제 Daddy bought me a system command shell. but he put some filters to prevent me from playing with it without his permission... but I wanna play anytime I want! ssh cmd2@pwnable.kr -p2222 (pw:flag of cmd1) 풀이 #include int filter(char* cmd){ int r=0; r += strstr(cmd, "=")!=0; r += strstr(cmd, "PATH")!=0; r += strstr(cmd, "export")!=0; r += strstr(cmd, "/")!=0; r += strstr(cmd, "`")!=0; r += strst..

문제 Mommy! what is PATH environment in Linux? ssh cmd1@pwnable.kr -p2222 (pw:guest) 풀이 #include #include int filter(char* cmd){ int r=0; r += strstr(cmd, "flag")!=0; r += strstr(cmd, "sh")!=0; r += strstr(cmd, "tmp")!=0; return r; } int main(int argc, char* argv[], char** envp){ putenv("PATH=/thankyouverymuch"); if(filter(argv[1])) return 0; system( argv[1] ); return 0; } strstr 함수를 사용하여 flag, sh..

문제 Mommy! I made a lotto program for my homework. do you want to play? ssh lotto@pwnable.kr -p2222 (pw:guest) 풀이 ```c #include #include #include #include unsigned char submit[6]; void play() { int i; printf("Submit your 6 lotto bytes : "); fflush(stdout); int r; r = read(0, submit, 6); printf("Lotto Start!\n"); // sleep(1); // generate lotto numbers int fd = open("/dev/urandom", O_RDONLY); if (f..

문제 Hey! check out this C implementation of blackjack game! I found it online http://cboard.cprogramming.com/c-programming/114023-simple-blackjack-program.html I like to give my flags to millionares. how much money you got? Running at : nc pwnable.kr 9009 풀이 문제에 제시된 링크에서 사용된 C 소스코드를 볼 수 있습니다. 너무 길어서 전체 소스코드는 첨부하지 않았습니다. 우리가 주목해야 할 코드는 다음과 같습니다. int betting() //Asks user amount to bet { printf("\n..

문제 Mommy, I wanna play a game! (if your network response time is too slow, try nc 0 9007 inside pwnable.kr server) Running at : nc pwnable.kr 9007 풀이 --------------------------------------------------- - Shall we play a game? - --------------------------------------------------- You have given some gold coins in your hand however, there is one counterfeit coin among them counterfeit coin looks e..