The Ricardo Narvaja’s challenge aims to learn about IDA Pro, and use it as much as possible. The challenge can be found here and I modified the IDB for a better understanding. This challenge interacts with a file called fichero.dat, read and store in local variables (struct). Since is a small file, I can infer that there […]
You are browsing archives for
Categoría: Exploiting
VolgaCTF 2017 – time_is
I solved this challenge with my teammate @javierprtd. Category: Exploiting. Points: 150. Binary: time_is. By executing the binary, we can see.
|
1 2 3 4 5 6 7 8 9 |
$ ./time_is Enter time zones separated by whitespace or q to quit hola hola: 05:54 Enter time zones separated by whitespace or q to quit %x.%x.%x.%x.%x.%x.%x.%x.%x 5.66666667.70a3d70b.2ce33e7.e40.bac364a0.350c30aa.2400010.78: 05:54 Enter time zones separated by whitespace or q to quit |
Well, format string vulnerability found The binary read from stdin using __getlimit function, and the unique limiter is ‘\n’.
|
1 |
v3 = __getdelim(&lineptr, &n, 10, stdin); |
The __printf_chk function is used for printing in stdout and checking if the […]
XiomaraCTF 2017 – mint
In this challenge debugging was unneccesary . If I execute it, this is the output:
|
1 2 3 4 5 6 7 |
$ ./mint ^^^^^^^^^^^^^^ Welcome to My Mini Text editor (Mint) ^^^^^^^^^^^^^^^^^^^^^^^^ [1] Add text [2] Edit text [3] Display text [4] Exit Enter ur option : |
We can add a text, edit and show it. The vulnerability So, I add a text, the max length is 0x30, but if edit the text, there are two options:
|
1 2 3 |
Enter ur option :2 [1] Append text [2] Overwrite |
When I choose the first option, we can […]