본문 바로가기

워게임/lord of bof

level 19 -> 20 [xavius@localhost xavius]$ cat death_knight.c /* The Lord of the BOF : The Fellowship of the BOF - dark knight - remote BOF*/ #include #include #include #include #include #include #include #include #include main(){char buffer[40]; int server_fd, client_fd; struct sockaddr_in server_addr; struct sockaddr_in client_addr; int sin_size; if((server_fd = socket(AF_INET, SOCK_STREAM, 0)) == -1){perror(.. 더보기
level 18 -> 19 [nightmare@localhost nightmare]$ cat xavius.c /* The Lord of the BOF : The Fellowship of the BOF - xavius - arg*/ #include #include #include main(){char buffer[40];char *ret_addr; // overflow!fgets(buffer, 256, stdin);printf("%s\n", buffer); if(*(buffer+47) == '\xbf'){printf("stack retbayed you!\n");exit(0);} if(*(buffer+47) == '\x08') { printf("binary image retbayed you, too!!\n"); exit(0); } /.. 더보기
level 17 -> 18 [succubus@localhost succubus]$ cat nightmare.c /* The Lord of the BOF : The Fellowship of the BOF - nightmare - PLT*/ #include #include #include #include main(int argc, char *argv[]){char buffer[40];char *addr; if(argc < 2){printf("argv error\n");exit(0);} // check addressaddr = (char *)&strcpy; if(memcmp(argv[1]+44, &addr, 4) != 0){ printf("You must fall in love with strcpy()\n"); exit(0); } //.. 더보기
level 16 -> 17 [zombie_assassin@localhost zombie_assassin]$ cat succubus.c /* The Lord of the BOF : The Fellowship of the BOF - succubus - calling functions continuously */ #include #include #include // the inspectorint check = 0; void MO(char *cmd){ if(check != 4) exit(0); printf("welcome to the MO!\n"); // olleh!system(cmd);} void YUT(void){ if(check != 3) exit(0); printf("welcome to the YUT!\n"); check = 4;.. 더보기
level 15 -> 16 [assassin@localhost assassin]$ cat zombie_assassin.c /* The Lord of the BOF : The Fellowship of the BOF - zombie_assassin - FEBP*/ #include #include main(int argc, char *argv[]){char buffer[40]; if(argc < 2){printf("argv error\n");exit(0);} if(argv[1][47] == '\xbf'){printf("stack retbayed you!\n");exit(0);} if(argv[1][47] == '\x40') { printf("library retbayed you, too!!\n"); exit(0); } // strncp.. 더보기
level 14 -> 15 [giant@localhost giant]$ cat assassin.c /* The Lord of the BOF : The Fellowship of the BOF - assassin - no stack, no RTL*/ #include #include main(int argc, char *argv[]){char buffer[40]; if(argc < 2){printf("argv error\n");exit(0);} if(argv[1][47] == '\xbf'){printf("stack retbayed you!\n");exit(0);} if(argv[1][47] == '\x40') { printf("library retbayed you, too!!\n"); exit(0); } strcpy(buffer, ar.. 더보기
level 13 -> 14 [bugbear@localhost bugbear]$ cat giant.c /* The Lord of the BOF : The Fellowship of the BOF - giant - RTL2*/ #include #include #include main(int argc, char *argv[]){char buffer[40];FILE *fp;char *lib_addr, *execve_offset, *execve_addr;char *ret; if(argc < 2){printf("argv error\n");exit(0);} // gain address of execvefp = popen("/usr/bin/ldd /home/giant/assassin | /bin/grep libc | /bin/awk '{print.. 더보기
level 12 -> 13 [darkknight@localhost darkknight]$ cat bugbear.c /* The Lord of the BOF : The Fellowship of the BOF - bugbear - RTL1*/ #include #include main(int argc, char *argv[]){char buffer[40];int i; if(argc < 2){printf("argv error\n");exit(0);} if(argv[1][47] == '\xbf'){printf("stack betrayed you!!\n");exit(0);} strcpy(buffer, argv[1]); printf("%s\n", buffer);} 와 드디어 RTL 문제가 나왔군요.. 간단하게 시스템 함수와 환경변수를 이용해 .. 더보기
level 11 -> 12 [golem@localhost golem]$ cat darkknight.c /* The Lord of the BOF : The Fellowship of the BOF - darkknight - FPO*/ #include #include void problem_child(char *src){char buffer[40];strncpy(buffer, src, 41);printf("%s\n", buffer);} main(int argc, char *argv[]){if(argc 더보기
level 10 -> 11 [skeleton@localhost skeleton]$ lsgolem golem.c[skeleton@localhost skeleton]$ cat golem.c /* The Lord of the BOF : The Fellowship of the BOF - golem - stack destroyer*/ #include #include extern char **environ; main(int argc, char *argv[]){char buffer[40];int i; if(argc < 2){printf("argv error\n");exit(0);} if(argv[1][47] != '\xbf'){printf("stack is still your friend.\n");exit(0);} strcpy(buffer, .. 더보기

티스토리툴바