'워게임/protostar' 카테고리의 글 목록

본문 바로가기

워게임/protostar

net4 (gdb) disas mainDump of assembler code for function main:0x0804975f :push %ebp0x08049760 :mov %esp,%ebp0x08049762 :and $0xfffffff0,%esp0x08049765 :push %ebx0x08049766 :sub $0x2c,%esp0x08049769 :call 0x8048c9c 0x0804976e :mov %eax,%ebx0x08049770 :call 0x8048b9c 0x08049775 :mov %ebx,0x8(%esp)0x08049779 :mov %eax,0x4(%esp)0x0804977d :movl $0x8049ba4,(%esp)0x08049784 :call 0x8048e58 0x08049789 :movl.. 더보기

net3 #include "../common/common.c" #define NAME "net3"#define UID 996#define GID 996#define PORT 2996 /** Extract a null terminated string from the buffer */ int get_string(char **result, unsigned char *buffer, u_int16_t len){unsigned char byte; byte = *buffer; if(byte > len) errx(1, "badly formed packet");*result = malloc(byte);strcpy(*result, buffer + 1); return byte + 1;} /** Check to see if we ca.. 더보기

net2 (gdb) disas runDump of assembler code for function run:0x0804978a :push ebp0x0804978b :mov ebp,esp0x0804978d :push ebx0x0804978e :sub esp,0x340x08049791 :mov DWORD PTR [ebp-0xc],0x0//val1(ebp-0xc) = 00x08049798 :mov DWORD PTR [ebp-0x10],0x0//val2(ebp-0x10) = 00x0804979f :jmp 0x80497fb 0x080497a1 :mov ebx,DWORD PTR [ebp-0x10]//edx = val20x080497a4 :call 0x8048a98 0x080497a9 :mov DWORD PTR [ebp+eb.. 더보기

net1 C:\Users\user>E:\pwnable\protostar\net1.py쿸? ?장난삼아돌려봤는데 음 코드분석 귀찮다 (gdb) disas runDump of assembler code for function run:0x0804981a :push ebp0x0804981b :mov ebp,esp0x0804981d :sub esp,0x380x08049820 :call 0x8048b10 //이번에도 랜덤 0x08049825 :mov DWORD PTR [ebp-0x28],eax0x08049828 :mov edx,DWORD PTR [ebp-0x28] //랜덤값은 edx에0x0804982b :mov eax,0x8049d54//%d0x08049830 :mov DWORD PTR [esp+0x8],edx0x080498.. 더보기

net0 (gdb) disas main Dump of assembler code for function main:0x08049844 :push ebp0x08049845 :mov ebp,esp0x08049847 :and esp,0xfffffff00x0804984a :sub esp,0x200x0804984d :mov DWORD PTR [esp+0x8],0x3e70x08049855 :mov DWORD PTR [esp+0x4],0x3e70x0804985d :mov DWORD PTR [esp],0x8049cdc0x08049864 :call 0x8048eb8 0x08049869 :mov DWORD PTR [esp],0xbb70x08049870 :call 0x8049355 0x08049875 :mov DWORD PTR [es.. 더보기

format4 (gdb) disas vuln Dump of assembler code for function vuln:0x080484d2 :push ebp0x080484d3 :mov ebp,esp0x080484d5 :sub esp,0x2180x080484db :mov eax,ds:0x80497300x080484e0 :mov DWORD PTR [esp+0x8],eax0x080484e4 :mov DWORD PTR [esp+0x4],0x2000x080484ec :lea eax,[ebp-0x208]0x080484f2 :mov DWORD PTR [esp],eax0x080484f5 :call 0x804839c 0x080484fa :lea eax,[ebp-0x208]0x08048500 :mov DWORD PTR [esp],eax0.. 더보기

format3 (gdb) disas vuln Dump of assembler code for function vuln:0x08048467 :push ebp0x08048468 :mov ebp,esp0x0804846a :sub esp,0x2180x08048470 :mov eax,ds:0x80496e80x08048475 :mov DWORD PTR [esp+0x8],eax0x08048479 :mov DWORD PTR [esp+0x4],0x2000x08048481 :lea eax,[ebp-0x208]0x08048487 :mov DWORD PTR [esp],eax0x0804848a :call 0x804835c //fgets(buffer, 0x200, stdin) 0x0804848f :lea eax,[ebp-0x208]0x0804.. 더보기

format2 user@protostar:/opt/protostar/bin$ perl -e 'print "AAAA", "%x_"x4' | ./format2AAAA200_b7fd8420_bffff624_41414141_target is 0 :( (gdb) disas vuln Dump of assembler code for function vuln:0x08048454 :push ebp0x08048455 :mov ebp,esp0x08048457 :sub esp,0x2180x0804845d :mov eax,ds:0x80496d80x08048462 :mov DWORD PTR [esp+0x8],eax//val0x08048466 :mov DWORD PTR [esp+0x4],0x200//0x2000x0804846e :lea eax,.. 더보기

format1 0x080483f4 :push ebp0x080483f5 :mov ebp,esp0x080483f7 :sub esp,0x180x080483fa :mov eax,DWORD PTR [ebp+0x8]0x080483fd :mov DWORD PTR [esp],eax0x08048400 :call 0x8048320 0x08048405 :mov eax,ds:0x80496380x0804840a :test eax,eax0x0804840c :je 0x804841a 0x0804840e :mov DWORD PTR [esp],0x80485000x08048415 :call 0x8048330 0x0804841a :leave 0x0804841b :ret End of assembler dump. 힙 영역에 target이 저장되어있고 이 값.. 더보기

format0 0x080483fa :mov DWORD PTR [ebp-0xc],0x00x08048401 :mov eax,DWORD PTR [ebp+0x8]0x08048404 :mov DWORD PTR [esp+0x4],eax0x08048408 :lea eax,[ebp-0x4c]0x0804840b :mov DWORD PTR [esp],eax0x0804840e :call 0x8048300 0x08048413 :mov eax,DWORD PTR [ebp-0xc]0x08048416 :cmp eax,0xdeadbeef0x0804841b :jne 0x8048429 0x0804841d :mov DWORD PTR [esp],0x80485100x08048424 :call 0x8048330 0x08048429 :leave 0x080484.. 더보기

이전 1 2 3 다음

검색

블로그 내 검색

전체 방문자

오늘
어제

티스토리툴바