it's text! but formatted
#!/usr/bin/env ruby | |
require 'socket' | |
#require 'hexdump' | |
$dbg = false | |
$sock = TCPSocket.new("localhost", 4141) | |
def recv_until(str) | |
data = "" | |
while tmp = $sock.recv(1024) and not tmp.empty? |
extern int main(); | |
int lol() { | |
printf("ANIMEDAD GO\n"); | |
FILE* file = popen("cat key","r"); | |
// use fscanf to read: | |
char buffer[10000]; | |
while(fscanf(file, "%100s", buffer) != EOF) | |
printf("%s\n", buffer); | |
pclose(file); |
This year the Pwnadventure challenge for GitS was written using Unreal Engine 4. This was an interesting choice because this makes it one of the first few games published using the engine. I'm very familiar with UE3 hacking and how the engine works internally(drop-in cheat code for anything using the engine), so I had decided to try to find a game published on UE4 and get up to speed prior to the competition. There really wasn't anything decent available.
It should be noted that doing this challenge on the three different operating systems available conferred different avantages. Windows made it easy to understand the class structure, and linux/osx eliminated awful SSE instructions in Pirate Treasure
.
Diving into pwnadv, there's a GameLogic.dll
and GameLogic.pdb
in the binary folder for the game. The first step to gamehacking is usually...
There's a PDB. No reversing necessary. Knowing how object oriented programming in C++ works is pretty import
#include <Windows.h> | |
#include <Psapi.h> | |
#include <stdlib.h> | |
#include <string> | |
#include <stdio.h> | |
#pragma comment(lib, "psapi.lib") | |
DWORD GObjects = 0; | |
DWORD GNames = 0; | |
class Vector3 { |
I hereby claim:
- I am dwendt on github.
- I am dwn (https://keybase.io/dwn) on keybase.
- I have a public key whose fingerprint is 623A AAAC 3936 2C4F 1298 69CB 7446 3FC4 F593 38A1
To claim this, I am signing this object:
For this challenge, we're given an .exe
file and a server that it's running on. Running strings on the binary, we see that there's a lot of text in the program. It's all instructions on how to get started with Windows exploitation. One block that is particularly interesting is:
VULNERABLE FUNCTION
-------------------
Send me exactly 1024 characters (with some constraints).
Password:
GreenhornSecretPassword!!!
// ==UserScript== | |
// @name SoundCloud Last.fm Scrobbler | |
// @namespace http://userscripts.org/users/266001 | |
// @description SoundCloud Last.fm Scrobbler is a JS/Greasemonkey-based Last.fm scrobbler for SoundCloud with support for loving tracks. Based on Bandcamp Last.fm Scrobbler 0.9.4 GGS-0.9.3. | |
// @require http://userscripts-mirror.org/scripts/source/85398.user.js | |
// @include http://soundcloud.com/* | |
// @include https://soundcloud.com/* | |
// @version 0.1.6 GGS-0.9.5-Dv6 | |
// @license FreeBSD License (see source code). Portions dual-licensed under the MIT (Expat) License and GPLv2. | |
// @grant GM_log |