Ryo ICHIKAWA icchy

## exploit.py
#!/usr/bin/env python
from pwn import *

context(os='linux', arch='i386')
# context.log_level = 'debug'

HOST = "segsh.bostonkey.party"
PORT = 8888

conn = None

## solve.log
~/D/c/b/hsab ❯❯❯ python solve.py
[+] Opening connection to 104.199.132.199 on port 2222: Done
[*] Switching to interactive mode

-bash-4.4$ $ bash -v /home/ctf/flag.ray
bash -v /home/ctf/flag.ray
#BCTF{ipreferzshtobash}
-bash-4.4$ server: timeout
[*] Got EOF while reading in interactive
$

## bof.c
/*
gcc -m32 -fno-stack-protector $@
*/
#include <unistd.h>

int main()
{
    char buf[100];
    int size;
    read(0, &size, 4);

## .zshfunc
function vm_debian() {
	case "$1" in
		start)
			/usr/local/bin/VBoxManage startvm "debian" --type headless
			;;
		stop|poweroff)
			/usr/local/bin/VBoxManage controlvm "debian" acpipowerbutton
			;;
		status)
			/usr/local/bin/VBoxManage showvminfo "debian" | grep "State"

## memo.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                icchy
                / memo.md
            
            
              Last active
              April 28, 2016 04:39
            
              
                jekyllテンプレート 候補
              
          
    https://github.com/jekyll/jekyll/wiki/themes


Pixyll - http://pixyll.com/
So Simple - https://mmistakes.github.io/so-simple-theme/
Type Theme - https://rohanchandra.github.io/type-theme/
slim - http://syaning.com/slim/
Jekyll Clean Dark - http://pavelmakhov.com/jekyll-clean-dark/

Javascript free


https://daryl.andrewlee.name/


## result
PASS
PASS
PASS
PASS
PASS
PASS
PASS
PASS
PASS
REJECTED

## solve.py
from math import sin
from urlparse import parse_qs
from base64 import b64encode
from base64 import b64decode
from re import match

from pwn import remote, context
# context.log_level = 'debug'

USER = 'icchy'

## attack.cpp
#include <iostream>
#include <sstream>
#include <iomanip>
#include <algorithm>
#include <cstring>
#include <cassert>
#include <vector>
#include <thread>
#include <mutex>
#include "md5.cpp"

## .zshfunc
function prezto-update() {
  olddir=`pwd`
  cd ~/.zprezto && git pull && git submodule update --init --recursive
  cd $olddir
}

function swap() {
	mv $1 .$1.myswp
	mv $2 $1
	mv .$1.myswp $2

## solve_10000.py
from pwn import *
import hashlib
import commands
import re


def submit(flag):
    import commands
    import random
	#!/usr/bin/env python
	from pwn import *

	context(os='linux', arch='i386')
	# context.log_level = 'debug'

	HOST = "segsh.bostonkey.party"
	PORT = 8888

	conn = None
	~/D/c/b/hsab ❯❯❯ python solve.py
	[+] Opening connection to 104.199.132.199 on port 2222: Done
	[*] Switching to interactive mode

	-bash-4.4$ $ bash -v /home/ctf/flag.ray
	bash -v /home/ctf/flag.ray
	#BCTF{ipreferzshtobash}
	-bash-4.4$ server: timeout
	[*] Got EOF while reading in interactive
	$
	/*
	gcc -m32 -fno-stack-protector $@
	*/
	#include <unistd.h>

	int main()
	{
	char buf[100];
	int size;
	read(0, &size, 4);
	function vm_debian() {
	case "$1" in
	start)
	/usr/local/bin/VBoxManage startvm "debian" --type headless
	;;
	stop\|poweroff)
	/usr/local/bin/VBoxManage controlvm "debian" acpipowerbutton
	;;
	status)
	/usr/local/bin/VBoxManage showvminfo "debian" \| grep "State"
	from math import sin
	from urlparse import parse_qs
	from base64 import b64encode
	from base64 import b64decode
	from re import match

	from pwn import remote, context
	# context.log_level = 'debug'

	USER = 'icchy'
	#include <iostream>
	#include <sstream>
	#include <iomanip>
	#include <algorithm>
	#include <cstring>
	#include <cassert>
	#include <vector>
	#include <thread>
	#include <mutex>
	#include "md5.cpp"
	function prezto-update() {
	olddir=`pwd`
	cd ~/.zprezto && git pull && git submodule update --init --recursive
	cd $olddir
	}

	function swap() {
	mv $1 .$1.myswp
	mv $2 $1
	mv .$1.myswp $2
	from pwn import *
	import hashlib
	import commands
	import re


	def submit(flag):
	import commands
	import random