- pwn1 is really basic problem about buffer overflow.
- When we excute program, they just print buffer address to us to calculate address easier.
- Buffer size is only
0x10so I'll write shellcode afterret - This simple python script will help you to pwning it.
- This problem is not hard too. Only difficulty is that I couldn't see library function name.
- I make my own function table too make reversing more easily
0x7f8: srand
0x7f0: rand
0x7d8: printf
0x810: scarf
0x818: exit
0x808: fopen
0x7e8: read
0x7e0: fclose
- But function name maybe different with real.
- I made some c program that create same number with third program.
- This simple python script will give you flag
- This file type is Intel hex type file. I heard about it at this time. I recommand you to read this blog if you are korean.
- I tried to recover it to bin but I failed to do it correctly. So I use linux strings command to my imperfect program.
- flag:
BITCTF{B4d_bad_U5B}
- It was too hard to me to guess solution. I refer this blog
- If you see that ebook carefully you can see some strange things. letter I isn't capital in that book and some letter is capital even if that's middle in word.
- If you collect capital letter than you can get strings like
ZEROONEZEROZERO...than change it to real number like0100... - Now change it to ascii letter than we can get flag
- flag:
BITSCTF{h1d3_1n_pl41n_5173}