A Django site Valid XHTML 1.1 Strict Get Firefox

Gu1's Website - Posts taggés « return oriented programming »

Padocon 2011, Karma 200 using ROP
Par Gu1 le 28/01/2011 à 01:17 tags: buffer overflow, ctf, english, padocon, return oriented programming, writeup.

Yet another writeup for the Padocon 2011.
This time, i'm gonna talk about karma200, a level that we did not validate during the CTF, but i was curious to see how i could exploit it, so i worked on it with Mysterie, kutio, teach and others these last few days.

Like for karma100, we had ssh credentials to a linux box and found a setuid binary called attackme in the home directory. Here is the source code:

/*
 * Enjoy!
 *
 *
 *
 * */

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
int main(int argc,char **argv)
{
        char buf[4];

        if(argc != 2 ...

2 Commentaires / Lire la suite...

1
©opyleft Gu1ll4um3r0m41n, 2008-2010. Contact