Write up (Wargame)/LOB
2022.05.18
login : vampire password : music world 탐색전 cat skeleton.c /* The Lord of the BOF : The Fellowship of the BOF - skeleton - argv hunter */ #include #include extern char **environ; main(int argc, char *argv[]) { char buffer[40]; int i, saved_argc; if(argc < 2){ printf("argv error\n"); exit(0); } // egghunter for(i=0; environ[i]; i++) memset(environ[i], 0, strlen(environ[i])); if(argv[1][47] != '\xb..
Write up (Wargame)/LOB
2022.05.18
login : troll password : aspirin 탐색전 두근두근 cat vampire.c /* The Lord of the BOF : The Fellowship of the BOF - vampire - check 0xbfff */ #include #include main(int argc, char *argv[]) { char buffer[40]; if(argc < 2){ printf("argv error\n"); exit(0); } if(argv[1][47] != '\xbf') { printf("stack is still your friend.\n"); exit(0); } // here is changed! if(argv[1][46] == '\xff') { printf("but it's not..
Write up (Wargame)/LOB
2022.05.18
login : orge password : timewalker 다시 보니까 여기선 하십시오체를 쓰는데 그냥 컨디션에 따라 달라지는거 같네요 ㅇㅅㅇ... 탐색전 cat을 할 때마다 너무 두근두근.. 어떤 코드가 있을까요. /* The Lord of the BOF : The Fellowship of the BOF - troll - check argc + argv hunter */ #include #include extern char **environ; main(int argc, char *argv[]) { char buffer[40]; int i; // here is changed if(argc != 2){ printf("argc must be two!\n"); exit(0); } // egghunter f..
Write up (Wargame)/LOB
2022.05.18
login : darkelf password : kernel crashed 탐색전 cat orge.c /* The Lord of the BOF : The Fellowship of the BOF - orge - check argv[0] */ #include #include extern char **environ; main(int argc, char *argv[]) { char buffer[40]; int i; if(argc < 2){ printf("argv error\n"); exit(0); } // here is changed! if(strlen(argv[0]) != 77){ printf("argv[0] error\n"); exit(0); } // egghunter for(i=0; environ[i]; ..
Write up (Wargame)/LOB
2022.05.18
login : wolfman password : love eyuna 탐색전 /* The Lord of the BOF : The Fellowship of the BOF - darkelf - egghunter + buffer hunter + check length of argv[1] */ #include #include extern char **environ; main(int argc, char *argv[]) { char buffer[40]; int i; if(argc < 2){ printf("argv error\n"); exit(0); } // egghunter for(i=0; environ[i]; i++) memset(environ[i], 0, strlen(environ[i])); if(argv[1][..
Write up (Wargame)/LOB
2022.05.18
login : orc password : cantata 탐색전 cat wolfman.c /* The Lord of the BOF : The Fellowship of the BOF - wolfman - egghunter + buffer hunter */ #include #include extern char **environ; main(int argc, char *argv[]) { char buffer[40]; int i; if(argc < 2){ printf("argv error\n"); exit(0); } // egghunter for(i=0; environ[i]; i++) memset(environ[i], 0, strlen(environ[i])); if(argv[1][47] != '\xbf') { pr..
Write up (Wargame)/LOB
2022.05.18
계속 하십시오체를 썼는데, 저도 모르게 하다체로 계속 쓰다가 바꾸던 거라. 그냥 해라체로 써야겠습니다. login : goblin password : hackers proof 탐색전 cat orc.c /* The Lord of the BOF : The Fellowship of the BOF - orc - egghunter */ #include #include extern char **environ; main(int argc, char *argv[]) { char buffer[40]; int i; if(argc < 2){ printf("argv error\n"); exit(0); } // egghunter for(i=0; environ[i]; i++) memset(environ[i], 0, strlen(e..
Write up (Wargame)/LOB
2022.05.18
고블린을 사냥해봅시다. 예전에 게임 튜토리얼로 고블린 잡던 때가 떠오르네요.. login : cobolt password : hacking exposed 탐색전 cat goblin.c /* The Lord of the BOF : The Fellowship of the BOF - goblin - small buffer + stdin */ int main() { char buffer[16]; gets(buffer); printf("%s\n", buffer); } 이번엔 gets 함수에 대한 취약점인 것 같습니다. gets함수도 입력에서 길이제한이 없으므로 bof가 일어납니다. 더군다나 이제 main에서 인자를 받지 않고 stdin 이라고 되어있네요. 저번 문제에서 small buffer에 대해서 환경 변수를..
