Binary-Exploit

Shell Code

Published on December 2, 2021

Goal of the exercise Have a shell and print the contents of the flag file. Research And Reverse Engineering Test See if there are any protections: I see it with “checksec” command: Apparently the program has no protection. What the program uses: I see it with “ltrace” command: I want to know more about “puts” and “read”: Decompiled C code: main(): int __cdecl main(int argc, const char **argv, const char **envp) { setvbuf(stdin, 0, 2, 0); setvbuf(stdout, 0, 2, 0); puts( " _________.

Easy Leak

Published on June 13, 2019

Goal of the exercise Have the program to print the contents of the flag file. Research And Reverse Engineering Test See if there are any protections: It appears to be only “NX” enabled. Decompiled C code of the executable: int __cdecl __noreturn main(int argc, const char **argv, const char **envp) { FILE *stream; // [rsp+0h] [rbp-50h] char s1; // [rsp+10h] [rbp-40h] char *s; // [rsp+30h] [rbp-20h] const char *v6; // [rsp+38h] [rbp-18h] const char *v7; // [rsp+40h] [rbp-10h] unsigned __int64 v8; // [rsp+48h] [rbp-8h] v8 = __readfsqword(0x28u); memset(&s1, 0, 0x38uLL); s = "[!

Binary Exploit

Shell Code

Easy Leak