Outils pour utilisateurs

Outils du site


ctf:public:hackover2016:tiny_backdoor_v2

Différences

Ci-dessous, les différences entre deux révisions de la page.

Lien vers cette vue comparative

Les deux révisions précédentes Révision précédente
ctf:public:hackover2016:tiny_backdoor_v2 [2016/10/22 21:43]
arthaum
ctf:public:hackover2016:tiny_backdoor_v2 [2016/10/22 22:29] (Version actuelle)
arthaum
Ligne 13: Ligne 13:
 This challenge is based on [[ctf:public:hackover2016:tiny_backdoor_v1|tiny_backdoor_v1]]. The only difference is that the program calls ''mprotect(0x600000, 0x1000, PROT_READ | PROT_EXEC)'' before running our shellcode. This challenge is based on [[ctf:public:hackover2016:tiny_backdoor_v1|tiny_backdoor_v1]]. The only difference is that the program calls ''mprotect(0x600000, 0x1000, PROT_READ | PROT_EXEC)'' before running our shellcode.
  
-The method I used for tiny_backdoor_v1 doesn't work anymore because the memory segment at ''0x600000'' is no more writeable. I had to come up with a new idea.+The method I used for tiny_backdoor_v1 doesn't work anymore because the memory segment at ''0x600000'' is no longer writeable. I had to come up with a new idea.
  
 My first thought was to write on the stack instead, and then use ROP. Here is my shellcode: My first thought was to write on the stack instead, and then use ROP. Here is my shellcode:
Ligne 36: Ligne 36:
 </code> </code>
  
-got another idea. My shellcode itself contains a gadget! That is: ''pop rsi; syscall; ret''. This one is kind of useless because we already have it a ''0x400152''. The thing is, it gave me the idea of rearranging my shellcode to provide a better gadget. Here is my new shellcode:+had another idea. My shellcode itself contains a gadget! That is: ''pop rsi; syscall; ret''. This one is kind of useless because we already have it a ''0x400152''. The thing is, it gave me the idea of rearranging my shellcode to provide a better gadget. Here is my new shellcode:
  
 <code> <code>
ctf/public/hackover2016/tiny_backdoor_v2.txt · Dernière modification: 2016/10/22 22:29 de arthaum