Versions Compared

Old Version 2

changes.mady.by.user Lazenca.0x0

Saved on

compared with

New Version 3

changes.mady.by.user Lazenca.0x0

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Panel

Excuse the ads! We need some help to keep our site up.

List

Table of Contents
outlinetrue

Infomation

Description

Panel

Lazenca.0x0

I have opened an online candy store.

File

Panel


Source Code

Panel


Writeup

File information

Code Block
lazenca0x0@ubuntu:~/Documents/CTF/SECCON2017$ file ./Lazenca.0x0 
./Lazenca.0x0: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=1bfd795acede916210985e5865d2de9697e7505a, stripped
lazenca0x0@ubuntu:~/Documents/CTF/SECCON2017$ checksec.sh --file ./Lazenca.0x0 
RELRO           STACK CANARY      NX            PIE             RPATH      RUNPATH      FILE
Partial RELRO   Canary found      NX enabled    No PIE          No RPATH   No RUNPATH   ./Lazenca.0x0
lazenca0x0@ubuntu:~/Documents/CTF/SECCON2017$

Binary analysis

Struct

Code Block
typedef struct ORDER{
    char orderCode[8];
    unsigned int  orderNumber;
    char orderCandyName[8];
    int  candyCode;
};

typedef struct CANDIES {
    char candyName[8];
    unsigned int  orderNumber;
    int candyCode;
};

typedef struct STOCK{
    char candyName[8];
    unsigned int  candyNumber;
    int  candyPrice;
    char *candyDescription;
};

typedef struct IDPW{
    long empty[2];
    char id[IDPWMAX];
    char pw[IDPWMAX];
    long state;
    char description[88];
};

typedef struct ACCOUNT{
    long state;
    long number;
    struct IDPW *fd;
    long bk;
};

Main

  • 해당 함수는 다음과 같은 기능을 합니다.
Code Block

_init_array

addAdmin

Structure of Exploit code 
 Panel

  • The following information is required for an attack:
 Panel

Information for attack

 Panel
Exploit Code
 Code Block
languagepy
titleExploit code
Flag
Flag

Related Site
  • N / a
 Panel