View Source

Excuse the ads! We need some help to keep our site up.

List

Infomation

Description

Lazenca.0x0

I have opened an online candy store.

File

Source Code

Writeup

File information

lazenca0x0@ubuntu:~/Documents/CTF/SECCON2017$ file ./Lazenca.0x0 
./Lazenca.0x0: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=1bfd795acede916210985e5865d2de9697e7505a, stripped
lazenca0x0@ubuntu:~/Documents/CTF/SECCON2017$ checksec.sh --file ./Lazenca.0x0 
RELRO           STACK CANARY      NX            PIE             RPATH      RUNPATH      FILE
Partial RELRO   Canary found      NX enabled    No PIE          No RPATH   No RUNPATH   ./Lazenca.0x0
lazenca0x0@ubuntu:~/Documents/CTF/SECCON2017$

Binary analysis

Struct

typedef struct ORDER{
    char orderCode[8];
    unsigned int  orderNumber;
    char orderCandyName[8];
    int  candyCode;
};

typedef struct CANDIES {
    char candyName[8];
    unsigned int  orderNumber;
    int candyCode;
};

typedef struct STOCK{
    char candyName[8];
    unsigned int  candyNumber;
    int  candyPrice;
    char *candyDescription;
};

typedef struct IDPW{
    long empty[2];
    char id[IDPWMAX];
    char pw[IDPWMAX];
    long state;
    char description[88];
};

typedef struct ACCOUNT{
    long state;
    long number;
    struct IDPW *fd;
    long bk;
};

Main

해당 함수는 다음과 같은 기능을 합니다.

_init_array

addAdmin

Structure of Exploit code

The following information is required for an attack:

Information for attack

Exploit Code

Flag

Flag

Related Site

N / a