You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Excuse the ads! We need some help to keep our site up.

List


Infomation

Description

Lazenca.0x0

I have opened an online candy store.

File


Source Code


Writeup

File information

lazenca0x0@ubuntu:~/Documents/CTF/SECCON2017$ file ./Lazenca.0x0 
./Lazenca.0x0: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=1bfd795acede916210985e5865d2de9697e7505a, stripped
lazenca0x0@ubuntu:~/Documents/CTF/SECCON2017$ checksec.sh --file ./Lazenca.0x0 
RELRO           STACK CANARY      NX            PIE             RPATH      RUNPATH      FILE
Partial RELRO   Canary found      NX enabled    No PIE          No RPATH   No RUNPATH   ./Lazenca.0x0
lazenca0x0@ubuntu:~/Documents/CTF/SECCON2017$

Binary analysis

Struct

typedef struct ORDER{
    char orderCode[8];
    unsigned int  orderNumber;
    char orderCandyName[8];
    int  candyCode;
};

typedef struct CANDIES {
    char candyName[8];
    unsigned int  orderNumber;
    int candyCode;
};

typedef struct STOCK{
    char candyName[8];
    unsigned int  candyNumber;
    int  candyPrice;
    char *candyDescription;
};

typedef struct IDPW{
    long empty[2];
    char id[IDPWMAX];
    char pw[IDPWMAX];
    long state;
    char description[88];
};

typedef struct ACCOUNT{
    long state;
    long number;
    struct IDPW *fd;
    long bk;
};

Main

  • 해당 함수는 다음과 같은 기능을 합니다.





_init_array

addAdmin

Structure of Exploit code 





  • The following information is required for an attack:





Information for attack





Exploit Code
Exploit code




Flag
Flag

Related Site
  • N / a






                
        
    
        


                        
    





    

	

		
    
    
            
  • 
            No labels
        
    •