ret2win

$ PYTHONIOENCODING=utf8 ./ret2win.py [!] Pwntools does not support 32-bit Python. Use a 64-bit release. [+] Starting local process './ret2win32': pid 26910 ret2win by ROP Emporium x86 For my first trick, I will attempt to fit 56 bytes of user input into 32 bytes of stack buffer! What could possibly go wrong? You there, may I have your input please? And don't worry about null bytes, we're using read()! > Thank you!...

January 3, 2021 · 1 min · Matus Bursa

Reversing ELF

Hi, today I would like to show you how to solve easy RE CTF and how to start with RE, my directory after finish all challenges looks following: $ tree . ├── crackme_1 │ ├── crackme1 │ └── flag.txt ├── crackme_2 │ ├── crackme2 │ └── flag.txt ├── crackme_3 │ ├── crackme3 │ └── flag.txt ├── crackme_4 │ ├── crackme4 │ ├── flag.txt │ └── gdb_cmd ├── crackme_5 │ ├── crackme5 │ ├── flag....

December 7, 2020 · 7 min · Matus Bursa

Impossible Password

Welcome here in new year, I would like to introduce one of easy CTF in reverse engineering category radare2 [gdb] $ r2 ./impossible_password.bin [0x004006a0]> aaa ... [0x004006a0]> afl 0x004006a0 1 41 entry0 0x00400610 1 6 sym.imp.__libc_start_main 0x004005f0 1 6 sym.imp.putchar 0x00400600 1 6 sym.imp.printf 0x00400620 1 6 sym.imp.srand 0x00400630 1 6 sym.imp.strcmp 0x00400650 1 6 sym.imp.time 0x00400660 1 6 sym.imp.malloc 0x00400670 1 6 sym.imp.__isoc99_scanf 0x00400680 1 6 sym.imp.exit 0x00400690 1 6 sym....

January 27, 2020 · 2 min · Matus Bursa