xekOnerR's BLOG - xekOnerR's Blog

ciscn_2019_s_3_ret2csu/SROP

1234567[*] '/mnt/hgfs/0x9C_CTF_And_Studay_Note/Pwn_Study/pwn_exercise/BUUCTF/ciscn_s_3' Arch: amd64-64-little RELRO: Partial RELRO Stack: No canary found NX: ...
2025-05-30
pwn

| writeup

| buuctf
Read moreciscn_2019_s_3_ret2csu/SROP
buuctf_pwn_picoctf-2018-rop-chain_writeup

i386 小端序程序， IDA32打开 main 12345678910int __cdecl main(int argc, const char **argv, const char **envp){ int v4; // [esp+Ch] [ebp-Ch] setvbuf(_bss_start, 0, 2, 0); v4 = getegid(); setresgid...
2025-04-24
pwn

| writeup

| buuctf
Read morebuuctf_pwn_picoctf-2018-rop-chain_writeup
ciscn-2019-es-2_writeup_栈迁移

借鉴于大佬写的一篇非常详细的文章： https://bbs.kanxue.com/thread-266927.htmchecksec 1234567[*] '/mnt/hgfs/0x9C_CTF_And_Study_Note/Pwn_Study/pwn_exercise/BUUCTF/ciscn_2019_es_2' Arch: i386-32-lit...
2025-04-22
pwn

| writeup

| Note
Read moreciscn-2019-es-2_writeup_栈迁移
GUET-CTF2019_Reverse_number-game_writeup

64bit 文件，无壳 IDA64 打开:12345678910111213141516171819202122232425262728293031323334353637unsigned __int64 __fastcall main(int a1, char **a2, char **a3){ __int64 v4; // [rsp+8h] [rbp-38h] __int6...
2025-04-21
writeup

| buuctf

| reverse
Read moreGUET-CTF2019_Reverse_number-game_writeup
buuctf_pwn_jarvisoj-fm_writeup

buuctf pwn 板块 jarvisoj_fm 题目，考察 x86 栈上格式化字符串漏洞 checksec 1234567[*] '/mnt/hgfs/CTF/Pwn_Study/pwn_exercise/BUUCTF/fm' Arch: i386-32-little RELRO: Partial RELRO Stack: ...
2025-04-20
pwn

| writeup

| buuctf
Read morebuuctf_pwn_jarvisoj-fm_writeup
buuctf_pwn_ciscn-2019-n-5_writeup

两种解法: 预期解是 ret2shellcode, ubuntu18可以实现的(ubuntu24 bss 段可读可写不可不可执行) 非预期解是 ret2libc checksec 12345678910[*] '/mnt/hgfs/CTF/Pwn_Study/pwn_exercise/BUUCTF/ciscn_2019_n_5' Arch: ...
2025-04-19
pwn

| writeup

| buuctf
Read morebuuctf_pwn_ciscn-2019-n-5_writeup
buuctf_pwn_[OGeek2019]babyrop_writeup

buuctf_OGeek2019_babyrop 题目，个人解法 Checksec1234567[*] '/mnt/hgfs/CTF/Pwn_Study/pwn_exercise/BUUCTF/pwn' Arch: i386-32-little RELRO: Full RELRO Stack: No canary foun...
2025-04-18
pwn

| writeup

| buuctf
Read morebuuctf_pwn_[OGeek2019]babyrop_writeup
TGCTF2025_Reverse_XTEA_writeup

赛后复现初步分析下载文件，给了一个附件和 readme.txt readme.txt 1压缩包密码：2654435769 压缩包密码有点奇怪，其实 hex 一下就可以发现就是默认的 DELTA 值，后续没有发现 DELTA 没有 deifne, 用默认的其实也可以解开。 123v1 = 2654435769print(hex(v1))# 0x9e3779b9 解压后 exeinfo...
2025-04-16
writeup

| reverse

| TGCTF
Read moreTGCTF2025_Reverse_XTEA_writeup
第五空间2019决赛_PWN5_writeup

初始1234567❯ checksec pwn[*] '/mnt/hgfs/CTF/Pwn_Study/pwn_exercise/BUUCTF/pwn' Arch: i386-32-little RELRO: Partial RELRO Stack: Canary found NX: NX enabl...
2025-04-04
pwn

| writeup

| buuctf
Read more第五空间2019决赛_PWN5_writeup
Reverse_CheckList

凯撒解密 (IF 判断 ASCII，移位)123456789101112131415161718192021222324252627282930313233343536__int64 __fastcall encode_three(const char *a1, int a2, char *a3, int *a4){ char v5; // [rsp+Fh] [rbp-11h] ...
2025-04-03
Note

| reverse

| CheckList
Read moreReverse_CheckList

1 234

> xekOnerR's Blog Here_/ <