MarkdownPad Document

*:first-child {
margin-top: 0 !important;
}

body>*:last-child {
margin-bottom: 0 !important;
}

/* BLOCKS
=============================================================================*/

p, blockquote, ul, ol, dl, table, pre {
margin: 15px 0;
}

/* HEADERS
=============================================================================*/

h1, h2, h3, h4, h5, h6 {
margin: 20px 0 10px;
padding: 0;
font-weight: bold;
-webkit-font-smoothing: antialiased;
}

h1 tt, h1 code, h2 tt, h2 code, h3 tt, h3 code, h4 tt, h4 code, h5 tt, h5 code, h6 tt, h6 code {
font-size: inherit;
}

h1 {
font-size: 28px;
color: #000;
}

h2 {
font-size: 24px;
border-bottom: 1px solid #ccc;
color: #000;
}

h3 {
font-size: 18px;
}

h4 {
font-size: 16px;
}

h5 {
font-size: 14px;
}

h6 {
color: #777;
font-size: 14px;
}

body>h2:first-child, body>h1:first-child, body>h1:first-child+h2, body>h3:first-child, body>h4:first-child, body>h5:first-child, body>h6:first-child {
margin-top: 0;
padding-top: 0;
}

a:first-child h1, a:first-child h2, a:first-child h3, a:first-child h4, a:first-child h5, a:first-child h6 {
margin-top: 0;
padding-top: 0;
}

h1+p, h2+p, h3+p, h4+p, h5+p, h6+p {
margin-top: 10px;
}

/* LINKS
=============================================================================*/

a {
color: #4183C4;
text-decoration: none;
}

a:hover {
text-decoration: underline;
}

/* LISTS
=============================================================================*/

ul, ol {
padding-left: 30px;
}

ul li > :first-child,
ol li > :first-child,
ul li ul:first-of-type,
ol li ol:first-of-type,
ul li ol:first-of-type,
ol li ul:first-of-type {
margin-top: 0px;
}

ul ul, ul ol, ol ol, ol ul {
margin-bottom: 0;
}

dl {
padding: 0;
}

dl dt {
font-size: 14px;
font-weight: bold;
font-style: italic;
padding: 0;
margin: 15px 0 5px;
}

dl dt:first-child {
padding: 0;
}

dl dt>:first-child {
margin-top: 0px;
}

dl dt>:last-child {
margin-bottom: 0px;
}

dl dd {
margin: 0 0 15px;
padding: 0 15px;
}

dl dd>:first-child {
margin-top: 0px;
}

dl dd>:last-child {
margin-bottom: 0px;
}

/* CODE
=============================================================================*/

pre, code, tt {
font-size: 12px;
font-family: Consolas, "Liberation Mono", Courier, monospace;
}

code, tt {
margin: 0 0px;
padding: 0px 0px;
white-space: nowrap;
border: 1px solid #eaeaea;
background-color: #f8f8f8;
border-radius: 3px;
}

pre>code {
margin: 0;
padding: 0;
white-space: pre;
border: none;
background: transparent;
}

pre {
background-color: #f8f8f8;
border: 1px solid #ccc;
font-size: 13px;
line-height: 19px;
overflow: auto;
padding: 6px 10px;
border-radius: 3px;
}

pre code, pre tt {
background-color: transparent;
border: none;
}

kbd {
-moz-border-bottom-colors: none;
-moz-border-left-colors: none;
-moz-border-right-colors: none;
-moz-border-top-colors: none;
background-color: #DDDDDD;
background-image: linear-gradient(#F1F1F1, #DDDDDD);
background-repeat: repeat-x;
border-color: #DDDDDD #CCCCCC #CCCCCC #DDDDDD;
border-image: none;
border-radius: 2px 2px 2px 2px;
border-style: solid;
border-width: 1px;
font-family: "Helvetica Neue",Helvetica,Arial,sans-serif;
line-height: 10px;
padding: 1px 4px;
}

/* QUOTES
=============================================================================*/

blockquote {
border-left: 4px solid #DDD;
padding: 0 15px;
color: #777;
}

blockquote>:first-child {
margin-top: 0px;
}

blockquote>:last-child {
margin-bottom: 0px;
}

/* HORIZONTAL RULES
=============================================================================*/

hr {
clear: both;
margin: 15px 0;
height: 0px;
overflow: hidden;
border: none;
background: transparent;
border-bottom: 4px solid #ddd;
padding: 0;
}

/* TABLES
=============================================================================*/

table th {
font-weight: bold;
}

table th, table td {
border: 1px solid #ccc;
padding: 6px 13px;
}

table tr {
border-top: 1px solid #ccc;
background-color: #fff;
}

table tr:nth-child(2n) {
background-color: #f8f8f8;
}

/* IMAGES
=============================================================================*/

img {
max-width: 100%
}
-->

pwnable.kr-flag-Writeup

  • 根据题目提示:This is reversing task. all you need is binary,可知此题实际上应归为reverse;
  • DIE查壳,发现为upx加壳,直接使用upx工具脱壳
  • Linux下运行该文件,发现关键字符串
  • IDA中shift+F12找到关键字符串,并双击关键字符串跳转到对应的函数,得到伪代码如下:
 int __cdecl main(int argc, const char **argv, const char **envp)

 {

   __int64 v3; // rax@1

   puts("I will malloc() and strcpy the flag there. take it.", argv, envp);

   LODWORD(v3) = malloc(100LL);

   sub_400320(v3, flag);

   return ;

 }
  • 由提示I will malloc() and strcpy the flag there. take it.以及代码的流程,直接查看flag,得到字符串:UPX...? sounds like a delivery service :),提交检验正确,则flag即为 UPX...? sounds like a delivery service :) 事实上,shift+F12查找关键字符串时已经出现了flag 2017-2-7 20:54;45

pwnable.kr-flag-Writeup的更多相关文章

  1. 【pwnable.kr】 flag

    pwnable从入门到放弃 第四题 Download : http://pwnable.kr/bin/flag 下载下来的二进制文件,对着它一脸懵逼,题目中说是逆向题,这我哪会啊... 用ida打开看 ...

  2. pwnable.kr simple login writeup

    这道题是pwnable.kr Rookiss部分的simple login,需要我们去覆盖程序的ebp,eip,esp去改变程序的执行流程   主要逻辑是输入一个字符串,base64解码后看是否与题目 ...

  3. pwnable.kr的passcode

    前段时间找到一个练习pwn的网站,pwnable.kr 这里记录其中的passcode的做题过程,给自己加深印象. 废话不多说了,看一下题目, 看到题目,就ssh连接进去,就看到三个文件如下 看了一下 ...

  4. pwnable.kr col之write up

    Daddy told me about cool MD5 hash collision today. I wanna do something like that too! ssh col@pwnab ...

  5. pwnable.kr详细通关秘籍(二)

    i春秋作家:W1ngs 原文来自:pwnable.kr详细通关秘籍(二) 0x00 input 首先看一下代码: 可以看到程序总共有五步,全部都满足了才可以得到flag,那我们就一步一步来看 这道题考 ...

  6. pwnable.kr第二天

    3.bof 这题就是简单的数组越界覆盖,直接用gdb 调试出偏移就ok from pwn import * context.log_level='debug' payload='A'*52+p32(0 ...

  7. [pwnable.kr] - wtf

    Q: I don't understand why my exploit is not working. I need your help. download : http://pwnable.kr/ ...

  8. 【pwnable.kr】 asm

    一道写shellcode的题目, #include <stdio.h> #include <string.h> #include <stdlib.h> #inclu ...

  9. 【pwnable.kr】 brainfuck

    pwnable.kr第二关第一题: ========================================= Download : http://pwnable.kr/bin/bfDownl ...

  10. 【pwnable.kr】 unlink

    pwnable.kr 第一阶段的最后一题! 这道题目就是堆溢出的经典利用题目,不过是把堆块的分配与释放操作用C++重新写了一遍,可参考<C和C++安全编码一书>//不是广告 #includ ...

随机推荐

  1. DVR

    DVR,全称为Digital Video Recorder(硬盘录像机),即数字视频录像机,相对于传统的模拟视频录像机,采用硬盘录像,故常常被称为硬盘录像机.它是一套进行图像计算存储处理的计算机系统, ...

  2. (转)classload和class.forname()区别

    转自:http://carl-java.iteye.com/blog/978680 java中class.forName和classLoader都可用来对类进行加载.前者除了将类的.class文件加载 ...

  3. python3练习100题——030

    这周开始,要重新振作一点吧! 如果每天都想着消费升级,而不是想着如何投入时间精力让自己进步,未来根本就看不到希望. 我想要更认真的活着 live wild 原题链接:http://www.runoob ...

  4. 添加Usb3.0驱动到win7/8/10的usb安装光盘

    文章中所有需要使用到的软件和资源在文章末尾的网盘连接中有下载 Run the DISM GUI Tool Right-click on DISM GUI.exe and select Run as A ...

  5. mybatis-plus - insert

    一. insert 首先看一下 insert.java 的代码: /** * <p> * 根据 ID 删除 * </p> * * @author hubin * @since ...

  6. 【Unity|C#】基础篇(5)——分部类与分部函数(partial)

    [学习资料] <C#图解教程>(第6章):https://www.cnblogs.com/moonache/p/7687551.html 电子书下载:https://pan.baidu.c ...

  7. Java EE 7 API

    学习Java必备资源,下载链接: https://pan.baidu.com/s/1P1xzuoGJCIuZlYBbPSbM_Q 提取码: dtui 复制这段内容后打开百度网盘手机App,操作更方便哦

  8. 【HTML】三种方法使HTML单页面输入密码才能访问

    方法一 <script type="text/javascript"> function password() { var testV = 1; var pass1 = ...

  9. NlogN复杂度寻找数组中两个数字和等于给定值

    算法导论:22页2.3-7 描述一个运行时间为O(nlogn)的算法,找出n个元素的S数组中是否存在两个元素相加等于给定x值 AC解: a=[1,3,6,7,9,15,29] def find2sum ...

  10. 《CSS揭秘》》

    1,透明边框 默认状态下,背景会延伸到边框区域的下层.这样就在半透明的黑色边框中透出了这个容器自己的纯白色背景. 谢天谢地,从w3c的背景与边框第三版开始,我们可以通过 background-clip ...