Daddy told me about cool MD5 hash collision today. I wanna do something like that too! ssh col@pwnable.kr -p2222 (pw:guest) 先看源代码: #include <stdio.h> #include <string.h> unsigned long hashcode = 0x21DD09EC; unsigned long check_password(const c…
I made a simple brain-fuck language emulation program written in C. The [ ] commands are not implemented yet. However the rest functionality seems working fine. Find a bug and exploit it to get a shell. Download : http://pwnable.kr/bin/bf Download :…
Q: I don't understand why my exploit is not working. I need your help. download : http://pwnable.kr/bin/wtf download : http://pwnable.kr/bin/wtf.py Running at : nc pwnable.kr 9015 write-ups: Thanks to the pipe in Kernel is 4KB. if we fill it over 4KB…
这道题是上一个cmd1的升级版 ssh cmd2@pwnable.kr -p2222 (pw:mommy now I get what PATH environmentis for :)) 登录之后,还是审计一下源代码: #include <stdio.h> #include <string.h> int filter(char* cmd){ ; r += strstr(cmd, ; r += strstr(cmd, ; r += strstr(cmd, ; r += strstr…