cryptoCTF2024-Writeup
2024-06-22 1.7k words 9 mins

cryptoCTF2024-Writeup

CryptoCTF 2024 Author:堇姬 Rank: 29th Warm-up 🤑Welcome! 👋Crtl+cCrtl+v CCTF{Harn3sS_Y0ur_CrYptO9rAphy_Pr0wEs5_💪_⚡_💥_🔥!} Easy 😁Alibossource code123456789101112131415161718192021222324252627282930from Crypto.Util.number import *from gmpy2 import *from secret import d, flagget_context().precisi
CryptoHack-ECC
2024-06-14 16 words 1 min

CryptoHack-ECC

CryptoHack ECC先看這裡,之後再整理 https://hackmd.io/@naup96321/rkV3ELFRT
Stack-Migration
2024-05-21 805 words 3 mins

Stack-Migration

Stack migration(pivoting) Author: 堇姬Naup 概念 可輸入的 ROPchain 長度不夠時,可以擴展輸入的方法,將 ROPchain 分好幾次寫在指定的區域,最後再將 stack 移動過去執行 如果找到其他地方有足夠空間放ROP,就可以用較少的gadget數,來將stack搬移至ROP位置,進行ROP leave實際上做了兩件事 12mov rsp, rbppop rbp 方法leave;ret 透過overflow將rbp填成ROP Chain開始位置address-8 return address填入leave;ret 的gadget 有一塊
ROP-EZROP(b33f adv_pwn)
2024-05-17 787 words 4 mins

ROP-EZROP(b33f adv_pwn)

ROP-EZROP(b33f adv_pwn) Author:堇姬 確認保護 開NX沒辦法寫shellcode,另外他開了canary,但其實沒開(沒有check canary的判斷式) 如果有開會有這個 source coderead的buffer overflow一樣給好給滿 12345678910#include <stdio.h>int main(){ char buf[0x40]; setvbuf(stdin,0,_IONBF,0); setvbuf(stdout,0,_IONBF,0); printf("
THJCC-official-Writeup
2024-05-05 1.8k words 8 mins

THJCC-official-Writeup

THJCC CTF official writeup Author:堇姬Naup Source Code : https://github.com/Naupjjin/THJCC-CTF-source-code CryptoJPG^PNG=?source1234567891011121314from itertools import cycledef xor(a, b): return [i^j for i, j in zip(a, cycle(b))]KEY= open("key.png", "rb").read()FLAG = ope
Intigriti-August-XSS-challenge
2024-04-27 2.6k words 14 mins

Intigriti-August-XSS-challenge

Intigriti’s August XSS challenge Author:堇姬Naup 題目https://challenge-0823.intigriti.io/有一個計算機可以輸入東西,只要有執行alert(document.domain)就可以過了 Source code1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283
Assembly-x86
2024-04-25 479 words 2 mins

Assembly-x86

組合語言 Author:堇姬 電腦底層架構與程式執行相關硬體 CPU 實際運算硬體,配有暫存器,儲存運算資料 RAM 記憶體 指令集架構先設計好指令集架構再設計電路。 常見: x86/x86-64 ARM MIPS 大部分用的是intel x86/x86-64架構 CPU暫存器隨設計而改變用途 名稱 意思 rax accumulator rbx base rcx count rdx data 固定用途 名稱 意思 rsi source index rdi destination index rbp base poi
ROP-chall-1
2024-04-25 306 words 1 min

ROP-chall-1

ROP-chall Author:堇姬 題目來源ICED的pwn題目https://ctf.nicewhite.xyz/ 確認保護看到有開Stack canary,但溢出後卻沒有報stack canary的錯誤,所以應該是沒開。另外他有開NX,所以沒辦法寫shellcode 分析ASM有gets 可以BOF,不過沒有其他function可以return過去,所以應該是要ROP 堆ROP execve(‘bin/sh’) 暫存器 值 rax 0x3b rdi 要執行的參數值(/bin/sh) rsi argv(這裡=0) rdx
Lucas-Sequence
2024-03-31 28 words 1 min

Lucas-Sequence

Lucas Sequence 盧卡斯數列 Author:堇姬 先看這個連結(還在處理LaTeX問題QQ)https://hackmd.io/@naup96321/B1Y7vqUyC
VishwaCTF-2024-Writeup
2024-03-30 4.5k words 25 mins

VishwaCTF-2024-Writeup

VishwaCTF 2024 writeup Team: CakeisTheFake(單人)Rank: 31/1039Author: Naup堇姬 MiscWho am I? WebSave The City1234567DESCRIPTIONThe RAW Has Got An Input That ISIS Has Planted a Bomb Somewhere In The Pune! Fortunetly, RAW Has Infiltratrated The Internet Activity of One Suspect And They Found This Lin