howdays

JIN's Lab

Development

gdb thread attach 기능 추가

~/Pwngdb/pwngdb.py 수정 https://github.com/scwuaptx/Pwngdb def at(self,*arg): “”” Attach by processname “”” (processname,) = normalize_argv(arg,1) if not processname : processname = getprocname(relative=True) if not processname : print(“Attaching program: “) print(“No executable file specified.”)… Continue Reading

Etc

iptime arm qemu설정

https://people.debian.org/~aurel32/qemu/armhf/ wget으로 다운 받는다 wget https://people.debian.org/\~aurel32/qemu/armhf/debian_wheezy_armhf_standard.qcow2 wget https://people.debian.org/\~aurel32/qemu/armhf/initrd.img-3.2.0-4-vexpress wget https://people.debian.org/\~aurel32/qemu/armhf/vmlinuz-3.2.0-4-vexpress start.sh #!/bin/sh qemu-system-arm -M vexpress-a9 -kernel ~/Hacking/kernel/kernels/arm/armhf/vmlinuz-3.2.0-4-vexpress -initrd ~/Hacking/kernel/kernels/arm/armhf/initrd.img-3.2.0-4-vexpress -drive if=sd,file=/mnt/hgfs/howdays/Desktop/Hacking/kernel/kernels/arm/armhf/debian_wheezy_armhf_standard.qcow2 -append “root=/dev/mmcblk0p2” -nographic -redir tcp:9000::80 -redir tcp:9022::22 실행한다음 root/root으로… Continue Reading

Development

hexdump in C

void hexdump(char *buf, size_t len) { int i , j; for(i=0; i<len/16+1; i++) { printf(“%02d | “,i); for(j=0; j<16; j++) { if(i*16+j >= len) break; printf(“%02x “,buf[i*16+j]&0xff); } printf(“| “);… Continue Reading

Research

2.29 malloc exploit

모든 자료는 https://github.com/hOwD4yS/glibc_2_29_malloc 에 있습니다 if (tcache != NULL && tc_idx < mp_.tcache_bins) { /* Check to see if it’s already in the tcache. */ tcache_entry *e = (tcache_entry *) chunk2mem… Continue Reading

Write-up

Codegate 2018 7amebox1

mic_check.firm를 읽고 7bit vm에서 돌아가는 간단한 프로그램이다 쉽게 알아보기 위해 asm형식으로 바꾸는 코드를 만들었다. 7amebox1_disasm.py , 7amebox1_trace.py , 7amebox1_exploit.py , 7amebox1_asm https://github.com/hOwD4yS/CTF/tree/master/2018/codegate_qual/7amebox1 취약점은 간단하다. 7amebox_asm을 보면 0x4e : mov r6… Continue Reading