Skip to content

WeTOFU

Stack5

WeTOFU

Introduction
Introduction
- Welcome
Mata Kuliah
Mata Kuliah
- Mata Kuliah
Cyber Security
Cyber Security
- Topology & Security
- IDS/IPS
- Firewall
- Lab
- TSA CyberOps
  TSA CyberOps
  - Network Security Infrastructure
- Security +
  Security +
  - Security +
  - Comparing Security Roles and Security Controls
- Terminology
- CVE PoC
  CVE PoC
  - CVE-XXX
- Bug Hunter / Pentest
  Bug Hunter / Pentest
  - Learning Sources
  - Methodology
  - Usefull Tools
  - Some Cases
  - Common Framework Vuln
    Common Framework Vuln
    
    Laravel
Jaringan Komputer
Jaringan Komputer
- Intro
- Perangkat Cisco
- IP, Subnet, Wildcard
- OSI Layer
- NET Tools
- Protokol Routing
  Protokol Routing
  - Protokol Routing
  - RIP
  - EIGRP
  - OSPF
  - BGP
- VPN
  VPN
  - PPTP
  - SSTP
  - L2TP
  - OpenVPN
- Route Redistribution
- Packet
  Packet
  - SYN
  - UDP
  - TFTP
  - DNS
  - LDAP
  - MSSQL
  - NTP
  - SNMP
  - SSDP
  - NetBIOS
- Autonomous System
- Access Control List
- VLAN
- Mikrotik
- Arista
- Fortigate
- VirtualBox Network
Cloud Computing
Cloud Computing
- AWS
  AWS
  - AWS
- Google Cloud
  Google Cloud
  - Google Cloud
Kriptografi
Kriptografi
- Theorem
  Theorem
  - GCD & EGCD
  - CRT
  - Modular Multiplicative Inverse
  - Fermat's little theorem
  - Block Cipher
    Block Cipher
    
    ECB
    
    CBC
    
    CFB
    
    OFB
  - Confusion & Diffusion Shannon
  - Feistel Network
  - S-Box
  - Digital Signature
  - Digital Signature Standard
  - MAC
  - Digital Certificate
  - PKCS 1
- RSA
  RSA
- DES
  DES
  - DES Basic
- AES
  AES
  - AES Basic
- RC4
  RC4
  - RC4 Basic
- HASH
  HASH
  - HASH Basic
- El Gamal
  El Gamal
  - El Gamal Basic
- Diffie-Hellman
  Diffie-Hellman
  - Diffie-Hellman Basic
- Blowfish
  Blowfish
  - Blowfish Basic
- Twofish
  Twofish
  - Twofish Basic
- ECC
  ECC
  - ECC Basic
  - Rumus
- NTRU
  NTRU
  - NTRU Basic
AI
AI
- Basics
  Basics
- Deep Learning
  Deep Learning
  - NN
  - ANN
  - CNN
- SVM
  SVM
  - SVM
- Naive Bayes
  Naive Bayes
  - Naive Bayes
- Random Forest
  Random Forest
  - Random Forest
- K-Nearest Neighbors
  K-Nearest Neighbors
  - K-Nearest Neighbors
- K-means
  K-means
  - K-means
- Apriori
  Apriori
  - Apriori
- Logistic Regression
  Logistic Regression
  - Logistic Regression
- Boosting
  Boosting
  - Boosting
CTF
CTF
- CTF
- Binary Exploitation
  Binary Exploitation
  - Basic
  - Stack
    Stack
    
    Stack
    
    Stack0
    
    Stack1
    
    Stack2
    
    Stack3
    
    Stack4
    
    Stack5 Stack5
    Table of contents
    
    Soal
    
    Solusi
    
    Stack6
  - Format
    Format
    
    Format
    
    Format0
    
    Format1
    
    Format2
    
    Format3
    
    Format4
  - Bind Shellcode
  - Return to libc
  - Heap Memory
    Heap Memory
    
    Heap Memory
    
    glibc
    glibc
    
    malloc chunk
    
    malloc state
    
    bins & chunks
    
    internal functions
    
    core functions
    
    security checks
    
    exploit
    exploit
    
    First Fit
  - Net & Final
    Net & Final
    
    Net0
    
    Net1
    
    Net2
    
    Final0
    
    Final1
    
    Final2
- web vuln
- Writeup
  Writeup
  - Overthewire
    Overthewire
    
    Bandit
    
    Natas
    
    Leviathan
  - Hackthebox
    Hackthebox
    
    Hackthebox
    
    Meow
    
    Fawn
    
    Dancing
    
    Redeemer
    
    Explosion
    
    Preignition
    
    Appointment
    
    Sequel
    
    Crocodile
    
    Responder
    
    Ignition
    
    Bike
    
    Pennyworth
    
    Tactics
    
    Archetype
    
    Oopsie
    
    Vaccine
    
    Unified
    
    Included
    
    Markup
    
    Jeeves
    
    Bat Computer
    
    Optimistic
    
    Reg
    
    HTB Console
    
    PwnShop
    
    Lame
    
    Jerry
    
    Netmon
    
    Blue
    
    Emdee five for life
    
    Heist
    
    OpenAdmin
    
    Curling
  - VishwaCTF2022
    VishwaCTF2022
    
    Hey Buddy
    
    Todo List
    
    Keep Your Secrets
    
    John the Rocker
  - zer0ptsCTF2022, Anti-Fermat
  - Nahamcon 2022
    Nahamcon 2022
    
    Baby RSA Quiz
    
    XORROX
    
    Steam Locomotive
    
    A Wild Ride
    
    Ostrich
  - Cyber Apocalypse 2022
    Cyber Apocalypse 2022
    
    Space pirate, Going Deeper
    
    Android-in-the-Middle
    
    Jenny From The Block
    
    The Three-Eyed Oracle
    
    How The Columns Have Turned
    
    WIDE
    
    Omega One
    
    Rebuilding
    
    Without a Trace
    
    Snakecode
- Programing language
  Programing language
  - python
    python
    
    Linkedlist
  - c++
  - php
Tools
Tools
- sqlmap
- Nmap
- Curl
- Tcpdump
- GDB
- Radare2
- Cutter
- fcrackzip
- ngrok
- Netcat
- Shell Script
  Shell Script
  - Shell Script
  - Special Character
  - Operators
  - Array
  - Decision
  - Loop
- OpenSSL
- Archive File
- Hydra
- IronBee
- ModSecurity
- Commix
- Burp Suite
- OWASP
- Maltego
- GNS3
- Zabbix
- Snort
Tips
Tips
- Guide This Web
- Mdbook
- Github
- Install / Remove .deb in ubuntu
- Install sql server ubuntu 20.04
- Setting IP Static
- HTTPS in Local Network (Ubuntu Server 20.04)
- SSH with rsakey
- IT Career Roadmap
- Wlan Monitor Mode
- Wifi Hacking
- Virtualbox
- Install Spesific Python version
- Path variable terminal
- Linux Users & Groups
- Replikasi Onnocenter
- Install Moodle
- Install ROS
  Install ROS
- Hapus Dual Boot
- Membuat File ISO
- Docker
- Python Email
- Keylogger
- Phising
- Random
Blog
Blog
- Index
- Archive
  Archive
  - 2024
  - 2023

Stack Five¶

Soal¶

/*
 * phoenix/stack-five, by https://exploit.education
 *
 * Can you execve("/bin/sh", ...) ?
 *
 * What is green and goes to summer camp? A brussel scout.
 */

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>

#define BANNER \
  "Welcome to " LEVELNAME ", brought to you by https://exploit.education"

char *gets(char *);

void start_level() {
  char buffer[128];
  gets(buffer);
}

int main(int argc, char **argv) {
  printf("%s\n", BANNER);
  start_level();
}

Solusi¶

$ file stack-five 
stack-five: setuid, setgid ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /opt/phoenix/x86_64-linux-musl/lib/ld-musl-x86_64.so.1, not stripped

$ checksec --file=stack-five
RELRO           STACK CANARY      NX            PIE             RPATH      RUNPATH  Symbols     FORTIFY Fortified   Fortifiable FILE
No RELRO        No canary found   NX disabled   No PIE          RW-RPATH   No RUNPATH   56 Symbols    No    0       1       stack-five

Vuln:

No PIE
No RELRO
No canary found
NX disabled