kazma's blog

HackTheBox-Challenges Entity Writeup

Exploitation這題要考的是 Union 的類型混淆，DataStore 的宣告如下： 1234static union { unsigned long long integer; char string[8];...
2024-11-08
htb

| challenges

| writeup'
Read moreHackTheBox-Challenges Entity Writeup
HackTheBox-Challenges Vault-breaker Writeup

Exploitation這題保護全開，然後程式主邏輯如下： 1234567891011121314151617181920212223242526272829303132333435363738394041unsigned __int64 new_k...
2024-11-07
htb

| challenges

| writeup'
Read moreHackTheBox-Challenges Vault-breaker Writeup
HackTheBox-Challenges Space pirate: Retribution Writeup

Exploitation直接來看這題的主邏輯和保護機制：PIE 有開，有 canary，所以要 leak stack variable 然後 ret2libc 12345678└─$ checksec ./sp_retribution[*] &#x...
2024-11-06
htb

| challenges

| writeup'
Read moreHackTheBox-Challenges Space pirate: Retribution Writeup
HackTheBox-Challenges Space pirate: Entrypoint Writeup

Exploitation直接放上題目關鍵邏輯的反編譯： 123456789101112131415161718192021222324252627282930313233// local variable allocation has failed,...
2024-11-05
htb

| challenges

| writeup'
Read moreHackTheBox-Challenges Space pirate: Entrypoint Writeup
HackTheBox-Challenges WIDE Writeup

Exploitation這題用 ida 開起來後就會看到 usage 是要帶上他附給我們的 db 當作參數傳進去 ELF，接著如下： 123456789101112131415161718192021222324252627└─$ ./wide db...
2024-11-04
htb

| challenges

| writeup'
Read moreHackTheBox-Challenges WIDE Writeup
HackTheBox-Challenges Compressor Writeup

Exploitation直接放解法： 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575...
2024-11-04
htb

| challenges

| writeup'
Read moreHackTheBox-Challenges Compressor Writeup
HackTheBox-Challenges SpookTastic Writeup

Exploitation我們直接來看主程式： 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555...
2024-11-02
htb

| challenges

| writeup'
Read moreHackTheBox-Challenges SpookTastic Writeup
HackTheBox-Challenges Juggling facts Writeup

Exploitation這題是 web，我們逛一下網站後會看到沒有明顯的輸入點，但是有三個按鈕會呈現不同的頁面，我們來看一下 code。 123456789101112131415161718<?php spl_autoload_registe...
2024-11-02
htb

| challenges

| writeup'
Read moreHackTheBox-Challenges Juggling facts Writeup
HackTheBox-Challenges SPG Writeup

Exploitation首先題目附給我們 source.py 以及 output.txt，其中程式的主邏輯如下： 12345678910111213141516171819202122232425262728293031323334353637383...
2024-11-01
htb

| challenges

| writeup'
Read moreHackTheBox-Challenges SPG Writeup
HackTheBox-Challenges FlagCasino Writeup

Exploitation這是一題逆向，因為程式不長就直接放上來： 1234567891011121314151617181920212223242526272829303132333435int __fastcall main(int argc, c...
2024-11-01
htb

| challenges

| writeup'
Read moreHackTheBox-Challenges FlagCasino Writeup

123 4…12