add 6.1.18

firmianay · Apr 21, 2018 · 6382831 · 6382831
1 parent d07a110
commit 6382831
Show file tree

Hide file tree

Showing 8 changed files with 35 additions and 4 deletions.
diff --git a/SUMMARY.md b/SUMMARY.md
@@ -138,8 +138,9 @@ GitHub 地址：https://github.com/firmianay/CTF-All-In-One
     * [6.1.13 pwn 34C3CTF2017 readme_revenge](doc/6.1.13_pwn_34c3ctf2017_readme_revenge.md)
     * [6.1.14 pwn 32C3CTF2015 readme](doc/6.1.14_pwn_32c3ctf2015_readme.md)
     * [6.1.15 pwn 34C3CTF2017 SimpleGC](doc/6.1.15_pwn_34c3ctf2017_simplegc.md)
-    * [6.1.16 pwn HITBGSECCTF2017 1000levels](doc/6.1.16_pwn_hitbgsecctf2017_1000levels.md)
+    * [6.1.16 pwn HITBCTF2017 1000levels](doc/6.1.16_pwn_hitbctf2017_1000levels.md)
     * [6.1.17 pwn SECCONCTF2016 jmper](doc/6.1.17_pwn_secconctf2016_jmper.md)
+    * [6.1.18 pwn HITBCTF2017 Sentosa](doc/6.1.18_pwn_hitbctf2017_sentosa.md)
   * re
     * [6.2.1 re XHPCTF2017 dont_panic](doc/6.2.1_re_xhpctf2017_dont_panic.md)
     * [6.2.2 re ECTF2016 tayy](doc/6.2.2_re_ectf2016_tayy.md)

diff --git a/doc/6.1.16_pwn_hitbgsecctf2017_1000levels.md → doc/6.1.16_pwn_hitbctf2017_1000levels.md b/doc/6.1.16_pwn_hitbgsecctf2017_1000levels.md → doc/6.1.16_pwn_hitbctf2017_1000levels.md
@@ -1,12 +1,12 @@
-# 6.1.16 pwn HITBGSECCTF2017 1000levels
+# 6.1.16 pwn HITBCTF2017 1000levels
 
 - [题目复现](#题目复现)
 - [题目解析](#题目解析)
 - [Exploit](#exploit)
 - [参考资料](#参考资料)
 
 
-[下载文件](../src/writeup/6.1.16_pwn_hitbgsecctf2017_1000levels)
+[下载文件](../src/writeup/6.1.16_pwn_hitbctf2017_1000levels)
 
 ## 题目复现
 ```

diff --git a/doc/6.1.18_pwn_hitbctf2017_sentosa.md b/doc/6.1.18_pwn_hitbctf2017_sentosa.md
@@ -0,0 +1,29 @@
+# 6.1.18 pwn HITBCTF2017 Sentosa
+
+- [题目复现](#题目复现)
+- [题目解析](#题目解析)
+- [Exploit](#exploit)
+- [参考资料](#参考资料)
+
+
+[下载文件](../src/writeup/6.1.18_pwn_hitbctf2017_sentosa)
+
+## 题目复现
+```
+$ file sentosa                   
+sentosa: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=556ed41f51d01b6a345af2ffc2a135f7f8972a5f, stripped
+$ checksec -f sentosa 
+RELRO           STACK CANARY      NX            PIE             RPATH      RUNPATH      FORTIFY Fortified Fortifiable  FILE
+Full RELRO      Canary found      NX enabled    PIE enabled     No RPATH   No RUNPATH   Yes     1               3       sentosa
+$ strings libc.so.6| grep "GNU C"
+GNU C Library (Ubuntu GLIBC 2.23-0ubuntu4) stable release version 2.23, by Roland McGrath et al.
+Compiled by GNU CC version 5.4.0 20160609.
+```
+
+
+## 题目解析
+
+## Exploit
+
+## 参考资料
+- https://ctftime.org/task/4460
diff --git a/doc/6_writeup.md b/doc/6_writeup.md
@@ -16,8 +16,9 @@
   - [6.1.13 pwn 34C3CTF2017 readme_revenge](6.1.13_pwn_34c3ctf2017_readme_revenge.md)
   - [6.1.14 pwn 32C3CTF2015 readme](6.1.14_pwn_32c3ctf2015_readme.md)
   - [6.1.15 pwn 34C3CTF2017 SimpleGC](6.1.15_pwn_34c3ctf2017_simplegc.md)
-  - [6.1.16 pwn HITBGSECCTF2017 1000levels](6.1.16_pwn_hitbgsecctf2017_1000levels.md)
+  - [6.1.16 pwn HITBCTF2017 1000levels](6.1.16_pwn_hitbctf2017_1000levels.md)
   - [6.1.17 pwn SECCONCTF2016 jmper](6.1.17_pwn_secconctf2016_jmper.md)
+  - [6.1.18 pwn HITBCTF2017 Sentosa](6.1.18_pwn_hitbctf2017_sentosa.md)
 - re
   - [6.2.1 re XHPCTF2017 dont_panic](6.2.1_re_xhpctf2017_dont_panic.md)
   - [6.2.2 re ECTF2016 tayy](6.2.2_re_ectf2016_tayy.md)

diff --git a/...pwn_hitbgsecctf2017_1000levels/1000levels → ....16_pwn_hitbctf2017_1000levels/1000levels b/...pwn_hitbgsecctf2017_1000levels/1000levels → ....16_pwn_hitbctf2017_1000levels/1000levels
diff --git a/..._pwn_hitbgsecctf2017_1000levels/libc.so.6 → ...1.16_pwn_hitbctf2017_1000levels/libc.so.6 b/..._pwn_hitbgsecctf2017_1000levels/libc.so.6 → ...1.16_pwn_hitbctf2017_1000levels/libc.so.6
diff --git a/src/writeup/6.1.18_pwn_hitbctf2017_sentosa/libc.so.6 b/src/writeup/6.1.18_pwn_hitbctf2017_sentosa/libc.so.6
diff --git a/src/writeup/6.1.18_pwn_hitbctf2017_sentosa/sentosa b/src/writeup/6.1.18_pwn_hitbctf2017_sentosa/sentosa