PWNABLE.KR - LOGIN

'pwnable.kr' is a non-commercial wargame site which provides various pwn challenges regarding system exploitation. the main purpose of pwnable.kr is 'fun'.please consider each of the challenges as a game. But, if you want to just study pwn-related stuffs, check out the following video lectures.

LOGIN - PWNABLE.KR

*passwords are encrypted. but avoid using important password (i.e., password for your google account).

PWNABLE.KR

pwned (8446) times. early 30 pwners are :

PWNABLE.KR

#include #include int key1(){ asm("mov r3, pc "); } int key2(){ asm( "push {r6} " "add r6, pc, $1 " "bx r6 " ".code 16 " "mov r3, pc " "add

r3, $0x4 " "push

PWNABLE.KR

// adding a new system call : sys_upper #include #include #include #include #include #include #include #include #define SYS_CALL_TABLE 0x8000e348 // manually PWNABLE.KRTRANSLATE THIS PAGE ELF > ° @@€!@8 @ @@@@@ø ø 8 8 @8 @ @@¤ ¤ ( ( `( `0 € P P `P ` T T @T @DD Påtd ¸ ¸ @¸ @dd Qåtd Råtd ( ( `( `Ø Ø /lib64/ld-linux-x86-64.so.2 GNU PWNABLE.KRTRANSLATE THIS PAGE ƒø w óøÀtõU‰åƒì Ç $ ÿÐÉà t&¸ - Áø ‰ÂÁê ÐÑøu óúÒtõU‰åƒì ‰D$ Ç $ ` ý 0 ˆ ¦  4 Ï ß î 8 û ,ˆ 9 ‡ a I @ Z m ’ ¤ — à„ ž (ˆ ¥ ` · à q† " È Ü

è „ Ü

PWNABLE.KRTRANSLATE THIS PAGE Sƒì è+ Ãk+‹ƒüÿÿÿÀt è–ƒÄ [Ãÿ5 ° ÿ% ° ÿ% ° héàÿÿÿÿ% ° h éÐÿÿÿÿ% ° h éÀÿÿÿÿ% ° h é°ÿÿÿÿ% ° h é ÿÿÿÿ% ° h(é ÿÿÿÿ%$° h0é€ÿÿÿÿ%(° h8épÿÿÿÿ%,° h@é`ÿÿÿÿ%0° hHéPÿÿÿÿ%4° hPé@ÿÿÿÿ%8° hXé0ÿÿÿÿ% PWNABLE.KRTRANSLATE THIS PAGE ñÿC h I e " Ž › « ½ Ì Ù ˆ è , ^ ° a , ñÿ 0 & „ - $

ñÿ9 Š > R t

crtstuff.c__CTOR_LIST____DTOR_LIST____JCR_LIST____do_global_dtors_auxcompleted WWW.PWNABLE.KRTRANSLATE THIS PAGE u ‹Eôƒè E ¶=u ÇEð ë ‹Eôƒè E ¶

PWNABLE.KR - LOGIN

'pwnable.kr' is a non-commercial wargame site which provides various pwn challenges regarding system exploitation. the main purpose of pwnable.kr is 'fun'.please consider each of the challenges as a game. But, if you want to just study pwn-related stuffs, check out the following video lectures.

LOGIN - PWNABLE.KR

*passwords are encrypted. but avoid using important password (i.e., password for your google account).

PWNABLE.KR

pwned (8446) times. early 30 pwners are :

PWNABLE.KR

#include #include int key1(){ asm("mov r3, pc "); } int key2(){ asm( "push {r6} " "add r6, pc, $1 " "bx r6 " ".code 16 " "mov r3, pc " "add

r3, $0x4 " "push

PWNABLE.KR

// adding a new system call : sys_upper #include #include #include #include #include #include #include #include #define SYS_CALL_TABLE 0x8000e348 // manually PWNABLE.KRTRANSLATE THIS PAGE ELF > ° @@€!@8 @ @@@@@ø ø 8 8 @8 @ @@¤ ¤ ( ( `( `0 € P P `P ` T T @T @DD Påtd ¸ ¸ @¸ @dd Qåtd Råtd ( ( `( `Ø Ø /lib64/ld-linux-x86-64.so.2 GNU PWNABLE.KRTRANSLATE THIS PAGE ƒø w óøÀtõU‰åƒì Ç $ ÿÐÉà t&¸ - Áø ‰ÂÁê ÐÑøu óúÒtõU‰åƒì ‰D$ Ç $ ` ý 0 ˆ ¦  4 Ï ß î 8 û ,ˆ 9 ‡ a I @ Z m ’ ¤ — à„ ž (ˆ ¥ ` · à q† " È Ü

è „ Ü

PWNABLE.KRTRANSLATE THIS PAGE Sƒì è+ Ãk+‹ƒüÿÿÿÀt è–ƒÄ ¼ÒtZ&ƒÆw � PWNABLE.KRTRANSLATE THIS PAGE ELF ﾐ・4・ 4 (FE 444@ @ xP xP xP \・\・ ・ ・澹 ｰ ｰ ｰ ・・ t t t DD ・ H P蚯d訓 訓 訓 彗彗 Q蚯d R蚯d・ ﾄ ﾄ GNUﾝQ挑i・ﾖﾊhｦｫW@ 梹ﾆxｧ GNU ・ 0 D ・謳AE・・ E・`ﾀ ・ 0 @2 ｪ・6l 8&о・ B$ ｦ､ cﾈﾂ ﾀR!・ ｨ (jP ﾊDB ・B0X ﾉP P @P D @・ !ﾀB⇒ ﾙ・・ B拭 D. ｢｢ ;・P・ﾅ B (a・` D・ 嫖 Hmｬ ・4 ` A8Fｰﾀd PWNABLE.KRTRANSLATE THIS PAGE ELF p・ 4ｼ$4 ( 44 4 4 4・ 4・ T T ・・ ﾐﾐ L L・ L・ P蚯d ・ ・ Q蚯d /libexec/ld-elf.so.1 FreeBSD袷 %( % !' & # $" 0 / 3 ﾔ

^ ・2 ・x｡

PWNABLE.KR - LOGIN

'pwnable.kr' is a non-commercial wargame site which provides various pwn challenges regarding system exploitation. the main purpose of pwnable.kr is 'fun'.please consider each of the challenges as a game. But, if you want to just study pwn-related stuffs, check out the following video lectures.

LOGIN - PWNABLE.KR

*passwords are encrypted. but avoid using important password (i.e., password for your google account).

PWNABLE.KR

pwned (8446) times. early 30 pwners are :

PWNABLE.KR

#include #include int key1(){ asm("mov r3, pc "); } int key2(){ asm( "push {r6} " "add r6, pc, $1 " "bx r6 " ".code 16 " "mov r3, pc " "add

r3, $0x4 " "push

PWNABLE.KR

// adding a new system call : sys_upper #include #include #include #include #include #include #include #include #define SYS_CALL_TABLE 0x8000e348 // manually

PWNABLE.KR

// compiled with : gcc -o memcpy memcpy.c -m32 -lm #include #include #include #include #include #include #include unsigned long long rdtsc(){ asm("rdtsc"); } char PWNABLE.KRTRANSLATE THIS PAGE ƒø w óøÀtõU‰åƒì Ç $ ÿÐÉà t&¸ - Áø ‰ÂÁê ÐÑøu óúÒtõU‰åƒì ‰D$ Ç $ ` ý 0 ˆ ¦  4 Ï ß î 8 û ,ˆ 9 ‡ a I @ Z m ’ ¤ — à„ ž (ˆ ¥ ` · à q† " È Ü

è „ Ü

PWNABLE.KRTRANSLATE THIS PAGE ñÿC h I e " Ž › « ½ Ì Ù ˆ è , ^ ° a , ñÿ 0 & „ - $

ñÿ9 Š > R t

crtstuff.c__CTOR_LIST____DTOR_LIST____JCR_LIST____do_global_dtors_auxcompleted PWNABLE.KRTRANSLATE THIS PAGE Sƒì è+ Ãk+‹ƒüÿÿÿÀt è–ƒÄ [Ãÿ5 ° ÿ% ° ÿ% ° héàÿÿÿÿ% ° h éÐÿÿÿÿ% ° h éÀÿÿÿÿ% ° h é°ÿÿÿÿ% ° h é ÿÿÿÿ% ° h(é ÿÿÿÿ%$° h0é€ÿÿÿÿ%(° h8épÿÿÿÿ%,° h@é`ÿÿÿÿ%0° hHéPÿÿÿÿ%4° hPé@ÿÿÿÿ%8° hXé0ÿÿÿÿ% WWW.PWNABLE.KRTRANSLATE THIS PAGE u ‹Eôƒè E ¶=u ÇEð ë ‹Eôƒè E ¶

PWNABLE.KR - LOGIN

'pwnable.kr' is a non-commercial wargame site which provides various pwn challenges regarding system exploitation. the main purpose of pwnable.kr is 'fun'.please consider each of the challenges as a game. But, if you want to just study pwn-related stuffs, check out the following video lectures.

LOGIN - PWNABLE.KR

*passwords are encrypted. but avoid using important password (i.e., password for your google account).

PWNABLE.KR

pwned (8446) times. early 30 pwners are :

PWNABLE.KR

#include #include int key1(){ asm("mov r3, pc "); } int key2(){ asm( "push {r6} " "add r6, pc, $1 " "bx r6 " ".code 16 " "mov r3, pc " "add

r3, $0x4 " "push

PWNABLE.KR

// adding a new system call : sys_upper #include #include #include #include #include #include #include #include #define SYS_CALL_TABLE 0x8000e348 // manually

PWNABLE.KR

// compiled with : gcc -o memcpy memcpy.c -m32 -lm #include #include #include #include #include #include #include unsigned long long rdtsc(){ asm("rdtsc"); } char PWNABLE.KRTRANSLATE THIS PAGE ƒø w óøÀtõU‰åƒì Ç $ ÿÐÉà t&¸ - Áø ‰ÂÁê ÐÑøu óúÒtõU‰åƒì ‰D$ Ç $ ` ý 0 ˆ ¦  4 Ï ß î 8 û ,ˆ 9 ‡ a I @ Z m ’ ¤ — à„ ž (ˆ ¥ ` · à q† " È Ü

è „ Ü

PWNABLE.KRTRANSLATE THIS PAGE ñÿC h I e " Ž › « ½ Ì Ù ˆ è , ^ ° a , ñÿ 0 & „ - $

ñÿ9 Š > R t

crtstuff.c__CTOR_LIST____DTOR_LIST____JCR_LIST____do_global_dtors_auxcompleted PWNABLE.KRTRANSLATE THIS PAGE Sƒì è+ Ãk+‹ƒüÿÿÿÀt è–ƒÄ [Ãÿ5 ° ÿ% ° ÿ% ° héàÿÿÿÿ% ° h éÐÿÿÿÿ% ° h éÀÿÿÿÿ% ° h é°ÿÿÿÿ% ° h é ÿÿÿÿ% ° h(é ÿÿÿÿ%$° h0é€ÿÿÿÿ%(° h8épÿÿÿÿ%,° h@é`ÿÿÿÿ%0° hHéPÿÿÿÿ%4° hPé@ÿÿÿÿ%8° hXé0ÿÿÿÿ% WWW.PWNABLE.KRTRANSLATE THIS PAGE u ‹Eôƒè E ¶=u ÇEð ë ‹Eôƒè E ¶ PWNABLE.KRTRANSLATE THIS PAGE ELF ¸ 4 2 4 ( € € ½ ½ 4 4¯ 4¯ „@ ôô€ ô€ DD 4 4¯ 4¯ ( Qåtd Råtd4 4¯ 4¯ ÌÌ GNU GNUàžÇ T@ ‹Mä‰Mà‰Â‰øëNƒê K‹ xü‰Hüu>9òv:‹M xø‰Hø‹Eà ¾ „Ûx €û u ‰øƒê ƒè ‹ 9ò‰ wòë „Ût ÿEàë ‹Mà ¾Yÿ‰ø9òw® eô U

PWNABLE.KR

#!/usr/bin/python from Crypto.Cipher import AES import base64 import os, sys import xmlrpclib rpc = xmlrpclib.ServerProxy("http://localhost:9100/") BLOCK_SIZE = 16 PWNABLE.KRTRANSLATE THIS PAGE ELF > ` @@¨!@8 @ @@@@@ø ø 8 8 @8 @ @@œ œ ( ( `( `X @ P P `P ` T T @T @DD Påtd à à @à @ŒŒ Qåtd Råtd ( ( `( `Ø Ø /lib64/ld-linux-x86-64.so PWNABLE.KRTRANSLATE THIS PAGE ELF > ° @@€!@8 @ @@@@@ø ø 8 8 @8 @ @@D D ( ( `( `0 € P P `P ` T T @T @DD Påtd X X @X @dd Qåtd Råtd ( ( `( `Ø Ø /lib64/ld-linux-x86-64.so.2 PWNABLE.KRTRANSLATE THIS PAGE ELF > @@` @8 @ @@@@@ø ø 8 8 @8 @ @@ ( ( `( ` P P `P ` T T @T @DD Påtd è è @è @ Qåtd Råtd ( ( `( `Ø Ø /lib64/ld-linux-x86-64.so.2 GNU GNUñ)98oX‰™ »3á PWNABLE.KRTRANSLATE THIS PAGE ELF > ° @@€!@8 @ @@@@@ø ø 8 8 @8 @ @@¤ ¤ ( ( `( `0 € P P `P ` T T @T @DD Påtd ¸ ¸ @¸ @dd Qåtd Råtd ( ( `( `Ø Ø /lib64/ld-linux-x86-64.so.2 GNU PWNABLE.KRTRANSLATE THIS PAGE Sƒì è+ Ãk+‹ƒüÿÿÿÀt è–ƒÄ ¼ÒtZ&ƒÆw � PWNABLE.KRTRANSLATE THIS PAGE ELF ﾐ・4・ 4 (FE 444@ @ xP xP xP \・\・ ・ ・澹 ｰ ｰ ｰ ・・ t t t DD ・ H P蚯d訓 訓 訓 彗彗 Q蚯d R蚯d・ ﾄ ﾄ GNUﾝQ挑i・ﾖﾊhｦｫW@ 梹ﾆxｧ GNU ・ 0 D ・謳AE・・ E・`ﾀ ・ 0 @2 ｪ・6l 8&о・ B$ ｦ､ cﾈﾂ ﾀR!・ ｨ (jP ﾊDB ・B0X ﾉP P @P D @・ !ﾀB⇒ ﾙ・・ B拭 D. ｢｢ ;・P・ﾅ B (a・` D・ 嫖 Hmｬ ・4 ` A8Fｰﾀd PWNABLE.KRTRANSLATE THIS PAGE ELF p・ 4ｼ$4 ( 44 4 4 4・ 4・ T T ・・ ﾐﾐ L L・ L・ P蚯d ・ ・ Q蚯d /libexec/ld-elf.so.1 FreeBSD袷 %( % !' & # $" 0 / 3 ﾔ

^ ・2 ・x｡

LOGIN

ID

PW

ID

JOIN

*passwords are encrypted. but avoid using important password (i.e., password for your google account).

ID

NAME

E-MAIL

PW

PW Confirm

Input valid E-MAIL if you want wechall scoring and password recovery

Login first i

Home Play Rank Login Sh3ll we play a game?

What is 'pwn'?

_"PWN"_ - means to compromise or control, specifically another computer (server or PC), web site, gateway device, or application. It is synonymous with one of the definitions of hacking or cracking, including iOS jailbreaking.  -  Wikipedia.

What is pwnable.kr?

'pwnable.kr' is a non-commercial _wargame site

_ which provides

various pwn challenges regarding system exploitation. the main purpose of pwnable.kr is _'fun'_.    please consider each of the challenges as a game. while playing pwnable.kr, you could learn/improve system hacking skills but that shouldn't be your only purpose.

How do I play?

there are _flag_   files corresponding to each challenges (similar to CTF ), you need to read it and submit to pwnable.kr to get the corresponding point. in order to read the flag file, you need some skills regarding programming, reverse-engineering, bug exploitation, system knowledge, cryptography. each challenges have author's _intended solution_, however, there are a lot of unintended solutions as well :) the challenges are divided into four categories. -  very easy challenges with simple mistakes. -  typical bug exploitation challenges for rookies. -  these challenges are grotesque-y. painful to solve it, but very tasty flag :) -  intended solution for these challenges involves special techniques.

Disclaimer

1. pwnable.kr is a _non-commercial_ website. 2. the contents and services provided by pwnable.kr is absolutly free to individuals for non-commercial use, however it is _prohibited_ from being utilized in commercial manner. 3. contact admin or use proper citation in case of using the contents of pwnable.kr for non-commercial *public* use (e.g., academic

class exercise).

4. never use pwnable.kr's resources or information learned from pwnable.kr for illegal purpose.

Rules & Tips

1. all kinds of DoS activities (i.e., too many process/file creation, or network access) are forbidden. THERE IS NO CHALLENGE WHICH REQUIRES *EXCESSIVE BRUTE-FORCING*. the intended solution always gets you the flag in less than a minuet 2. if you find any unintended bug or system deficiency, please report admin. you will be thanked and get some credit 3. challenges in Toddler's Bottle are allowed to freely post the solutions online. However, please refrain from posting solution for challenges in other categories. But if you insist, post easy ones (solved by many people) and do not spoil too much details for the sake

of fun.

4. you can ask/answer hints for challenges in IRC, but again, don't

spoil too much

5. all challenges are solvable. but if you think something is wrong, feel free to report admin 6. google is the best teacher in the world, but if you are hopelessly stuck, feel free to contact admin or IRC for advice 7. difficulties of pwnable.kr is orders of magnitude easier than top class CTF such as DEFCON CTF or real world hacking contest such as PWN2OWN

Contact

admin

daehee (daehee87@gatech.edu)

irc

irc.netgarage.org:6667/#pwnable.kr (or type "irssi" from pwnable.kr

server)

Credits

veritas501 : reporting configuration error that allows unintended access for all QEMU-based tasks haber : reporting multiple vulnerabilities in configuration afang : reporting unintended solution (dos4fun) debukuk : reporting CSRF vulnerability on webpage yelang123 : reporting XSS vulnerability on webpage 5unKn0wn : reporting unintended solution (pwnsandbox) Charo : reporting web server configuration error martin : reporting server vulnerability (local privilege escalation on proxy-server challenge) bla : IRC channel support neomant : reporting site management mistake (information disclosure) null0 : reporting site configuration error (duplicate flag

authentication)

acez : reporting server configuration error (unintended access for all QEMU-based tasks) sweetchip : reporting server configuration error (unintended ssh

access)

Cool wargame sites & CTF competition pwnable.kr is powered/supported by GaTech SSLab � PWNABLE.KR SINCE 2014 - ALL RIGHTS RESERVED. OPTIMIZED TO CHROME