<![CDATA[Messages posted by "H3x4"]]> /hvaonline/posts/listByUser/193504.html JForum - http://www.jforum.net Để trở thành hacker /hvaonline/posts/preList/35248/273918.html#273918 /hvaonline/posts/preList/35248/273918.html#273918 GMT Để trở thành hacker /hvaonline/posts/preList/35248/269030.html#269030 /hvaonline/posts/preList/35248/269030.html#269030 GMT Tại sao HVA ko tổ chức 1 lớp về bảo mật cho mọi người /hvaonline/posts/preList/42691/266553.html#266553 /hvaonline/posts/preList/42691/266553.html#266553 GMT Thẻ nhớ định dạng RAW, làm sao lấy dữ liệu ra đây ? /hvaonline/posts/preList/42115/263504.html#263504 /hvaonline/posts/preList/42115/263504.html#263504 GMT Vietnamese Hacking Challenges /hvaonline/posts/preList/41795/261354.html#261354 /hvaonline/posts/preList/41795/261354.html#261354 GMT Vietnamese Hacking Challenges /hvaonline/posts/preList/41795/261329.html#261329 /hvaonline/posts/preList/41795/261329.html#261329 GMT Vietnamese Hacking Challenges

K4i wrote:
Cho mình nhận xét một chút là nếu các bạn không có thời gian học tiếng anh cho tử tế thì viết tiếng Việt đi. Khả năng viết quá tệ. 
Hi K4i, bọn mình cũng định Việt hoá nhưng có 1 số chỗ khó dịch ra TV được. Còn nếu chỗ nào bạn thấy bị sai thì có thể email hoặc IRC với bọn mình một chút, bọn mình sẽ rất biết ơn sự giúp đỡ của mọi người. Trân trọng.]]>
/hvaonline/posts/preList/41795/260971.html#260971 /hvaonline/posts/preList/41795/260971.html#260971 GMT
Vietnamese Hacking Challenges /hvaonline/posts/preList/41795/260835.html#260835 /hvaonline/posts/preList/41795/260835.html#260835 GMT Vietnamese Hacking Challenges /hvaonline/posts/preList/41795/260740.html#260740 /hvaonline/posts/preList/41795/260740.html#260740 GMT Vietnamese Hacking Challenges /hvaonline/posts/preList/41795/260485.html#260485 /hvaonline/posts/preList/41795/260485.html#260485 GMT Vietnamese Hacking Challenges /hvaonline/posts/preList/41795/260482.html#260482 /hvaonline/posts/preList/41795/260482.html#260482 GMT BkitSec Wargame http://wargame.bkitsec.vn/~caocao/level1/index.php Và phiên đã được vá lỗi ở http://wargame.bkitsec.vn/~caocao/level2/index.php #Bkitsec at NDH2K12 CTF : http://prequals.nuitduhack.com/ranking.html ]]> /hvaonline/posts/preList/41215/260113.html#260113 /hvaonline/posts/preList/41215/260113.html#260113 GMT Microsoft Remote Desktop Protocol CVE-2012-0002 Remote Code Execution /hvaonline/posts/preList/41627/259850.html#259850 /hvaonline/posts/preList/41627/259850.html#259850 GMT Microsoft Remote Desktop Protocol CVE-2012-0002 Remote Code Execution /hvaonline/posts/preList/41627/259627.html#259627 /hvaonline/posts/preList/41627/259627.html#259627 GMT Microsoft Remote Desktop Protocol CVE-2012-0002 Remote Code Execution /hvaonline/posts/preList/41627/259451.html#259451 /hvaonline/posts/preList/41627/259451.html#259451 GMT BkitSec Wargame Code:
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <signal.h>
#include <sys/stat.h>
#include <fcntl.h>

// gcc -z execstack -o level3.hard level3.hard.c -fno-stack-protector

int sockfd;
int newsockfd;

char getFlag[] ="\xeb\x0a\x5b\x83\xc3\x0a\x31\xc9\xb1\x15\xeb\x05\xe8\xf1\xff
\xff\xff\x31\x3b\x49\x83\xc3\x04\x85\xc9\x75\xf6\x69\xe5\xa9\x7e\xd9\x94\x6b\xe0
\xdd\x46\x9c\xcb\x5a\x18\x9c\xc2\x27\x9d\x3e\x3a\x23\x2c\x6d\x88\x06\x3d\x24\x0
f\x66\x5c\x2e\xf2\xe2\x68\x5a\xbb\xe9\x94\x4c\x3a\x38\xaf\x82\xc6\x6a\x9e\x69\x2b
\x63\xee\x9c\xcb\x5a\x19\x60\x8b\xdb\xdd\x1d\x0a\xdb\xc6\x60\x8b\x02\xd9\x52\xf4
\x15\x7b\xc1\x6a\x8d\x30\xc5\x6a\x98\x79\x83\x7f\x92\x69\xad";

int sendFlag(int sock)
{
  char tmp[16];
  
  bzero(tmp, sizeof(tmp));
  read(sock, tmp, sizeof(tmp)+16);

  write(sock, tmp, strlen(tmp));

}

void sigintHandler(int sig)
{
  if (sig == SIGINT)
  {
    while (close(sockfd));

    printf("Closed server socket\n");
    exit(EXIT_FAILURE);
  }
}

void sigsegvHandler(int sig)
{
  if (sig == SIGSEGV)
  {
    write(newsockfd, "Server error\n", 13);
    close(newsockfd);
    
    exit(EXIT_FAILURE);
  }
}

void ERROR(char* err)
{
  perror(err);
  exit(EXIT_FAILURE);
}

int main(int argc, char *argv[])
{
  if(argc != 2) {
    printf("%s portno \n", argv[0]);
    exit(EXIT_FAILURE);
  }

  int portno, clilen, n;
  int pid;
  char *clientIP;
  struct sockaddr_in serv_addr, cli_addr;

  sockfd = socket(AF_INET, SOCK_STREAM, 0);
  if (sockfd < 0)
    ERROR("socket");

  
  // server's listening port
  portno = atoi(argv[1]);  

  bzero((char *) &serv_addr, sizeof(serv_addr));
  serv_addr.sin_family = AF_INET;
  serv_addr.sin_port = htons(portno);
  serv_addr.sin_addr.s_addr = INADDR_ANY;

  if (bind(sockfd, (struct sockaddr *) &serv_addr, sizeof(serv_addr)) < 0)
    ERROR("bind");

  listen(sockfd, 5);


  // kill all child processes that terminated
  signal(SIGCHLD, SIG_IGN);
  signal(SIGINT, (void*)sigintHandler);
  signal(SIGSEGV, (void*)sigsegvHandler);


  while (1)
  {
    clilen = sizeof(cli_addr);
    if ( (newsockfd = accept(sockfd, (struct sockaddr *) &cli_addr, &clilen)) > 0 )
    {
      pid = fork();

      if (pid == 0)
      {
        while(close(sockfd));

        sendFlag(newsockfd);
        

        close(newsockfd);
        exit(1);
      }
      else if ( pid > 0)
      {
        close(newsockfd);
      }
    }
  }
  return 0;
}
]]>
/hvaonline/posts/preList/41215/259248.html#259248 /hvaonline/posts/preList/41215/259248.html#259248 GMT
BkitSec Wargame /hvaonline/posts/preList/41215/259027.html#259027 /hvaonline/posts/preList/41215/259027.html#259027 GMT BkitSec Wargame /hvaonline/posts/preList/41215/258538.html#258538 /hvaonline/posts/preList/41215/258538.html#258538 GMT BkitSec Wargame /hvaonline/posts/preList/41215/257144.html#257144 /hvaonline/posts/preList/41215/257144.html#257144 GMT BkitSec Wargame http://bkitsec.vn/keygen1 Hard Level2 Exploit Source: Code:
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <signal.h>
#include <sys/stat.h>
#include <fcntl.h>

// gcc -o level2 level2.c -fno-stack-protector -z execstack -mpreferred-stack-boundary=2

unsigned int secret;
int sockfd;
int newsockfd;

void getFlag(int sock)
{
  char tmp[64];

  int fd = open("flag.txt", O_RDONLY);
  if (fd < 0)
    exit(EXIT_FAILURE);
  
  bzero(tmp, sizeof(tmp));
  read(fd, tmp, sizeof(tmp));
  
  write(sock, "Flag: ", 7);
  write(sock, tmp, strlen(tmp));

  close(fd);
}

int vuln(int sock)
{
  int ret = 0xdeadbeef;
  unsigned int cookie = secret;
  char tmp[32] = {'\0'};
  
  bzero(tmp, sizeof(tmp));
  read(sock, tmp, sizeof(tmp)+20);

  if(cookie!=secret)
  {
    write(sock, "It's not my cookie :(\n", 22);
    exit(EXIT_FAILURE);
  }

  return ret;
}

void sigintHandler(int sig)
{
  if (sig == SIGINT)
  {
    while (close(sockfd));

    printf("Closed server socket\n");
    exit(EXIT_FAILURE);
  }
}

void sigsegvHandler(int sig)
{
  if (sig == SIGSEGV)
  {
    write(newsockfd, "Server error\n", 13);
    close(newsockfd);
    
    exit(EXIT_FAILURE);
  }
}

void ERROR(char* err)
{
  perror(err);
  exit(EXIT_FAILURE);
}

int main(int argc, char *argv[])
{
  if(argc != 2) {
    printf("%s portno \n", argv[0]);
    exit(EXIT_FAILURE);
  }

  srand(time(NULL));
  secret = rand();
  
  int portno, clilen, n;
  int pid;
  char *clientIP;
  struct sockaddr_in serv_addr, cli_addr;

  sockfd = socket(AF_INET, SOCK_STREAM, 0);
  if (sockfd < 0)
    ERROR("socket");

  
  // server's listening port
  portno = atoi(argv[1]);  

  bzero((char *) &serv_addr, sizeof(serv_addr));
  serv_addr.sin_family = AF_INET;
  serv_addr.sin_port = htons(portno);
  serv_addr.sin_addr.s_addr = INADDR_ANY;

  if (bind(sockfd, (struct sockaddr *) &serv_addr, sizeof(serv_addr)) < 0)
    ERROR("bind");

  listen(sockfd, 5);


  // kill all child processes that terminated
  signal(SIGCHLD, SIG_IGN);
  signal(SIGINT, (void*)sigintHandler);
  signal(SIGSEGV, (void*)sigsegvHandler);


  while (1)
  {
    clilen = sizeof(cli_addr);
    if ( (newsockfd = accept(sockfd, (struct sockaddr *) &cli_addr, &clilen)) > 0 )
    {
      pid = fork();

      if (pid == 0)
      {
        while(close(sockfd));

        void (*foo)(int);

        foo = vuln(newsockfd);
        
        // mistake here?
        foo(argc);

        close(newsockfd);
        exit(1);
      }
      else if ( pid > 0)
      {
        close(newsockfd);
      }
    }
  }
  return 0;
}
]]>
/hvaonline/posts/preList/41215/257033.html#257033 /hvaonline/posts/preList/41215/257033.html#257033 GMT
BkitSec Wargame /hvaonline/posts/preList/41215/254693.html#254693 /hvaonline/posts/preList/41215/254693.html#254693 GMT BkitSec Wargame /hvaonline/posts/preList/41215/254434.html#254434 /hvaonline/posts/preList/41215/254434.html#254434 GMT Cách debug drivers trên 2 virtual machine /hvaonline/posts/preList/39458/242808.html#242808 /hvaonline/posts/preList/39458/242808.html#242808 GMT Cách debug drivers trên 2 virtual machine /hvaonline/posts/preList/39458/242807.html#242807 /hvaonline/posts/preList/39458/242807.html#242807 GMT Cách debug drivers trên 2 virtual machine /hvaonline/posts/preList/39458/242794.html#242794 /hvaonline/posts/preList/39458/242794.html#242794 GMT Vấn đề Metasploit với DEP (Data Execution Prevention) /hvaonline/posts/preList/39358/242164.html#242164 /hvaonline/posts/preList/39358/242164.html#242164 GMT Mọi người giúp em về lập trình điểu khiển IP Camera với ạ! /hvaonline/posts/preList/37943/233125.html#233125 /hvaonline/posts/preList/37943/233125.html#233125 GMT Một người không có bằng đại học( Có tiến thân được không ? ) /hvaonline/posts/preList/37859/233122.html#233122 /hvaonline/posts/preList/37859/233122.html#233122 GMT Thảo luận việc định hướng ? /hvaonline/posts/preList/37578/231563.html#231563 /hvaonline/posts/preList/37578/231563.html#231563 GMT Các kiểu tấn công vào MYSQL Server /hvaonline/posts/preList/36493/230630.html#230630 /hvaonline/posts/preList/36493/230630.html#230630 GMT