![]() To find the actual ruby script that is running we can first check /proc/self/cmdline which will return rubymemeshop.rb. Doing so, we will receive a binary, but in fact it is the ruby interpreter. To dump the binary we can simply read from /proc/self/exe. Next step would be to dump the binary so we can reverse engineer it and find a way to actually exploit it. Ok so we can dump arbitrary files with this primitive. If we provide /etc/passwd base64 encoded to print receipt, we will get the output: ok, let me know your order number bro : L2V0Yy9wYXNzd2Q = ok heres ur receipt or w / e root : x : 0 : 0 : root :/ root :/ bin / bash daemon : x : 1 : 1 : daemon :/ usr / sbin :/ usr / sbin / nologin bin : x : 2 : 2 : bin :/ bin :/ usr / sbin / nologin sys : x : 3 : 3 : sys :/ dev :/ usr / sbin / nologin Dumping Files With these information one can assume that the print receipt option will probably open the file and read the content. We can get the order number if we use the check out option, which will output it base64 encoded: ur receipt is at 元RtcC9tZW1lMjAxNTA5MjItNjAyNy01ZXVoN3I = - b64decode : / tmp / meme20150922 - 6027 - 5 euh7rĪs we can see the base64 decoded string is simply a path to a temporary file. With p we can print a receipt and it will ask for an order number: ok, let me know your order number bro : > 123 sry br0, i have no records of that Most options will simply output a meme, but there is some interesting ones though. lets see what is on the menu rint receipt from confirmation number ic cage ( RARE MEME ) erp d ge ( OLD MEME, ON SALE ) ry ( SHUT UP AND LET ME TAKE YOUR MONEY ) n an cat ike a sir r skeletal ( doot doot ) humbs up t ollface. After connecting we see a menu like this: so. We are only given an ip/port to connect to, no binary was provided. ![]() ‘memeshop’ was a pwnable worth 400 points in the latest CSAW CTF.
0 Comments
![]() Their ship was intercepted and boarded by Vilgax and his drones, but they were stopped by Ben, Gwen, Tetrax, Gluto, and Myaxx. After escaping the fight, she reveals she was Azmuth's assistant and directs Ben and the others to Xenon, where Azmuth lives. Ben, Gwen, and Tetrax get themselves into a street-fight. He changes into Perk Upchuck and fights him, only to reveal that "Vilgax" is a female Chimera Sui Generis named Myaxx, who claims she created the Omnitrix. They find the DNA signature of Azmuth in the Omnitrix and find that he is on Incarcecon, the prison planet.Īfter some time of searching on Incarcecon, Ben (in a costume with Gwen) thinks he spots Vilgax. ![]() Gwen soon appears on the ship to help Ben. Ben, Tetrax, and his pilot, Gluto, travel across the galaxy to find Azmuth, the creator of the Omnitrix. The watch is in self-destruct mode and will destroy itself along with Ben (and the universe, but Tetrax does not reveal this until later). Tetrax senses the Omnitrix and comes to Earth to warn Ben about it. Gwen, Ben and Grandpa go to the shopping mall but the Omnitrix releases a sudden energy burst, banning them from the mall. Ben changes into Grey Matter and knocks out Dr. ![]() A DNA wave blows through and damages the Omnitrix. Ben (as Heatblast, XLR8, or Eye Guy in different beginnings) rescues Grandpa and Gwen, defeats Animo's latest invention, and sets off an error in the bomb by overloading the system. Animo, who has kidnapped Gwen and Grandpa Max, and threatens to release his DNA bomb and de-evolutionize the world. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |