jade/blog
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fixup some final pages

Browse source
This commit is contained in:
lf- 2021-03-09 04:32:42 -08:00
parent 94e44e406b
commit 7555f3bbcb
3 changed files with 14 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

2
content/posts/about.md
View file

@ -22,7 +22,7 @@ place for Saskatchewan.
Other than robotics, I am most interested in Rust and embedded systems,
especially the security thereof.
To contact me, email `jade` at this domain (`LFCODE` dot ca).
To contact me, email `jade` at this domain (jade dot fyi).
Jade
she/they

18
content/posts/gctf-2020-writeonly.md
View file

@ -157,15 +157,15 @@ the PID since it would have been returned from fork and it is logged by the
suspicious `printf`. As it turned out, it was indeed on the stack, so I wrote
some evil inline assembly to get the value pointed to by `rbp - 0x4`.
The next step was to construct the path. I was unsure of the availability of C
string and `itoa`-like functions in the environment, given that there is no
standard library present, so I just wrote some. An interesting optimization of
this nicked from [later rewriting the exploit in
Rust](https://lfcode.ca/blog/writeonly-in-rust) is that my `itoa` goes
backwards, writing into a with a buffer containing extra slashes that will
otherwise be ignored by the OS. This cut my executable size about in half by
not having to reverse the string or perform string copies as one would have to
do in a normal `itoa`.
The next step was to construct the path. I was unsure of the availability of
C string and `itoa`-like functions in the environment, given that there is no
standard library present, so I just wrote some. An interesting optimization
of this nicked from [later rewriting the exploit in
Rust](/blog/writeonly-in-rust) is that my `itoa` goes backwards, writing into
a with a buffer containing extra slashes that will otherwise be ignored by
the OS. This cut my executable size about in half by not having to reverse
the string or perform string copies as one would have to do in a normal
`itoa`.
```c

8
content/posts/writeonly-in-rust.md
View file

@ -6,11 +6,11 @@ tags = ["ctf", "rust", "osdev"]
title = "Writing shellcode in Rust"
+++
In my [Google CTF entry for `writeonly` this year](https://lfcode.ca/blog/gctf-2020-writeonly),
In my [Google CTF entry for `writeonly` this year](/blog/gctf-2020-writeonly),
I wrote my first stage shellcode in C, which was somewhat novel in and of
itself, as it seemed like few people were willing to brave linker scripts to be
able to write shellcode in C. My hubris does not stop at C, however, and the
crab language seemed well suited for a port.
itself, as it seemed like few people were willing to brave linker scripts to
be able to write shellcode in C. My hubris does not stop at C, however, and
the crab language seemed well suited for a port.
[Source code here](https://github.com/lf-/ctf/tree/main/writeonly.rs)