From 7555f3bbcb862b62c3837e6927320d431ffef949 Mon Sep 17 00:00:00 2001 From: lf- Date: Tue, 9 Mar 2021 04:32:42 -0800 Subject: [PATCH] fixup some final pages --- content/posts/about.md | 2 +- content/posts/gctf-2020-writeonly.md | 18 +++++++++--------- content/posts/writeonly-in-rust.md | 8 ++++---- 3 files changed, 14 insertions(+), 14 deletions(-) diff --git a/content/posts/about.md b/content/posts/about.md index 03b7e4b..b02179d 100644 --- a/content/posts/about.md +++ b/content/posts/about.md @@ -22,7 +22,7 @@ place for Saskatchewan. Other than robotics, I am most interested in Rust and embedded systems, especially the security thereof. -To contact me, email `jade` at this domain (`LFCODE` dot ca). +To contact me, email `jade` at this domain (jade dot fyi). Jade she/they diff --git a/content/posts/gctf-2020-writeonly.md b/content/posts/gctf-2020-writeonly.md index f91dafa..309ebef 100644 --- a/content/posts/gctf-2020-writeonly.md +++ b/content/posts/gctf-2020-writeonly.md @@ -157,15 +157,15 @@ the PID since it would have been returned from fork and it is logged by the suspicious `printf`. As it turned out, it was indeed on the stack, so I wrote some evil inline assembly to get the value pointed to by `rbp - 0x4`. -The next step was to construct the path. I was unsure of the availability of C -string and `itoa`-like functions in the environment, given that there is no -standard library present, so I just wrote some. An interesting optimization of -this nicked from [later rewriting the exploit in -Rust](https://lfcode.ca/blog/writeonly-in-rust) is that my `itoa` goes -backwards, writing into a with a buffer containing extra slashes that will -otherwise be ignored by the OS. This cut my executable size about in half by -not having to reverse the string or perform string copies as one would have to -do in a normal `itoa`. +The next step was to construct the path. I was unsure of the availability of +C string and `itoa`-like functions in the environment, given that there is no +standard library present, so I just wrote some. An interesting optimization +of this nicked from [later rewriting the exploit in +Rust](/blog/writeonly-in-rust) is that my `itoa` goes backwards, writing into +a with a buffer containing extra slashes that will otherwise be ignored by +the OS. This cut my executable size about in half by not having to reverse +the string or perform string copies as one would have to do in a normal +`itoa`. ```c diff --git a/content/posts/writeonly-in-rust.md b/content/posts/writeonly-in-rust.md index 1c50ded..9cd415e 100644 --- a/content/posts/writeonly-in-rust.md +++ b/content/posts/writeonly-in-rust.md @@ -6,11 +6,11 @@ tags = ["ctf", "rust", "osdev"] title = "Writing shellcode in Rust" +++ -In my [Google CTF entry for `writeonly` this year](https://lfcode.ca/blog/gctf-2020-writeonly), +In my [Google CTF entry for `writeonly` this year](/blog/gctf-2020-writeonly), I wrote my first stage shellcode in C, which was somewhat novel in and of -itself, as it seemed like few people were willing to brave linker scripts to be -able to write shellcode in C. My hubris does not stop at C, however, and the -crab language seemed well suited for a port. +itself, as it seemed like few people were willing to brave linker scripts to +be able to write shellcode in C. My hubris does not stop at C, however, and +the crab language seemed well suited for a port. [Source code here](https://github.com/lf-/ctf/tree/main/writeonly.rs)