Forticlient VPN on GNU/Linux: Blank screen

Preamble

On a Debian GNU/Linux 11 Bullseye box, with the latest updates and with a working NVIDIA graphics card, the Forticlient GUI binary showed a blank-screen with no widgets in it:

The widget-rendering is not working

We did not have Forticlient source code, so we needed […]

Defeating an ELF32 binary with absolutely no leaks without using the ret2_dlresolve technique

The binary

I was presented with an ELF32 binary with the following protections:

ch77 protections

Disassembling the binary with r2, I quickly recognized a classic stack overflow by abusing the call to read:

There’s a buffer overflow in the read function.

Desclavando espinas 2/3: UAD360 go4fun writeup

El reto

Revisamos la información básica sobre el binario:

file go4fun.uu go4fun.uu: ELF 32-bit MSB executable, MIPS, MIPS32 version 1 (SYSV), statically linked, not stripped

Estamos ante un binario ELF (Linux), con arquitectura MIPS de 32 bits. Además, es Big Endian (MSB).

Ejecutando el binario con arm_now

tonicas | Friday, 21st of June 2019 | Category: analysis, Code | Comments are closed