[*] Binary protection state of htdigest
Full RELRO Canary found NX disabled PIE enabled No RPATH No RUNPATH No Symbols
[*] Function printf tear down of htdigest
lw t9, -0x7fd8(gp)
addiu t9, t9, 0x13b0
bal 0x13b0
nop
addiu v0, zero, 1
sb v0, 0x2100(s0)
lw ra, 0x1c(sp)
lw s0, 0x18(sp)
jr ra
addiu sp, sp, 0x20
lui gp, 2
addiu gp, gp, -0x7490
addu gp, gp, t9
lw t9, -0x7fd8(gp)
addiu t9, t9, 0x13e8
b 0x13e8
nop
nop
lui gp, 2
addiu gp, gp, -0x74b0
addu gp, gp, t9
addiu sp, sp, -0x20
lw a1, -0x7fd8(gp)
sw s0, 0x18(sp)
lw s0, -obj.errfile(gp)
lw t9, -sym.imp.apr_file_printf(gp)
sw gp, 0x10(sp)
lw a0, (s0)
sw ra, 0x1c(sp)
jalr t9
addiu a1, a1, str.Usage:_htdigest___c__passwordfile_realm_username_n
lw gp, 0x10(sp)
lw a0, (s0)
lw a1, -0x7fd8(gp)
lw t9, -sym.imp.apr_file_printf(gp)
jalr t9
addiu a1, a1, str.The__c_flag_creates_a_new_file._n
lw gp, 0x10(sp)
lw t9, -sym.imp.exit(gp)
jalr t9
addiu a0, zero, 1
lui gp, 2
addiu gp, gp, -0x750c
addu gp, gp, t9
lw v0, -obj.tfp(gp)
addiu sp, sp, -0x20
sw s0, 0x18(sp)
move s0, a0
lw a0, (v0)
sw gp, 0x10(sp)
sw ra, 0x1c(sp)
beqz a0, 0x1558
lw t9, -sym.imp.apr_file_close(gp)
jalr t9
nop
lw gp, 0x10(sp)
lw t9, -sym.imp.exit(gp)
jalr t9
move a0, s0
lui gp, 2
addiu gp, gp, -0x7554
addu gp, gp, t9
lw v0, -obj.errfile(gp)
addiu sp, sp, -0x20
lw a1, -0x7fd8(gp)
lw t9, -sym.imp.apr_file_printf(gp)
lw a0, (v0)
sw gp, 0x10(sp)
sw ra, 0x1c(sp)
jalr t9
addiu a1, a1, str.Interrupted._n
lw gp, 0x10(sp)
lw t9, -0x7fd8(gp)
addiu t9, t9, 0x151c
bal 0x151c
addiu a0, zero, 1
lui gp, 2
addiu gp, gp, -0x7598
addu gp, gp, t9
lw t9, -sym.imp.apr_terminate(gp)
jr t9
nop
lui gp, 2
addiu gp, gp, -0x75b0
addu gp, gp, t9
addiu sp, sp, -0x5b8
--
move s2, a2
move a1, s1
move a2, s0
addiu a0, a0, str.New_password:_
sw v0, 0x594(sp)
sw s6, 0x24(sp)
jalr t9
nop
bnez v0, 0x1790
lw gp, 0x18(sp)
lw a0, -0x7fd8(gp)
lw t9, -sym.imp.apr_password_get(gp)
move a2, s0
addiu s0, sp, 0x194
move a1, s0
addiu a0, a0, str.Re_type_new_password:_
jalr t9
sw s6, 0x24(sp)
lw gp, 0x18(sp)
move a1, s0
lw t9, -sym.imp.strcmp(gp)
jalr t9
move a0, s1
lw gp, 0x18(sp)
bnez v0, 0x17c8
lw t9, -sym.imp.apr_file_printf(gp)
lw a1, -0x7fd8(gp)
move a2, s3
move a3, s5
addiu a1, a1, str._s:_s:
jalr t9
move a0, s2
lw gp, 0x18(sp)
move a3, s3
addiu s3, sp, 0x294
lw a2, -0x7fd8(gp)
lw t9, -sym.imp.apr_snprintf(gp)
addiu a2, a2, str._s:_s:_s
addiu a1, zero, 0x300
move a0, s3
sw s1, 0x14(sp)
jalr t9
sw s5, 0x10(sp)
lw gp, 0x18(sp)
addiu s0, sp, 0x28
lw t9, -sym.imp.apr_md5_init(gp)
jalr t9
move a0, s0
lw gp, 0x18(sp)
lw t9, -sym.imp.strlen(gp)
jalr t9
move a0, s3
lw gp, 0x18(sp)
move a1, s3
move a0, s0
lw t9, -sym.imp.apr_md5_update(gp)
jalr t9
move a2, v0
lw gp, 0x18(sp)
move a1, s0
addiu s0, sp, 0x84
lw t9, -sym.imp.apr_md5_final(gp)
jalr t9
move a0, s0
lw gp, 0x18(sp)
lw s3, -0x7fd8(gp)
addiu s3, s3, str._02x
lw t9, -sym.imp.apr_file_printf(gp)
lbu a2, (s0)
move a1, s3
move a0, s2
jalr t9
addiu s0, s0, 1
bne s0, s1, 0x1724
lw gp, 0x18(sp)
lw a1, -0x7fd8(gp)
lw t9, -sym.imp.apr_file_printf(gp)
addiu a1, a1, 0x1bac
jalr t9
move a0, s2
lw v1, 0x594(sp)
lw v0, (s4)
bne v1, v0, 0x17bc
lw gp, 0x18(sp)
lw ra, 0x5b4(sp)
lw s6, 0x5b0(sp)
lw s5, 0x5ac(sp)
lw s4, 0x5a8(sp)
lw s3, 0x5a4(sp)
lw s2, 0x5a0(sp)
lw s1, 0x59c(sp)
lw s0, 0x598(sp)
jr ra
addiu sp, sp, 0x5b8
lw v0, -obj.errfile(gp)
lw a1, -0x7fd8(gp)
lw t9, -sym.imp.apr_file_printf(gp)
lw a0, (v0)
jalr t9
addiu a1, a1, str.password_too_long
lw gp, 0x18(sp)
lw t9, -0x7fd8(gp)
addiu t9, t9, 0x151c
bal 0x151c
addiu a0, zero, 5
lw t9, -sym.imp.__stack_chk_fail(gp)
jalr t9
nop
lw v0, -obj.errfile(gp)
lw a1, -0x7fd8(gp)
lw a0, (v0)
jalr t9
addiu a1, a1, str.They_dont_match__sorry._n
lw gp, 0x18(sp)
lw t9, -0x7fd8(gp)
addiu t9, t9, 0x151c
bal 0x151c
[*] Function printf used 8 times htdigest
