既然知道了内核存在的保护,那么我们此时就需要定位漏洞位置了,一般ctf-kernel漏洞大都位于驱动 pwn@DESKTOP-A262SJV:/CISCN2017-babydriver$mkdirfs pwn@DESKTOP-A262SJV:/CISCN2017-babydriver$cdfs/ pwn@DESKTOP-A262SJV:/CISCN2017-babydriver/fs$cp..
- 条件竞争介绍: pwn/linux/race-condition/introduction.md - 例题: pwn/linux/race-condition/problem.md - 整数溢出: - 整数溢出原理介绍: pwn/linux/integeroverflow/intof.md - 沙箱逃逸: - Python沙箱逃逸: pwn/linux/sandbox/python-sandbox-escape.md - kernel: - 环境搭建: pwn/linux/kernel/environme...
pwn/linux/io_file/fake-vtable-exploit.md - FSOP: pwn/linux/io_file/fsop.md - glibc 2.24 下 IO_FILE 的利用: pwn/linux/io_file/exploit-in-libc2.24.md - 条件竞争: - 条件竞争介绍: pwn/linux/race-condition/introduction.md - 例题: pwn/linux/race-condition/problem.md - 整数溢出: - 整数...
写在前面 ctf-wiki关于arm pwn的arm - ROP中的例题是Codegate2018_Melong,但在网上一直没找到write up,这里跟着官方解给出的exp调试记录。 确定保护 $ file ./melong ./melong: ELF 32-bit LSB executable, ARM, EABI5 version 1 (SYSV), dynamically linked, interpreter /lib/ld-, for GNU/Linux 3.2....
-反调试技术例题:reverse/windows/anti-debug/example.md -Pwn: -Pwn Overview: -pwn/readme.md -Linux Pwn: -安全防护机制: -canary:pwn/linux/mitigation/canary.md -栈溢出: -栈介绍:pwn/linux/stackoverflow/stack-intro.md -栈溢出原理:pwn/linux/stackoverflow/stackoverflow-basic.md ...
- 例题: pwn/linux/race-condition/problem.md - 整数溢出: - 整数溢出原理介绍: pwn/linux/integeroverflow/intof.md - 沙箱逃逸: - Python沙箱逃逸: pwn/linux/sandbox/python-sandbox-escape.md - kernel: - 环境搭建: pwn/linux/kernel/environment.md - 基础知识: pwn/linux/kernel/basic_kno...
55 + from pwn import * 56 + import string 57 + from hashlib import sha256 58 + 59 + #context.log_level='debug' 60 + def dopow(): 61 + chal = c.recvline() 62 + post = chal[12:28] 63 + tar = chal[33:-1] 64 + c.recvuntil(':') 65 + found = iters....
## 例题 这里以`看雪.TSRC 2017CTF秋季赛`第二题作为讲解. 题目下载链接: [ctf2017_Fpc.exe](https://github.com/ctf-wiki/ctf-wiki/blob/master/reverse/anti-debug/example/2017_pediy/ctf2017_Fpc.exe) 程序写了几个函数混淆视听, 将关键的验证逻辑加花指令防止了IDA的静态分析. 我们用IDA打开Fpc这道...
- 反调试技术例题: reverse/windows/anti-debug/example.md - Pwn: - Pwn Overview: - pwn/readme.md - Linux Pwn: - 安全防护机制: - canary: pwn/linux/mitigation/canary.md - 栈溢出: - 栈介绍: pwn/linux/stackoverflow/stack-intro.md - 栈溢出原理: pwn/linux/stackoverflow/stack...
pwn/linux/io_file/exploit-in-libc2.24.md - 条件竞争: - 条件竞争介绍: pwn/linux/race-condition/introduction.md - 例题: pwn/linux/race-condition/problem.md - 整数溢出: - 整数溢出原理介绍: pwn/linux/integeroverflow/intof.md - 沙箱逃逸: - Python沙箱逃逸: pwn/linux/sandbox/python-sandbox-...