mirror of
https://github.com/dongdigua/dongdigua.github.io
synced 2024-11-24 04:03:11 +08:00
72 lines
1.6 KiB
Org Mode
72 lines
1.6 KiB
Org Mode
|
#+TITLE: Binary Exploit Resources I Recently Trying to Learn
|
||
|
#+TAGS: relearn(r)
|
||
|
#+OPTIONS: toc:nil
|
||
|
|
||
|
|
||
|
* resources
|
||
|
** video
|
||
|
[[https://youtube.com/playlist?list=PLhixgUqwRTjxglIswKp9mpkfPNfHkzyeN][Binary Exploitation / Memory Corruption by LiveOverflow]]
|
||
|
** website
|
||
|
*** [[https://play.picoctf.org/practice][picoCTF]]
|
||
|
*** [[https://exploit.education/][exploit education]]
|
||
|
|
||
|
* tools
|
||
|
|
||
|
** code auditing
|
||
|
[[../images/fedora_security_lab.png]]
|
||
|
*** pscan
|
||
|
*** rats
|
||
|
*** splint
|
||
|
*** flawfinder
|
||
|
|
||
|
** debug
|
||
|
*** gdb
|
||
|
|
||
|
** reverse
|
||
|
*** [[https://book.rada.re/][radare2]]
|
||
|
**** iaito
|
||
|
*** hopper(non-free)
|
||
|
|
||
|
|
||
|
* notes on video
|
||
|
** [[https://youtu.be/6jSKldt7Eqs][0x04: asm basics]]
|
||
|
*** to show assembly in the source code window in gud, ~M-x gdb-display-disassembly-buffer~
|
||
|
*** links
|
||
|
**** https://microcorruption.com/
|
||
|
** [[https://youtu.be/3NTXFUxcKPc][0x06: tools]]
|
||
|
*** simple tools
|
||
|
**** hexdump
|
||
|
**** strings
|
||
|
all printable letters
|
||
|
**** objdump
|
||
|
disassembler
|
||
|
**** strace/ltrace
|
||
|
trace sys/lib call
|
||
|
*** [[https://youtu.be/mT1V7IL2FHY][0x0A: deal with numbers]]
|
||
|
**** endian?
|
||
|
from [[https://zh.wikipedia.org/zh-cn/%E5%AD%97%E8%8A%82%E5%BA%8F][Wikipedia]]
|
||
|
[[../images/Big-Endian.svg.png ]][[../images/Little-Endian.svg.png]]
|
||
|
x86 is little endian
|
||
|
**** tools
|
||
|
***** python
|
||
|
#+BEGIN_SRC python
|
||
|
>>> int('111', 2)
|
||
|
7
|
||
|
>>> hex(123)
|
||
|
'0x7b'
|
||
|
>>> import struct
|
||
|
# https://docs.python.org/3.10/library/struct.html#format-characters
|
||
|
>>> struct.pack("<I", 0x61626364) # little endian
|
||
|
b'dcba'
|
||
|
>>> struct.pack(">I", 0x61626364) # big endian
|
||
|
b'abcd'
|
||
|
#+END_SRC
|
||
|
***** iex
|
||
|
#+BEGIN_SRC elixir
|
||
|
iex(1)> <<0x61626364::32>>
|
||
|
"abcd"
|
||
|
iex(2)> Base.decode16("61626364")
|
||
|
{:ok, "abcd"}
|
||
|
#+END_SRC
|
||
|
|