2022-09-11 11:20:31 +08:00
<?xml version="1.0" encoding="utf-8"?>
< !DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
< html xmlns = "http://www.w3.org/1999/xhtml" lang = "en" xml:lang = "en" >
< head >
2022-09-15 17:18:00 +08:00
<!-- 2022 - 09 - 15 四 12:08 -->
2022-09-11 11:20:31 +08:00
< meta http-equiv = "Content-Type" content = "text/html;charset=utf-8" / >
< meta name = "viewport" content = "width=device-width, initial-scale=1" / >
< title > Binary Exploit Resources I Recently Trying to Learn< / title >
< meta name = "author" content = "dongdigua" / >
< meta name = "generator" content = "Org Mode" / >
< style >
#content { max-width: 60em; margin: auto; }
.title { text-align: center;
margin-bottom: .2em; }
.subtitle { text-align: center;
font-size: medium;
font-weight: bold;
margin-top:0; }
.todo { font-family: monospace; color: red; }
.done { font-family: monospace; color: green; }
.priority { font-family: monospace; color: orange; }
.tag { background-color: #eee; font-family: monospace;
padding: 2px; font-size: 80%; font-weight: normal; }
.timestamp { color: #bebebe; }
.timestamp-kwd { color: #5f9ea0; }
.org-right { margin-left: auto; margin-right: 0px; text-align: right; }
.org-left { margin-left: 0px; margin-right: auto; text-align: left; }
.org-center { margin-left: auto; margin-right: auto; text-align: center; }
.underline { text-decoration: underline; }
#postamble p, #preamble p { font-size: 90%; margin: .2em; }
p.verse { margin-left: 3%; }
pre {
border: 1px solid #e6e6e6;
border-radius: 3px;
background-color: #f2f2f2;
padding: 8pt;
font-family: monospace;
overflow: auto;
margin: 1.2em;
}
pre.src {
position: relative;
overflow: auto;
}
pre.src:before {
display: none;
position: absolute;
top: -8px;
right: 12px;
padding: 3px;
color: #555;
background-color: #f2f2f299;
}
pre.src:hover:before { display: inline; margin-top: 14px;}
/* Languages per Org manual */
pre.src-asymptote:before { content: 'Asymptote'; }
pre.src-awk:before { content: 'Awk'; }
pre.src-authinfo::before { content: 'Authinfo'; }
pre.src-C:before { content: 'C'; }
/* pre.src-C++ doesn't work in CSS */
pre.src-clojure:before { content: 'Clojure'; }
pre.src-css:before { content: 'CSS'; }
pre.src-D:before { content: 'D'; }
pre.src-ditaa:before { content: 'ditaa'; }
pre.src-dot:before { content: 'Graphviz'; }
pre.src-calc:before { content: 'Emacs Calc'; }
pre.src-emacs-lisp:before { content: 'Emacs Lisp'; }
pre.src-fortran:before { content: 'Fortran'; }
pre.src-gnuplot:before { content: 'gnuplot'; }
pre.src-haskell:before { content: 'Haskell'; }
pre.src-hledger:before { content: 'hledger'; }
pre.src-java:before { content: 'Java'; }
pre.src-js:before { content: 'Javascript'; }
pre.src-latex:before { content: 'LaTeX'; }
pre.src-ledger:before { content: 'Ledger'; }
pre.src-lisp:before { content: 'Lisp'; }
pre.src-lilypond:before { content: 'Lilypond'; }
pre.src-lua:before { content: 'Lua'; }
pre.src-matlab:before { content: 'MATLAB'; }
pre.src-mscgen:before { content: 'Mscgen'; }
pre.src-ocaml:before { content: 'Objective Caml'; }
pre.src-octave:before { content: 'Octave'; }
pre.src-org:before { content: 'Org mode'; }
pre.src-oz:before { content: 'OZ'; }
pre.src-plantuml:before { content: 'Plantuml'; }
pre.src-processing:before { content: 'Processing.js'; }
pre.src-python:before { content: 'Python'; }
pre.src-R:before { content: 'R'; }
pre.src-ruby:before { content: 'Ruby'; }
pre.src-sass:before { content: 'Sass'; }
pre.src-scheme:before { content: 'Scheme'; }
pre.src-screen:before { content: 'Gnu Screen'; }
pre.src-sed:before { content: 'Sed'; }
pre.src-sh:before { content: 'shell'; }
pre.src-sql:before { content: 'SQL'; }
pre.src-sqlite:before { content: 'SQLite'; }
/* additional languages in org.el's org-babel-load-languages alist */
pre.src-forth:before { content: 'Forth'; }
pre.src-io:before { content: 'IO'; }
pre.src-J:before { content: 'J'; }
pre.src-makefile:before { content: 'Makefile'; }
pre.src-maxima:before { content: 'Maxima'; }
pre.src-perl:before { content: 'Perl'; }
pre.src-picolisp:before { content: 'Pico Lisp'; }
pre.src-scala:before { content: 'Scala'; }
pre.src-shell:before { content: 'Shell Script'; }
pre.src-ebnf2ps:before { content: 'ebfn2ps'; }
/* additional language identifiers per "defun org-babel-execute"
in ob-*.el */
pre.src-cpp:before { content: 'C++'; }
pre.src-abc:before { content: 'ABC'; }
pre.src-coq:before { content: 'Coq'; }
pre.src-groovy:before { content: 'Groovy'; }
/* additional language identifiers from org-babel-shell-names in
ob-shell.el: ob-shell is the only babel language using a lambda to put
the execution function name together. */
pre.src-bash:before { content: 'bash'; }
pre.src-csh:before { content: 'csh'; }
pre.src-ash:before { content: 'ash'; }
pre.src-dash:before { content: 'dash'; }
pre.src-ksh:before { content: 'ksh'; }
pre.src-mksh:before { content: 'mksh'; }
pre.src-posh:before { content: 'posh'; }
/* Additional Emacs modes also supported by the LaTeX listings package */
pre.src-ada:before { content: 'Ada'; }
pre.src-asm:before { content: 'Assembler'; }
pre.src-caml:before { content: 'Caml'; }
pre.src-delphi:before { content: 'Delphi'; }
pre.src-html:before { content: 'HTML'; }
pre.src-idl:before { content: 'IDL'; }
pre.src-mercury:before { content: 'Mercury'; }
pre.src-metapost:before { content: 'MetaPost'; }
pre.src-modula-2:before { content: 'Modula-2'; }
pre.src-pascal:before { content: 'Pascal'; }
pre.src-ps:before { content: 'PostScript'; }
pre.src-prolog:before { content: 'Prolog'; }
pre.src-simula:before { content: 'Simula'; }
pre.src-tcl:before { content: 'tcl'; }
pre.src-tex:before { content: 'TeX'; }
pre.src-plain-tex:before { content: 'Plain TeX'; }
pre.src-verilog:before { content: 'Verilog'; }
pre.src-vhdl:before { content: 'VHDL'; }
pre.src-xml:before { content: 'XML'; }
pre.src-nxml:before { content: 'XML'; }
/* add a generic configuration mode; LaTeX export needs an additional
(add-to-list 'org-latex-listings-langs '(conf " ")) in .emacs */
pre.src-conf:before { content: 'Configuration File'; }
table { border-collapse:collapse; }
caption.t-above { caption-side: top; }
caption.t-bottom { caption-side: bottom; }
td, th { vertical-align:top; }
th.org-right { text-align: center; }
th.org-left { text-align: center; }
th.org-center { text-align: center; }
td.org-right { text-align: right; }
td.org-left { text-align: left; }
td.org-center { text-align: center; }
dt { font-weight: bold; }
.footpara { display: inline; }
.footdef { margin-bottom: 1em; }
.figure { padding: 1em; }
.figure p { text-align: center; }
.equation-container {
display: table;
text-align: center;
width: 100%;
}
.equation {
vertical-align: middle;
}
.equation-label {
display: table-cell;
text-align: right;
vertical-align: middle;
}
.inlinetask {
padding: 10px;
border: 2px solid gray;
margin: 10px;
background: #ffffcc;
}
#org-div-home-and-up
{ text-align: right; font-size: 70%; white-space: nowrap; }
textarea { overflow-x: auto; }
.linenr { font-size: smaller }
.code-highlighted { background-color: #ffff00; }
.org-info-js_info-navigation { border-style: none; }
#org-info-js_console-label
{ font-size: 10px; font-weight: bold; white-space: nowrap; }
.org-info-js_search-highlight
{ background-color: #ffff00; color: #000000; font-weight: bold; }
.org-svg { width: 90%; }
< / style >
2022-09-15 11:45:58 +08:00
< link rel = 'stylesheet' type = 'text/css' href = 'css/main.css' / >
2022-09-11 11:20:31 +08:00
< / head >
< body >
< div id = "org-div-home-and-up" >
< a accesskey = "h" href = "./../" > UP < / a >
|
< a accesskey = "H" href = "https://dongdigua.github.io" > HOME < / a >
< / div > < div id = "content" class = "content" >
< h1 class = "title" > Binary Exploit Resources I Recently Trying to Learn< / h1 >
2022-09-15 17:18:00 +08:00
< div id = "outline-container-org7de7fba" class = "outline-2" >
< h2 id = "org7de7fba" > < span class = "section-number-2" > 1.< / span > resources< / h2 >
2022-09-11 11:20:31 +08:00
< div class = "outline-text-2" id = "text-1" >
< / div >
2022-09-15 17:18:00 +08:00
< div id = "outline-container-org77d28d5" class = "outline-3" >
< h3 id = "org77d28d5" > < span class = "section-number-3" > 1.1.< / span > video< / h3 >
2022-09-11 11:20:31 +08:00
< div class = "outline-text-3" id = "text-1-1" >
< p >
< a href = "https://youtube.com/playlist?list=PLhixgUqwRTjxglIswKp9mpkfPNfHkzyeN" > Binary Exploitation / Memory Corruption by LiveOverflow< / a > < br / >
< / p >
< / div >
< / div >
2022-09-15 17:18:00 +08:00
< div id = "outline-container-orgabe2d1e" class = "outline-3" >
< h3 id = "orgabe2d1e" > < span class = "section-number-3" > 1.2.< / span > website< / h3 >
2022-09-11 11:20:31 +08:00
< div class = "outline-text-3" id = "text-1-2" >
< / div >
2022-09-15 17:18:00 +08:00
< div id = "outline-container-org57c6a7b" class = "outline-4" >
< h4 id = "org57c6a7b" > < span class = "section-number-4" > 1.2.1.< / span > < a href = "https://play.picoctf.org/practice" > picoCTF< / a > < / h4 >
2022-09-11 11:20:31 +08:00
< / div >
2022-09-15 17:18:00 +08:00
< div id = "outline-container-orgf09d1b5" class = "outline-4" >
< h4 id = "orgf09d1b5" > < span class = "section-number-4" > 1.2.2.< / span > < a href = "https://exploit.education/" > exploit education< / a > < / h4 >
2022-09-11 11:20:31 +08:00
< / div >
< / div >
< / div >
2022-09-15 17:18:00 +08:00
< div id = "outline-container-org7a816fd" class = "outline-2" >
< h2 id = "org7a816fd" > < span class = "section-number-2" > 2.< / span > tools< / h2 >
2022-09-11 11:20:31 +08:00
< div class = "outline-text-2" id = "text-2" >
< / div >
2022-09-15 17:18:00 +08:00
< div id = "outline-container-orgcb2c958" class = "outline-3" >
< h3 id = "orgcb2c958" > < span class = "section-number-3" > 2.1.< / span > code auditing< / h3 >
2022-09-11 11:20:31 +08:00
< div class = "outline-text-3" id = "text-2-1" >
2022-09-15 17:18:00 +08:00
< div id = "org45209c8" class = "figure" >
< p > < img src = "./images/fedora_security_lab.png" alt = "fedora_security_lab.png" / > < br / >
2022-09-11 11:20:31 +08:00
< / p >
< / div >
< / div >
2022-09-15 17:18:00 +08:00
< div id = "outline-container-org51e75d4" class = "outline-4" >
< h4 id = "org51e75d4" > < span class = "section-number-4" > 2.1.1.< / span > pscan< / h4 >
2022-09-11 11:20:31 +08:00
< / div >
2022-09-15 17:18:00 +08:00
< div id = "outline-container-orgaf1bb58" class = "outline-4" >
< h4 id = "orgaf1bb58" > < span class = "section-number-4" > 2.1.2.< / span > rats< / h4 >
2022-09-11 11:20:31 +08:00
< / div >
2022-09-15 17:18:00 +08:00
< div id = "outline-container-orgf8b9672" class = "outline-4" >
< h4 id = "orgf8b9672" > < span class = "section-number-4" > 2.1.3.< / span > splint< / h4 >
2022-09-11 11:20:31 +08:00
< / div >
2022-09-15 17:18:00 +08:00
< div id = "outline-container-orge882b81" class = "outline-4" >
< h4 id = "orge882b81" > < span class = "section-number-4" > 2.1.4.< / span > flawfinder< / h4 >
2022-09-11 11:20:31 +08:00
< / div >
< / div >
2022-09-15 17:18:00 +08:00
< div id = "outline-container-orgd446584" class = "outline-3" >
< h3 id = "orgd446584" > < span class = "section-number-3" > 2.2.< / span > debug< / h3 >
2022-09-11 11:20:31 +08:00
< div class = "outline-text-3" id = "text-2-2" >
< / div >
2022-09-15 17:18:00 +08:00
< div id = "outline-container-orgf289e28" class = "outline-4" >
< h4 id = "orgf289e28" > < span class = "section-number-4" > 2.2.1.< / span > gdb< / h4 >
2022-09-11 11:20:31 +08:00
< / div >
< / div >
2022-09-15 17:18:00 +08:00
< div id = "outline-container-org9bd5c9d" class = "outline-3" >
< h3 id = "org9bd5c9d" > < span class = "section-number-3" > 2.3.< / span > reverse< / h3 >
2022-09-11 11:20:31 +08:00
< div class = "outline-text-3" id = "text-2-3" >
< / div >
2022-09-15 17:18:00 +08:00
< div id = "outline-container-orgb4f2c26" class = "outline-4" >
< h4 id = "orgb4f2c26" > < span class = "section-number-4" > 2.3.1.< / span > < a href = "https://book.rada.re/" > radare2< / a > < / h4 >
2022-09-11 11:20:31 +08:00
< div class = "outline-text-4" id = "text-2-3-1" >
< / div >
< ol class = "org-ol" >
2022-09-15 17:18:00 +08:00
< li > < a id = "org93fdd1d" > < / a > iaito< br / > < / li >
2022-09-11 11:20:31 +08:00
< / ol >
< / div >
2022-09-15 17:18:00 +08:00
< div id = "outline-container-org65e54b3" class = "outline-4" >
< h4 id = "org65e54b3" > < span class = "section-number-4" > 2.3.2.< / span > hopper(non-free)< / h4 >
2022-09-11 11:20:31 +08:00
< / div >
< / div >
< / div >
2022-09-15 17:18:00 +08:00
< div id = "outline-container-org6dfbc04" class = "outline-2" >
< h2 id = "org6dfbc04" > < span class = "section-number-2" > 3.< / span > notes on video< / h2 >
2022-09-11 11:20:31 +08:00
< div class = "outline-text-2" id = "text-3" >
< / div >
2022-09-15 17:18:00 +08:00
< div id = "outline-container-org3a4fa41" class = "outline-3" >
< h3 id = "org3a4fa41" > < span class = "section-number-3" > 3.1.< / span > < a href = "https://youtu.be/6jSKldt7Eqs" > 0x04: asm basics< / a > < / h3 >
2022-09-11 11:20:31 +08:00
< div class = "outline-text-3" id = "text-3-1" >
< / div >
2022-09-15 17:18:00 +08:00
< div id = "outline-container-org672428f" class = "outline-4" >
< h4 id = "org672428f" > < span class = "section-number-4" > 3.1.1.< / span > to show assembly in the source code window in gud, < code > M-x gdb-display-disassembly-buffer< / code > < / h4 >
2022-09-11 11:20:31 +08:00
< / div >
2022-09-15 17:18:00 +08:00
< div id = "outline-container-org8d30438" class = "outline-4" >
< h4 id = "org8d30438" > < span class = "section-number-4" > 3.1.2.< / span > links< / h4 >
2022-09-11 11:20:31 +08:00
< div class = "outline-text-4" id = "text-3-1-2" >
< / div >
< ol class = "org-ol" >
2022-09-15 17:18:00 +08:00
< li > < a id = "orgebaeee1" > < / a > < a href = "https://microcorruption.com/" > https://microcorruption.com/< / a > < br / > < / li >
2022-09-11 11:20:31 +08:00
< / ol >
< / div >
< / div >
2022-09-15 17:18:00 +08:00
< div id = "outline-container-org4e88b68" class = "outline-3" >
< h3 id = "org4e88b68" > < span class = "section-number-3" > 3.2.< / span > < a href = "https://youtu.be/3NTXFUxcKPc" > 0x06: tools< / a > < / h3 >
2022-09-11 11:20:31 +08:00
< div class = "outline-text-3" id = "text-3-2" >
< / div >
2022-09-15 17:18:00 +08:00
< div id = "outline-container-orga4ee85e" class = "outline-4" >
< h4 id = "orga4ee85e" > < span class = "section-number-4" > 3.2.1.< / span > simple tools< / h4 >
2022-09-11 11:20:31 +08:00
< div class = "outline-text-4" id = "text-3-2-1" >
< / div >
< ol class = "org-ol" >
2022-09-15 17:18:00 +08:00
< li > < a id = "org75df475" > < / a > hexdump< br / > < / li >
< li > < a id = "org8d444ab" > < / a > strings< br / >
2022-09-11 11:20:31 +08:00
< div class = "outline-text-5" id = "text-3-2-1-2" >
< p >
all printable letters< br / >
< / p >
< / div >
< / li >
2022-09-15 17:18:00 +08:00
< li > < a id = "orgae5712c" > < / a > objdump< br / >
2022-09-11 11:20:31 +08:00
< div class = "outline-text-5" id = "text-3-2-1-3" >
< p >
disassembler< br / >
< / p >
< / div >
< / li >
2022-09-15 17:18:00 +08:00
< li > < a id = "org3a1a88f" > < / a > strace/ltrace< br / >
2022-09-11 11:20:31 +08:00
< div class = "outline-text-5" id = "text-3-2-1-4" >
< p >
trace sys/lib call< br / >
< / p >
< / div >
< / li >
< / ol >
< / div >
2022-09-15 17:18:00 +08:00
< div id = "outline-container-orga337c6f" class = "outline-4" >
< h4 id = "orga337c6f" > < span class = "section-number-4" > 3.2.2.< / span > < a href = "https://youtu.be/mT1V7IL2FHY" > 0x0A: deal with numbers< / a > < / h4 >
2022-09-11 11:20:31 +08:00
< div class = "outline-text-4" id = "text-3-2-2" >
< / div >
< ol class = "org-ol" >
2022-09-15 17:18:00 +08:00
< li > < a id = "orgc85ce65" > < / a > endian?< br / >
2022-09-11 11:20:31 +08:00
< div class = "outline-text-5" id = "text-3-2-2-1" >
< p >
from < a href = "https://zh.wikipedia.org/zh-cn/%E5%AD%97%E8%8A%82%E5%BA%8F" > Wikipedia< / a > < br / >
< img src = "../images/Big-Endian.svg.png " alt = "Big-Endian.svg.png " / > < img src = "../images/Little-Endian.svg.png" alt = "Little-Endian.svg.png" / > < br / >
x86 is little endian< br / >
< / p >
< / div >
< / li >
2022-09-15 17:18:00 +08:00
< li > < a id = "org8c9ee18" > < / a > tools< br / >
2022-09-11 11:20:31 +08:00
< ol class = "org-ol" >
2022-09-15 17:18:00 +08:00
< li > < a id = "org614835d" > < / a > python< br / >
2022-09-11 11:20:31 +08:00
< div class = "outline-text-6" id = "text-3-2-2-2-1" >
< div class = "org-src-container" >
2022-09-15 17:18:00 +08:00
< pre class = "src src-python" > > > > < span style = "font-weight: bold;" > int< / span > (< span style = "font-style: italic;" > '111'< / span > , 2)
2022-09-11 11:20:31 +08:00
7
2022-09-15 17:18:00 +08:00
> > > < span style = "font-weight: bold;" > hex< / span > (123)
< span style = "font-style: italic;" > '0x7b'< / span >
> > > < span style = "font-weight: bold;" > import< / span > struct
< span style = "font-weight: bold; font-style: italic;" > # < / span > < span style = "font-weight: bold; font-style: italic;" > https://docs.python.org/3.10/library/struct.html#format-characters< / span >
> > > struct.pack(< span style = "font-style: italic;" > "< I"< / span > , 0x61626364) < span style = "font-weight: bold; font-style: italic;" > # < / span > < span style = "font-weight: bold; font-style: italic;" > little endian< / span >
b< span style = "font-style: italic;" > 'dcba'< / span >
> > > struct.pack(< span style = "font-style: italic;" > "> I"< / span > , 0x61626364) < span style = "font-weight: bold; font-style: italic;" > # < / span > < span style = "font-weight: bold; font-style: italic;" > big endian< / span >
b< span style = "font-style: italic;" > 'abcd'< / span >
2022-09-11 11:20:31 +08:00
< / pre >
< / div >
< / div >
< / li >
2022-09-15 17:18:00 +08:00
< li > < a id = "org8436461" > < / a > iex< br / >
2022-09-11 11:20:31 +08:00
< div class = "outline-text-6" id = "text-3-2-2-2-2" >
< div class = "org-src-container" >
< pre class = "src src-elixir" > iex(1)> < < 0x61626364::32> >
2022-09-15 17:18:00 +08:00
< span style = "font-style: italic;" > "abcd"< / span >
iex(2)> < span style = "font-weight: bold; text-decoration: underline;" > Base< / span > .decode16(< span style = "font-style: italic;" > "61626364"< / span > )
{< span style = "font-weight: bold;" > :ok< / span > , < span style = "font-style: italic;" > "abcd"< / span > }
2022-09-11 11:20:31 +08:00
< / pre >
< / div >
< / div >
< / li >
< / ol >
< / li >
< / ol >
< / div >
< / div >
< / div >
< / div >
< div id = "postamble" class = "status" >
2022-09-15 17:18:00 +08:00
< p class = "date" > Date: 2022-06-29 三 00:00< / p >
2022-09-11 11:20:31 +08:00
< p class = "author" > Author: dongdigua< / p >
2022-09-15 17:18:00 +08:00
< p class = "date" > Created: 2022-09-15 四 12:08< / p >
2022-09-11 11:20:31 +08:00
< / div >
< / body >
< / html >