update: binary exploit

This commit is contained in:
dongdigua 2022-07-29 16:13:34 +08:00
parent 8cace2149a
commit 8ad4fbe1a6
3 changed files with 89 additions and 10 deletions

71
org/binary_exploit.org Normal file
View File

@ -0,0 +1,71 @@
#+TITLE: Binary Exploit Resources I Recently Trying to Learn
#+TAGS: relearn(r)
#+OPTIONS: toc:nil
* resources
** video
[[https://youtube.com/playlist?list=PLhixgUqwRTjxglIswKp9mpkfPNfHkzyeN][Binary Exploitation / Memory Corruption by LiveOverflow]]
** website
*** [[https://play.picoctf.org/practice][picoCTF]]
*** [[https://exploit.education/][exploit education]]
* tools
** code auditing
[[../images/fedora_security_lab.png]]
*** pscan
*** rats
*** splint
*** flawfinder
** debug
*** gdb
** reverse
*** [[https://book.rada.re/][radare2]]
**** iaito
*** hopper(non-free)
* notes on video
** [[https://youtu.be/6jSKldt7Eqs][0x04: asm basics]]
*** to show assembly in the source code window in gud, ~M-x gdb-display-disassembly-buffer~
*** links
**** https://microcorruption.com/
** [[https://youtu.be/3NTXFUxcKPc][0x06: tools]]
*** simple tools
**** hexdump
**** strings
all printable letters
**** objdump
disassembler
**** strace/ltrace
trace sys/lib call
*** [[https://youtu.be/mT1V7IL2FHY][0x0A: deal with numbers]]
**** endian?
from [[https://zh.wikipedia.org/zh-cn/%E5%AD%97%E8%8A%82%E5%BA%8F][Wikipedia]]
[[../images/Big-Endian.svg.png ]][[../images/Little-Endian.svg.png]]
x86 is little endian
**** tools
***** python
#+BEGIN_SRC python
>>> int('111', 2)
7
>>> hex(123)
'0x7b'
>>> import struct
# https://docs.python.org/3.10/library/struct.html#format-characters
>>> struct.pack("<I", 0x61626364) # little endian
b'dcba'
>>> struct.pack(">I", 0x61626364) # big endian
b'abcd'
#+END_SRC
***** iex
#+BEGIN_SRC elixir
iex(1)> <<0x61626364::32>>
"abcd"
iex(2)> Base.decode16("61626364")
{:ok, "abcd"}
#+END_SRC

View File

@ -52,12 +52,12 @@
* EMACS * EMACS
** org-mode ** org-mode
| key | usage | | key | usage |
|-----------+-----------| |--------------+----------------------------|
| C-c \vbar | 创建表格 | | C-c \vbar | 创建表格 |
| C-c C-e | 导出 HTML | | C-c C-e | 导出 HTML |
| | | | M-left/right | 升级(promote)/降级(demote) |
| | | | C-c C-x C-v | toggle render images |
** normal ** normal
| key | usage | | key | usage |
@ -69,6 +69,10 @@
| C-x C-; | 行切换注释 | | C-x C-; | 行切换注释 |
| C-y | paste to minibuffer | | C-y | paste to minibuffer |
** dired
| key | usage |
| R | rename |
* Git (虽然不算editor, 但是先也放这吧) * Git (虽然不算editor, 但是先也放这吧)
#+BEGIN_SRC shell #+BEGIN_SRC shell
git log --stat | perl -ne 'END { print $c } $c += $1 if /(\d+) insertions/;' git log --stat | perl -ne 'END { print $c } $c += $1 if /(\d+) insertions/;'

View File

@ -78,6 +78,9 @@ old
very high quality very high quality
*** [[http://tomasp.net/commodore64][commodore64 BASIC]] *** [[http://tomasp.net/commodore64][commodore64 BASIC]]
*** [[http://tomasp.net/blog/csharp-async-gotchas.aspx][async in C#(gotchas) and F#]] *** [[http://tomasp.net/blog/csharp-async-gotchas.aspx][async in C#(gotchas) and F#]]
** [[http://www.xianwaizhiyin.net/][弦外之音]] :c:lowlevel:
** [[https://creamidea.github.io/][C-tone]]
pretty and concise page
* YouTube 收集(没有账号, 这就是我的收藏夹) * YouTube 收集(没有账号, 这就是我的收藏夹)
** Code ** Code
@ -89,13 +92,13 @@ java bad, python slow, nvidia fuck you, vi-sual studio, C艹 sucks
legacy legacy
*** [[https://youtu.be/qKA2NZ1-kx0][tsoding write cool shell in rust]] *** [[https://youtu.be/qKA2NZ1-kx0][tsoding write cool shell in rust]]
*** [[https://youtu.be/hmMtQe_mYr0][tsoding helloworld in c]] *** [[https://youtu.be/hmMtQe_mYr0][tsoding helloworld in c]]
*** [[https://www.youtube.com/watch?list=RDCMUChl_NKOs1qqh_x7yJfaDpDw][Tantan 合集]] *** [[https://www.youtube.com/playlist?list=RDCMUChl_NKOs1qqh_x7yJfaDpDw][Tantan 合集]]
Rust Graphics Rust Graphics
*** [[https://www.youtube.com/watch?list=PLGNbPb3dQJ_446PjTYQ0mCn2OGoHSKraB][build a virtual machine 合集(6/29)]] *** [[https://www.youtube.com/playlist?list=PLGNbPb3dQJ_446PjTYQ0mCn2OGoHSKraB][build a virtual machine 合集(6/29)]]
*** [[https://www.youtube.com/watch?list=PLSiFUSQSRYAOFwfP-aMzXJlWKVyIuWfPU][stack-based virtual machine(6 episode)]] *** [[https://www.youtube.com/playlist?list=PLSiFUSQSRYAOFwfP-aMzXJlWKVyIuWfPU][stack-based virtual machine(6 episode)]]
and [[https://youtu.be/cfPDeso3XwI][register-based(13 episode)]] and [[https://youtu.be/cfPDeso3XwI][register-based(13 episode)]]
*** [[https://youtu.be/_uAMo-bXI5g][register virtual machine in rust, with memory visualization]] *** [[https://youtu.be/_uAMo-bXI5g][register virtual machine in rust, with memory visualization]]
*** [[https://www.youtube.com/watch?list=PLpM-Dvs8t0VY73ytTCQqgvgCWttV3m8LM][tsoding virtual machine in C]] , [[https://dongdigua.github.io/tsoding_bm][some notes]] *** [[https://www.youtube.com/playlist?list=PLpM-Dvs8t0VY73ytTCQqgvgCWttV3m8LM][tsoding virtual machine in C]] , [[https://dongdigua.github.io/tsoding_bm][some notes]]
*** [[https://youtu.be/Fq9chEBQMFE][what if I try to malloc too much memory]] *** [[https://youtu.be/Fq9chEBQMFE][what if I try to malloc too much memory]]
*** [[https://youtu.be/qF7dkrce-mQ][fireship bitcoin]] *** [[https://youtu.be/qF7dkrce-mQ][fireship bitcoin]]
大概是我见过最好的讲区块链的视频了, 除了...JS 啊啊啊 大概是我见过最好的讲区块链的视频了, 除了...JS 啊啊啊
@ -110,6 +113,7 @@ and [[https://youtu.be/cfPDeso3XwI][register-based(13 episode)]]
1:50 sexplib? 1:50 sexplib?
2:00 build own irc lib 2:00 build own irc lib
2:14 "how many american server you have already hacked" - "I don't count them I'm sorry" 2:14 "how many american server you have already hacked" - "I don't count them I'm sorry"
*** [[https://youtube.be/TLa2VqcGGEQ][CVE-2021-3156 sudo]]
** Minecraft ** Minecraft
*** [[https://youtu.be/VKydXD6Lr20][Mojang & Minecraft 开始衰落了吗?]] *** [[https://youtu.be/VKydXD6Lr20][Mojang & Minecraft 开始衰落了吗?]]