mirror.dongdigua.github.io/org/binary_exploit.org

#+TITLE: Binary Exploit Resources I Recently Trying to Learn
#+DATE: <2022-06-29 三>
#+TAGS: relearn(r)
#+OPTIONS: toc:nil


* resources
** video
[[https://youtube.com/playlist?list=PLhixgUqwRTjxglIswKp9mpkfPNfHkzyeN][Binary Exploitation / Memory Corruption by LiveOverflow]]
** website
*** [[https://play.picoctf.org/practice][picoCTF]]
*** [[https://exploit.education/][exploit education]]

* tools

** code auditing
[[./../images/fedora_security_lab.png]]
*** pscan
*** rats
*** splint
*** flawfinder

** debug
*** gdb

** reverse
*** [[https://book.rada.re/][radare2]]
**** iaito
*** hopper(non-free)


* notes on video
** [[https://youtu.be/6jSKldt7Eqs][0x04: asm basics]]
*** to show assembly in the source code window in gud, ~M-x gdb-display-disassembly-buffer~
*** links
**** https://microcorruption.com/
** [[https://youtu.be/3NTXFUxcKPc][0x06: tools]]
*** simple tools
**** hexdump
**** strings
all printable letters
**** objdump
disassembler
**** strace/ltrace
trace sys/lib call
*** [[https://youtu.be/mT1V7IL2FHY][0x0A: deal with numbers]]
**** endian?
from [[https://zh.wikipedia.org/zh-cn/字节序][Wikipedia]]
[[https://upload.wikimedia.org/wikipedia/commons/5/54/Big-Endian.svg]]
[[https://upload.wikimedia.org/wikipedia/commons/e/ed/Little-Endian.svg]]
x86 is little endian
**** tools
***** python
#+BEGIN_SRC python
  >>> int('111', 2)
  7
  >>> hex(123)
  '0x7b'
  >>> import struct
  # https://docs.python.org/3.10/library/struct.html#format-characters
  >>> struct.pack("<I", 0x61626364) # little endian
  b'dcba'
  >>> struct.pack(">I", 0x61626364) # big endian
  b'abcd'
#+END_SRC
***** iex
#+BEGIN_SRC elixir
  iex(1)> <<0x61626364::32>>
  "abcd"
  iex(2)> Base.decode16("61626364")
  {:ok, "abcd"}
#+END_SRC