mirror of
https://github.com/dongdigua/dongdigua.github.io
synced 2024-11-27 17:10:55 +08:00
dongdigua
ef837db00e
- collections add `wow` tag - binary_exploit opti link - add magical_index icon
74 lines
1.7 KiB
Org Mode
74 lines
1.7 KiB
Org Mode
#+TITLE: Binary Exploit Resources I Recently Trying to Learn
|
|
#+DATE: <2022-06-29 三>
|
|
#+TAGS: relearn(r)
|
|
#+OPTIONS: toc:nil
|
|
|
|
|
|
* resources
|
|
** video
|
|
[[https://youtube.com/playlist?list=PLhixgUqwRTjxglIswKp9mpkfPNfHkzyeN][Binary Exploitation / Memory Corruption by LiveOverflow]]
|
|
** website
|
|
*** [[https://play.picoctf.org/practice][picoCTF]]
|
|
*** [[https://exploit.education/][exploit education]]
|
|
|
|
* tools
|
|
|
|
** code auditing
|
|
[[./../images/fedora_security_lab.png]]
|
|
*** pscan
|
|
*** rats
|
|
*** splint
|
|
*** flawfinder
|
|
|
|
** debug
|
|
*** gdb
|
|
|
|
** reverse
|
|
*** [[https://book.rada.re/][radare2]]
|
|
**** iaito
|
|
*** hopper(non-free)
|
|
|
|
|
|
* notes on video
|
|
** [[https://youtu.be/6jSKldt7Eqs][0x04: asm basics]]
|
|
*** to show assembly in the source code window in gud, ~M-x gdb-display-disassembly-buffer~
|
|
*** links
|
|
**** https://microcorruption.com/
|
|
** [[https://youtu.be/3NTXFUxcKPc][0x06: tools]]
|
|
*** simple tools
|
|
**** hexdump
|
|
**** strings
|
|
all printable letters
|
|
**** objdump
|
|
disassembler
|
|
**** strace/ltrace
|
|
trace sys/lib call
|
|
*** [[https://youtu.be/mT1V7IL2FHY][0x0A: deal with numbers]]
|
|
**** endian?
|
|
from [[https://zh.wikipedia.org/zh-cn/字节序][Wikipedia]]
|
|
[[https://upload.wikimedia.org/wikipedia/commons/5/54/Big-Endian.svg]]
|
|
[[https://upload.wikimedia.org/wikipedia/commons/e/ed/Little-Endian.svg]]
|
|
x86 is little endian
|
|
**** tools
|
|
***** python
|
|
#+BEGIN_SRC python
|
|
>>> int('111', 2)
|
|
7
|
|
>>> hex(123)
|
|
'0x7b'
|
|
>>> import struct
|
|
# https://docs.python.org/3.10/library/struct.html#format-characters
|
|
>>> struct.pack("<I", 0x61626364) # little endian
|
|
b'dcba'
|
|
>>> struct.pack(">I", 0x61626364) # big endian
|
|
b'abcd'
|
|
#+END_SRC
|
|
***** iex
|
|
#+BEGIN_SRC elixir
|
|
iex(1)> <<0x61626364::32>>
|
|
"abcd"
|
|
iex(2)> Base.decode16("61626364")
|
|
{:ok, "abcd"}
|
|
#+END_SRC
|
|
|