mirror of
https://github.com/dongdigua/dongdigua.github.io
synced 2024-11-24 04:03:11 +08:00
393 lines
14 KiB
HTML
393 lines
14 KiB
HTML
<?xml version="1.0" encoding="utf-8"?>
|
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
|
|
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
|
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
|
|
<head>
|
|
<!-- 2022-08-12 五 12:15 -->
|
|
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
|
|
<meta name="viewport" content="width=device-width, initial-scale=1" />
|
|
<title>Binary Exploit Resources I Recently Trying to Learn</title>
|
|
<meta name="author" content="dongdigua" />
|
|
<meta name="generator" content="Org Mode" />
|
|
<style>
|
|
#content { max-width: 60em; margin: auto; }
|
|
.title { text-align: center;
|
|
margin-bottom: .2em; }
|
|
.subtitle { text-align: center;
|
|
font-size: medium;
|
|
font-weight: bold;
|
|
margin-top:0; }
|
|
.todo { font-family: monospace; color: red; }
|
|
.done { font-family: monospace; color: green; }
|
|
.priority { font-family: monospace; color: orange; }
|
|
.tag { background-color: #eee; font-family: monospace;
|
|
padding: 2px; font-size: 80%; font-weight: normal; }
|
|
.timestamp { color: #bebebe; }
|
|
.timestamp-kwd { color: #5f9ea0; }
|
|
.org-right { margin-left: auto; margin-right: 0px; text-align: right; }
|
|
.org-left { margin-left: 0px; margin-right: auto; text-align: left; }
|
|
.org-center { margin-left: auto; margin-right: auto; text-align: center; }
|
|
.underline { text-decoration: underline; }
|
|
#postamble p, #preamble p { font-size: 90%; margin: .2em; }
|
|
p.verse { margin-left: 3%; }
|
|
pre {
|
|
border: 1px solid #e6e6e6;
|
|
border-radius: 3px;
|
|
background-color: #f2f2f2;
|
|
padding: 8pt;
|
|
font-family: monospace;
|
|
overflow: auto;
|
|
margin: 1.2em;
|
|
}
|
|
pre.src {
|
|
position: relative;
|
|
overflow: auto;
|
|
}
|
|
pre.src:before {
|
|
display: none;
|
|
position: absolute;
|
|
top: -8px;
|
|
right: 12px;
|
|
padding: 3px;
|
|
color: #555;
|
|
background-color: #f2f2f299;
|
|
}
|
|
pre.src:hover:before { display: inline; margin-top: 14px;}
|
|
/* Languages per Org manual */
|
|
pre.src-asymptote:before { content: 'Asymptote'; }
|
|
pre.src-awk:before { content: 'Awk'; }
|
|
pre.src-authinfo::before { content: 'Authinfo'; }
|
|
pre.src-C:before { content: 'C'; }
|
|
/* pre.src-C++ doesn't work in CSS */
|
|
pre.src-clojure:before { content: 'Clojure'; }
|
|
pre.src-css:before { content: 'CSS'; }
|
|
pre.src-D:before { content: 'D'; }
|
|
pre.src-ditaa:before { content: 'ditaa'; }
|
|
pre.src-dot:before { content: 'Graphviz'; }
|
|
pre.src-calc:before { content: 'Emacs Calc'; }
|
|
pre.src-emacs-lisp:before { content: 'Emacs Lisp'; }
|
|
pre.src-fortran:before { content: 'Fortran'; }
|
|
pre.src-gnuplot:before { content: 'gnuplot'; }
|
|
pre.src-haskell:before { content: 'Haskell'; }
|
|
pre.src-hledger:before { content: 'hledger'; }
|
|
pre.src-java:before { content: 'Java'; }
|
|
pre.src-js:before { content: 'Javascript'; }
|
|
pre.src-latex:before { content: 'LaTeX'; }
|
|
pre.src-ledger:before { content: 'Ledger'; }
|
|
pre.src-lisp:before { content: 'Lisp'; }
|
|
pre.src-lilypond:before { content: 'Lilypond'; }
|
|
pre.src-lua:before { content: 'Lua'; }
|
|
pre.src-matlab:before { content: 'MATLAB'; }
|
|
pre.src-mscgen:before { content: 'Mscgen'; }
|
|
pre.src-ocaml:before { content: 'Objective Caml'; }
|
|
pre.src-octave:before { content: 'Octave'; }
|
|
pre.src-org:before { content: 'Org mode'; }
|
|
pre.src-oz:before { content: 'OZ'; }
|
|
pre.src-plantuml:before { content: 'Plantuml'; }
|
|
pre.src-processing:before { content: 'Processing.js'; }
|
|
pre.src-python:before { content: 'Python'; }
|
|
pre.src-R:before { content: 'R'; }
|
|
pre.src-ruby:before { content: 'Ruby'; }
|
|
pre.src-sass:before { content: 'Sass'; }
|
|
pre.src-scheme:before { content: 'Scheme'; }
|
|
pre.src-screen:before { content: 'Gnu Screen'; }
|
|
pre.src-sed:before { content: 'Sed'; }
|
|
pre.src-sh:before { content: 'shell'; }
|
|
pre.src-sql:before { content: 'SQL'; }
|
|
pre.src-sqlite:before { content: 'SQLite'; }
|
|
/* additional languages in org.el's org-babel-load-languages alist */
|
|
pre.src-forth:before { content: 'Forth'; }
|
|
pre.src-io:before { content: 'IO'; }
|
|
pre.src-J:before { content: 'J'; }
|
|
pre.src-makefile:before { content: 'Makefile'; }
|
|
pre.src-maxima:before { content: 'Maxima'; }
|
|
pre.src-perl:before { content: 'Perl'; }
|
|
pre.src-picolisp:before { content: 'Pico Lisp'; }
|
|
pre.src-scala:before { content: 'Scala'; }
|
|
pre.src-shell:before { content: 'Shell Script'; }
|
|
pre.src-ebnf2ps:before { content: 'ebfn2ps'; }
|
|
/* additional language identifiers per "defun org-babel-execute"
|
|
in ob-*.el */
|
|
pre.src-cpp:before { content: 'C++'; }
|
|
pre.src-abc:before { content: 'ABC'; }
|
|
pre.src-coq:before { content: 'Coq'; }
|
|
pre.src-groovy:before { content: 'Groovy'; }
|
|
/* additional language identifiers from org-babel-shell-names in
|
|
ob-shell.el: ob-shell is the only babel language using a lambda to put
|
|
the execution function name together. */
|
|
pre.src-bash:before { content: 'bash'; }
|
|
pre.src-csh:before { content: 'csh'; }
|
|
pre.src-ash:before { content: 'ash'; }
|
|
pre.src-dash:before { content: 'dash'; }
|
|
pre.src-ksh:before { content: 'ksh'; }
|
|
pre.src-mksh:before { content: 'mksh'; }
|
|
pre.src-posh:before { content: 'posh'; }
|
|
/* Additional Emacs modes also supported by the LaTeX listings package */
|
|
pre.src-ada:before { content: 'Ada'; }
|
|
pre.src-asm:before { content: 'Assembler'; }
|
|
pre.src-caml:before { content: 'Caml'; }
|
|
pre.src-delphi:before { content: 'Delphi'; }
|
|
pre.src-html:before { content: 'HTML'; }
|
|
pre.src-idl:before { content: 'IDL'; }
|
|
pre.src-mercury:before { content: 'Mercury'; }
|
|
pre.src-metapost:before { content: 'MetaPost'; }
|
|
pre.src-modula-2:before { content: 'Modula-2'; }
|
|
pre.src-pascal:before { content: 'Pascal'; }
|
|
pre.src-ps:before { content: 'PostScript'; }
|
|
pre.src-prolog:before { content: 'Prolog'; }
|
|
pre.src-simula:before { content: 'Simula'; }
|
|
pre.src-tcl:before { content: 'tcl'; }
|
|
pre.src-tex:before { content: 'TeX'; }
|
|
pre.src-plain-tex:before { content: 'Plain TeX'; }
|
|
pre.src-verilog:before { content: 'Verilog'; }
|
|
pre.src-vhdl:before { content: 'VHDL'; }
|
|
pre.src-xml:before { content: 'XML'; }
|
|
pre.src-nxml:before { content: 'XML'; }
|
|
/* add a generic configuration mode; LaTeX export needs an additional
|
|
(add-to-list 'org-latex-listings-langs '(conf " ")) in .emacs */
|
|
pre.src-conf:before { content: 'Configuration File'; }
|
|
|
|
table { border-collapse:collapse; }
|
|
caption.t-above { caption-side: top; }
|
|
caption.t-bottom { caption-side: bottom; }
|
|
td, th { vertical-align:top; }
|
|
th.org-right { text-align: center; }
|
|
th.org-left { text-align: center; }
|
|
th.org-center { text-align: center; }
|
|
td.org-right { text-align: right; }
|
|
td.org-left { text-align: left; }
|
|
td.org-center { text-align: center; }
|
|
dt { font-weight: bold; }
|
|
.footpara { display: inline; }
|
|
.footdef { margin-bottom: 1em; }
|
|
.figure { padding: 1em; }
|
|
.figure p { text-align: center; }
|
|
.equation-container {
|
|
display: table;
|
|
text-align: center;
|
|
width: 100%;
|
|
}
|
|
.equation {
|
|
vertical-align: middle;
|
|
}
|
|
.equation-label {
|
|
display: table-cell;
|
|
text-align: right;
|
|
vertical-align: middle;
|
|
}
|
|
.inlinetask {
|
|
padding: 10px;
|
|
border: 2px solid gray;
|
|
margin: 10px;
|
|
background: #ffffcc;
|
|
}
|
|
#org-div-home-and-up
|
|
{ text-align: right; font-size: 70%; white-space: nowrap; }
|
|
textarea { overflow-x: auto; }
|
|
.linenr { font-size: smaller }
|
|
.code-highlighted { background-color: #ffff00; }
|
|
.org-info-js_info-navigation { border-style: none; }
|
|
#org-info-js_console-label
|
|
{ font-size: 10px; font-weight: bold; white-space: nowrap; }
|
|
.org-info-js_search-highlight
|
|
{ background-color: #ffff00; color: #000000; font-weight: bold; }
|
|
.org-svg { width: 90%; }
|
|
</style>
|
|
<link rel='stylesheet' type='text/css' href='./../css/org-css.css' />
|
|
</head>
|
|
<body>
|
|
<div id="content" class="content">
|
|
<h1 class="title">Binary Exploit Resources I Recently Trying to Learn</h1>
|
|
|
|
|
|
<div id="outline-container-org0cdbdc3" class="outline-2">
|
|
<h2 id="org0cdbdc3"><span class="section-number-2">1.</span> resources</h2>
|
|
<div class="outline-text-2" id="text-1">
|
|
</div>
|
|
<div id="outline-container-org9e897e4" class="outline-3">
|
|
<h3 id="org9e897e4"><span class="section-number-3">1.1.</span> video</h3>
|
|
<div class="outline-text-3" id="text-1-1">
|
|
<p>
|
|
<a href="https://youtube.com/playlist?list=PLhixgUqwRTjxglIswKp9mpkfPNfHkzyeN">Binary Exploitation / Memory Corruption by LiveOverflow</a>
|
|
</p>
|
|
</div>
|
|
</div>
|
|
<div id="outline-container-org27fe887" class="outline-3">
|
|
<h3 id="org27fe887"><span class="section-number-3">1.2.</span> website</h3>
|
|
<div class="outline-text-3" id="text-1-2">
|
|
</div>
|
|
<div id="outline-container-org7acdc3f" class="outline-4">
|
|
<h4 id="org7acdc3f"><span class="section-number-4">1.2.1.</span> <a href="https://play.picoctf.org/practice">picoCTF</a></h4>
|
|
</div>
|
|
<div id="outline-container-org0d76b99" class="outline-4">
|
|
<h4 id="org0d76b99"><span class="section-number-4">1.2.2.</span> <a href="https://exploit.education/">exploit education</a></h4>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
<div id="outline-container-org5de3a2a" class="outline-2">
|
|
<h2 id="org5de3a2a"><span class="section-number-2">2.</span> tools</h2>
|
|
<div class="outline-text-2" id="text-2">
|
|
</div>
|
|
<div id="outline-container-orge7aaa63" class="outline-3">
|
|
<h3 id="orge7aaa63"><span class="section-number-3">2.1.</span> code auditing</h3>
|
|
<div class="outline-text-3" id="text-2-1">
|
|
|
|
<div id="orgdb903b7" class="figure">
|
|
<p><img src="../images/fedora_security_lab.png" alt="fedora_security_lab.png" />
|
|
</p>
|
|
</div>
|
|
</div>
|
|
<div id="outline-container-orgef81c05" class="outline-4">
|
|
<h4 id="orgef81c05"><span class="section-number-4">2.1.1.</span> pscan</h4>
|
|
</div>
|
|
<div id="outline-container-orgdc82c8d" class="outline-4">
|
|
<h4 id="orgdc82c8d"><span class="section-number-4">2.1.2.</span> rats</h4>
|
|
</div>
|
|
<div id="outline-container-org838a845" class="outline-4">
|
|
<h4 id="org838a845"><span class="section-number-4">2.1.3.</span> splint</h4>
|
|
</div>
|
|
<div id="outline-container-org09dbe7a" class="outline-4">
|
|
<h4 id="org09dbe7a"><span class="section-number-4">2.1.4.</span> flawfinder</h4>
|
|
</div>
|
|
</div>
|
|
|
|
<div id="outline-container-org634159e" class="outline-3">
|
|
<h3 id="org634159e"><span class="section-number-3">2.2.</span> debug</h3>
|
|
<div class="outline-text-3" id="text-2-2">
|
|
</div>
|
|
<div id="outline-container-org0bf5af7" class="outline-4">
|
|
<h4 id="org0bf5af7"><span class="section-number-4">2.2.1.</span> gdb</h4>
|
|
</div>
|
|
</div>
|
|
|
|
<div id="outline-container-org884a3e0" class="outline-3">
|
|
<h3 id="org884a3e0"><span class="section-number-3">2.3.</span> reverse</h3>
|
|
<div class="outline-text-3" id="text-2-3">
|
|
</div>
|
|
<div id="outline-container-orgf283049" class="outline-4">
|
|
<h4 id="orgf283049"><span class="section-number-4">2.3.1.</span> <a href="https://book.rada.re/">radare2</a></h4>
|
|
<div class="outline-text-4" id="text-2-3-1">
|
|
</div>
|
|
<ol class="org-ol">
|
|
<li><a id="orgf263ffc"></a>iaito<br /></li>
|
|
</ol>
|
|
</div>
|
|
<div id="outline-container-orga6a3a1c" class="outline-4">
|
|
<h4 id="orga6a3a1c"><span class="section-number-4">2.3.2.</span> hopper(non-free)</h4>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
|
|
<div id="outline-container-org7018e10" class="outline-2">
|
|
<h2 id="org7018e10"><span class="section-number-2">3.</span> notes on video</h2>
|
|
<div class="outline-text-2" id="text-3">
|
|
</div>
|
|
<div id="outline-container-org0c19881" class="outline-3">
|
|
<h3 id="org0c19881"><span class="section-number-3">3.1.</span> <a href="https://youtu.be/6jSKldt7Eqs">0x04: asm basics</a></h3>
|
|
<div class="outline-text-3" id="text-3-1">
|
|
</div>
|
|
<div id="outline-container-org8a6191b" class="outline-4">
|
|
<h4 id="org8a6191b"><span class="section-number-4">3.1.1.</span> to show assembly in the source code window in gud, <code>M-x gdb-display-disassembly-buffer</code></h4>
|
|
</div>
|
|
<div id="outline-container-org9d7ede3" class="outline-4">
|
|
<h4 id="org9d7ede3"><span class="section-number-4">3.1.2.</span> links</h4>
|
|
<div class="outline-text-4" id="text-3-1-2">
|
|
</div>
|
|
<ol class="org-ol">
|
|
<li><a id="org9b8b7d3"></a><a href="https://microcorruption.com/">https://microcorruption.com/</a><br /></li>
|
|
</ol>
|
|
</div>
|
|
</div>
|
|
<div id="outline-container-org1a51115" class="outline-3">
|
|
<h3 id="org1a51115"><span class="section-number-3">3.2.</span> <a href="https://youtu.be/3NTXFUxcKPc">0x06: tools</a></h3>
|
|
<div class="outline-text-3" id="text-3-2">
|
|
</div>
|
|
<div id="outline-container-orgfaab3a1" class="outline-4">
|
|
<h4 id="orgfaab3a1"><span class="section-number-4">3.2.1.</span> simple tools</h4>
|
|
<div class="outline-text-4" id="text-3-2-1">
|
|
</div>
|
|
<ol class="org-ol">
|
|
<li><a id="org809ec32"></a>hexdump<br /></li>
|
|
<li><a id="org6030a99"></a>strings<br />
|
|
<div class="outline-text-5" id="text-3-2-1-2">
|
|
<p>
|
|
all printable letters
|
|
</p>
|
|
</div>
|
|
</li>
|
|
<li><a id="org1b704f6"></a>objdump<br />
|
|
<div class="outline-text-5" id="text-3-2-1-3">
|
|
<p>
|
|
disassembler
|
|
</p>
|
|
</div>
|
|
</li>
|
|
<li><a id="org20f75ac"></a>strace/ltrace<br />
|
|
<div class="outline-text-5" id="text-3-2-1-4">
|
|
<p>
|
|
trace sys/lib call
|
|
</p>
|
|
</div>
|
|
</li>
|
|
</ol>
|
|
</div>
|
|
<div id="outline-container-orgda2ed23" class="outline-4">
|
|
<h4 id="orgda2ed23"><span class="section-number-4">3.2.2.</span> <a href="https://youtu.be/mT1V7IL2FHY">0x0A: deal with numbers</a></h4>
|
|
<div class="outline-text-4" id="text-3-2-2">
|
|
</div>
|
|
<ol class="org-ol">
|
|
<li><a id="org3a88409"></a>endian?<br />
|
|
<div class="outline-text-5" id="text-3-2-2-1">
|
|
<p>
|
|
from <a href="https://zh.wikipedia.org/zh-cn/%E5%AD%97%E8%8A%82%E5%BA%8F">Wikipedia</a>
|
|
<img src="../images/Big-Endian.svg.png " alt="Big-Endian.svg.png " /><img src="../images/Little-Endian.svg.png" alt="Little-Endian.svg.png" />
|
|
x86 is little endian
|
|
</p>
|
|
</div>
|
|
</li>
|
|
<li><a id="orgb30ff0f"></a>tools<br />
|
|
<ol class="org-ol">
|
|
<li><a id="orgdf6eaec"></a>python<br />
|
|
<div class="outline-text-6" id="text-3-2-2-2-1">
|
|
<div class="org-src-container">
|
|
<pre class="src src-python">>>> int('111', 2)
|
|
7
|
|
>>> hex(123)
|
|
'0x7b'
|
|
>>> import struct
|
|
# https://docs.python.org/3.10/library/struct.html#format-characters
|
|
>>> struct.pack("<I", 0x61626364) # little endian
|
|
b'dcba'
|
|
>>> struct.pack(">I", 0x61626364) # big endian
|
|
b'abcd'
|
|
</pre>
|
|
</div>
|
|
</div>
|
|
</li>
|
|
<li><a id="org58e7318"></a>iex<br />
|
|
<div class="outline-text-6" id="text-3-2-2-2-2">
|
|
<div class="org-src-container">
|
|
<pre class="src src-elixir">iex(1)> <<0x61626364::32>>
|
|
"abcd"
|
|
iex(2)> Base.decode16("61626364")
|
|
{:ok, "abcd"}
|
|
</pre>
|
|
</div>
|
|
</div>
|
|
</li>
|
|
</ol>
|
|
</li>
|
|
</ol>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<div id="postamble" class="status">
|
|
<p class="author">Author: dongdigua</p>
|
|
<p class="date">Created: 2022-08-12 五 12:15</p>
|
|
</div>
|
|
</body>
|
|
</html>
|