CTF-All-In-One/doc/6.4_writeup.md

# 6.4 习题答案

- [一、基础知识篇]()
  - [1.3 Linux 基础]()
  - [1.4 Web 安全基础]()
  - [1.5 逆向工程基础]()
    - [1.5.1 C 语言基础]()
    - [1.5.2 x86/x64/ARM 汇编基础]()
    - [1.5.3 Linux ELF]()
    - [1.5.4 Windows PE]()
    - [1.5.5 静态链接]()
    - [1.5.6 动态链接]()
    - [1.5.7 内存管理]()
    - [1.5.8 glibc malloc]()
  - [1.6 密码学基础]()
  - [1.7 Android 安全基础]()
- [二、工具篇]()
  - [2.1 VM]()
  - [2.1 gdb/peda]()
  - [2.2 ollydbg]()
  - [2.3 windbg]()
  - [2.4 radare2]()
  - [2.5 IDA Pro]()
  - [2.6 pwntools]()
  - [2.8 zio]()
  - [2.9 metasploit]()
  - [2.10 binwalk]()
  - [2.11 Burp Suite]()
- [三、分类专题篇]()
  - [3.1 Reverse]()
  - [3.2 Crypto]()
  - [3.3 Pwn]()
  - [3.4 Web]()
  - [3.5 Misc]()
  - [3.6 Mobile]()
- [四、技巧篇]()
  - [4.1 AWD模式]()
  - [4.2 Linux 命令行技巧]()
  - [4.3 GCC 堆栈保护技术]()
- [五、高级篇]()
  - [5.1 Fuzz 测试]()
  - [5.2 Pin 动态二进制插桩](#53-angr-二进制自动化分析)
  - [5.3 angr 二进制自动化分析]()
  - [5.4 反调试技术]()
- [六、附录]()
  - [6.1 更多 Linux 工具](#61-更多-linux-工具)
  - [6.2 更多 Windows 工具]()


## 5.3 angr 二进制自动化分析
#### Baleful - picoCTF 2014

#### Reverse 400 - Hack You 2014

#### wyvern 500 - CSAW CTF 2015

#### rev100 - th3jackers CTF 2015


## 6.1 更多 Linux 工具
#### Strings - strings_crackme
```text
[firmy@Reverse]$ strings -e L strings_crackme
w0wgreat
```

#### Strings - flag_pwnablekr
```text
[firmy@Reverse]$ ./flag_pwnablekr
I will malloc() and strcpy the flag there. take it.
[firmy@Reverse]$ strings flag_pwnablekr | grep UPX
UPX!
$Info: This file is packed with the UPX executable packer http://upx.sf.net $
$Id: UPX 3.08 Copyright (C) 1996-2011 the UPX Team. All Rights Reserved. $
UPX!
UPX!
[firmy@Reverse]$ upx -d flag_pwnablekr
                       Ultimate Packer for eXecutables
                          Copyright (C) 1996 - 2017
UPX 3.94        Markus Oberhumer, Laszlo Molnar & John Reiser   May 12th 2017
        File size         Ratio      Format      Name
   --------------------   ------   -----------   -----------
    883745 <-    335288   37.94%   linux/amd64   flag_pwnablekr
Unpacked 1 file.
[firmy@Reverse]$ strings flag_pwnablekr | grep -i upx
UPX...? sounds like a delivery service :)
```

#### xxd - xxd_crackme
```text
[firmy@Reverse]$ xxd -g1 xxd_crackme
......
00001020: 00 00 00 00 67 30 30 64 4a 30 42 21 00 00 00 00  ....g00dJ0B!....
......
```
```text
[firmy@Reverse]$ strings -d xxd_crackme
......
g00dJ0B!
......
```
update 2017-07-17 21:02:41 +07:00			`# 6.4 习题答案`

fix 2017-08-16 14:45:24 +07:00			`- [一、基础知识篇]()`
			`- [1.3 Linux 基础]()`
			`- [1.4 Web 安全基础]()`
			`- [1.5 逆向工程基础]()`
			`- [1.5.1 C 语言基础]()`
			`- [1.5.2 x86/x64/ARM 汇编基础]()`
			`- [1.5.3 Linux ELF]()`
			`- [1.5.4 Windows PE]()`
			`- [1.5.5 静态链接]()`
			`- [1.5.6 动态链接]()`
			`- [1.5.7 内存管理]()`
			`- [1.5.8 glibc malloc]()`
			`- [1.6 密码学基础]()`
			`- [1.7 Android 安全基础]()`
			`- [二、工具篇]()`
			`- [2.1 VM]()`
			`- [2.1 gdb/peda]()`
			`- [2.2 ollydbg]()`
			`- [2.3 windbg]()`
			`- [2.4 radare2]()`
			`- [2.5 IDA Pro]()`
			`- [2.6 pwntools]()`
			`- [2.8 zio]()`
			`- [2.9 metasploit]()`
			`- [2.10 binwalk]()`
			`- [2.11 Burp Suite]()`
			`- [三、分类专题篇]()`
			`- [3.1 Reverse]()`
			`- [3.2 Crypto]()`
			`- [3.3 Pwn]()`
			`- [3.4 Web]()`
			`- [3.5 Misc]()`
			`- [3.6 Mobile]()`
			`- [四、技巧篇]()`
			`- [4.1 AWD模式]()`
			`- [4.2 Linux 命令行技巧]()`
			`- [4.3 GCC 堆栈保护技术]()`
			`- [五、高级篇]()`
			`- [5.1 Fuzz 测试]()`
			`- [5.2 Pin 动态二进制插桩](#53-angr-二进制自动化分析)`
			`- [5.3 angr 二进制自动化分析]()`
			`- [5.4 反调试技术]()`
			`- [六、附录]()`
			`- [6.1 更多 Linux 工具](#61-更多-linux-工具)`
			`- [6.2 更多 Windows 工具]()`
update 2017-07-17 21:02:41 +07:00

fix 2017-08-16 14:45:24 +07:00			`## 5.3 angr 二进制自动化分析`
			`#### Baleful - picoCTF 2014`
update 2017-07-17 21:02:41 +07:00
fix 2017-08-16 14:45:24 +07:00			`#### Reverse 400 - Hack You 2014`
update 2017-07-17 21:02:41 +07:00
fix 2017-08-16 14:45:24 +07:00			`#### wyvern 500 - CSAW CTF 2015`
update 2017-07-17 21:02:41 +07:00
fix 2017-08-16 14:45:24 +07:00			`#### rev100 - th3jackers CTF 2015`
update 2017-07-17 21:02:41 +07:00
fix 2017-08-16 14:45:24 +07:00
			`## 6.1 更多 Linux 工具`
update 2017-07-17 21:02:41 +07:00			`#### Strings - strings_crackme`
			```text
			`[firmy@Reverse]$ strings -e L strings_crackme`
			`w0wgreat`
			```

			`#### Strings - flag_pwnablekr`
			```text
fix 2017-08-16 14:45:24 +07:00			`[firmy@Reverse]$ ./flag_pwnablekr`
update 2017-07-17 21:02:41 +07:00			`I will malloc() and strcpy the flag there. take it.`
			`[firmy@Reverse]$ strings flag_pwnablekr \| grep UPX`
			`UPX!`
			$Info: This file is packed with the UPX executable packer http://upx.sf.net $
			$Id: UPX 3.08 Copyright (C) 1996-2011 the UPX Team. All Rights Reserved. $
			`UPX!`
			`UPX!`
fix 2017-08-16 14:45:24 +07:00			`[firmy@Reverse]$ upx -d flag_pwnablekr`
update 2017-07-17 21:02:41 +07:00			`Ultimate Packer for eXecutables`
			`Copyright (C) 1996 - 2017`
			`UPX 3.94 Markus Oberhumer, Laszlo Molnar & John Reiser May 12th 2017`
			`File size Ratio Format Name`
			`-------------------- ------ ----------- -----------`
			`883745 <- 335288 37.94% linux/amd64 flag_pwnablekr`
			`Unpacked 1 file.`
			`[firmy@Reverse]$ strings flag_pwnablekr \| grep -i upx`
			`UPX...? sounds like a delivery service :)`
			```

			`#### xxd - xxd_crackme`
			```text
			`[firmy@Reverse]$ xxd -g1 xxd_crackme`
			`......`
			`00001020: 00 00 00 00 67 30 30 64 4a 30 42 21 00 00 00 00 ....g00dJ0B!....`
			`......`
			```
			```text
fix 2017-08-16 14:45:24 +07:00			`[firmy@Reverse]$ strings -d xxd_crackme`
update 2017-07-17 21:02:41 +07:00			`......`
			`g00dJ0B!`
			`......`
			```