nganhkhoa/CTF-All-In-One
1
0
Fork 0
mirror of https://github.com/nganhkhoa/CTF-All-In-One.git synced 2024-10-19 01:12:52 +07:00
Code Issues Projects Releases Wiki Activity
6689193994
CTF-All-In-One/doc/6.4_pwn_njctf2017_233.md

34 lines
1.2 KiB
Markdown
Raw Normal View History

add 6.4
2017-11-19 14:04:12 +07:00
# 6.4 pwn njctf2017 233
- [题目复现](#题目复现)
- [SROP 原理及题目解析](#srop-原理及题目解析)
- [Exploit](#exploit)
- [参考资料](#参考资料)
## 题目复现
在 6.1 中我们看到了 blind ROP这一节中再来看一种 ROP 技术Sigreturn Oriented Programming。
checksec 如下:
```
$ checksec -f 233
RELRO STACK CANARY NX PIE RPATH RUNPATH FORTIFY Fortified Fortifiable FILE
Full RELRO No canary found NX enabled PIE enabled No RPATH No RUNPATH No 0 2 233
```
把程序运行起来:
```
$ socat tcp4-listen:10001,reuseaddr,fork exec:./233
```
## SROP 原理及题目解析
## Exploit
完整的 exp 如下,其他文件放在了[github](../src/writeup/6.4_pwn_njctf2017_233)相应文件夹中:
## 参考资料
- [Framing Signals—A Return to Portable Shellcode](http://www.ieee-security.org/TC/SP2014/papers/FramingSignals-AReturntoPortableShellcode.pdf)
- [slides: Framing Signals a return to portable shellcode](https://tc.gtisc.gatech.edu/bss/2014/r/srop-slides.pdf)
- [Sigreturn Oriented Programming](https://www.slideshare.net/AngelBoy1/sigreturn-ori)
Reference in New Issue Copy Permalink