2017-11-05 16:21:02 +07:00
|
|
|
# 7.4 习题答案
|
2017-07-17 21:02:41 +07:00
|
|
|
|
2017-08-16 14:45:24 +07:00
|
|
|
- [一、基础知识篇]()
|
|
|
|
- [1.3 Linux 基础]()
|
|
|
|
- [1.4 Web 安全基础]()
|
|
|
|
- [1.5 逆向工程基础]()
|
|
|
|
- [1.5.1 C 语言基础]()
|
|
|
|
- [1.5.2 x86/x64/ARM 汇编基础]()
|
|
|
|
- [1.5.3 Linux ELF]()
|
|
|
|
- [1.5.4 Windows PE]()
|
|
|
|
- [1.5.5 静态链接]()
|
|
|
|
- [1.5.6 动态链接]()
|
|
|
|
- [1.5.7 内存管理]()
|
|
|
|
- [1.5.8 glibc malloc]()
|
|
|
|
- [1.6 密码学基础]()
|
|
|
|
- [1.7 Android 安全基础]()
|
|
|
|
- [二、工具篇]()
|
|
|
|
- [2.1 VM]()
|
|
|
|
- [2.1 gdb/peda]()
|
|
|
|
- [2.2 ollydbg]()
|
|
|
|
- [2.3 windbg]()
|
|
|
|
- [2.4 radare2]()
|
|
|
|
- [2.5 IDA Pro]()
|
|
|
|
- [2.6 pwntools]()
|
|
|
|
- [2.8 zio]()
|
|
|
|
- [2.9 metasploit]()
|
|
|
|
- [2.10 binwalk]()
|
|
|
|
- [2.11 Burp Suite]()
|
|
|
|
- [三、分类专题篇]()
|
|
|
|
- [3.1 Reverse]()
|
|
|
|
- [3.2 Crypto]()
|
|
|
|
- [3.3 Pwn]()
|
2017-09-12 14:38:29 +07:00
|
|
|
- [3.3.1 格式化字符串漏洞](#331-格式化字符串漏洞)
|
|
|
|
- [3.3.2 整数溢出]()
|
|
|
|
- [3.3.3 栈溢出]()
|
|
|
|
- [3.3.4 堆溢出]()
|
2017-08-16 14:45:24 +07:00
|
|
|
- [3.4 Web]()
|
|
|
|
- [3.5 Misc]()
|
|
|
|
- [3.6 Mobile]()
|
|
|
|
- [四、技巧篇]()
|
|
|
|
- [4.1 AWD模式]()
|
|
|
|
- [4.2 Linux 命令行技巧]()
|
|
|
|
- [4.3 GCC 堆栈保护技术]()
|
2017-09-12 14:38:29 +07:00
|
|
|
- [4.4 使用 DynELF 泄露函数地址]()
|
2017-08-16 14:45:24 +07:00
|
|
|
- [五、高级篇]()
|
|
|
|
- [5.1 Fuzz 测试]()
|
2017-08-16 20:49:30 +07:00
|
|
|
- [5.2 Pin 动态二进制插桩](#52-Pin-动态二进制插桩)
|
2017-08-16 14:45:24 +07:00
|
|
|
- [5.3 angr 二进制自动化分析]()
|
|
|
|
- [5.4 反调试技术]()
|
2017-09-12 14:38:29 +07:00
|
|
|
- [5.5 符号执行]()
|
|
|
|
- [5.6 LLVM]()
|
2017-08-16 14:45:24 +07:00
|
|
|
- [六、附录]()
|
|
|
|
- [6.1 更多 Linux 工具](#61-更多-linux-工具)
|
|
|
|
- [6.2 更多 Windows 工具]()
|
2017-07-17 21:02:41 +07:00
|
|
|
|
|
|
|
|
2017-09-12 14:38:29 +07:00
|
|
|
## 3.3.1 格式化字符串漏洞
|
|
|
|
#### **pwn** - UIUCTF 2017 - goodluck - 200
|
|
|
|
|
|
|
|
#### **Pwn** - NJCTF 2017 - pingme - 200
|
|
|
|
|
|
|
|
|
2017-08-16 20:49:30 +07:00
|
|
|
## 5.2 Pin 动态二进制插桩
|
2017-09-12 14:38:29 +07:00
|
|
|
#### **RE** - picoCTF 2014 - Baleful
|
2017-07-17 21:02:41 +07:00
|
|
|
|
2017-09-12 14:38:29 +07:00
|
|
|
#### **RE** - Hack You 2014 - reverse - 400
|
2017-07-17 21:02:41 +07:00
|
|
|
|
2017-09-12 14:38:29 +07:00
|
|
|
#### **RE** - CSAW CTF 2015 - wyvern - 500
|
2017-07-17 21:02:41 +07:00
|
|
|
|
2017-09-12 14:38:29 +07:00
|
|
|
#### **RE** - th3jackers CTF 2015 - rev100 - 100
|
2017-07-17 21:02:41 +07:00
|
|
|
|
2017-08-16 14:45:24 +07:00
|
|
|
|
|
|
|
## 6.1 更多 Linux 工具
|
2017-07-17 21:02:41 +07:00
|
|
|
#### Strings - strings_crackme
|
|
|
|
```text
|
2017-09-12 14:38:29 +07:00
|
|
|
$ strings -e L strings_crackme
|
2017-07-17 21:02:41 +07:00
|
|
|
w0wgreat
|
|
|
|
```
|
|
|
|
|
2017-09-12 14:38:29 +07:00
|
|
|
#### **Pwn** - Strings - flag_pwnablekr
|
2017-07-17 21:02:41 +07:00
|
|
|
```text
|
2017-09-12 14:38:29 +07:00
|
|
|
$ ./flag_pwnablekr
|
2017-07-17 21:02:41 +07:00
|
|
|
I will malloc() and strcpy the flag there. take it.
|
2017-09-12 14:38:29 +07:00
|
|
|
$ strings flag_pwnablekr | grep UPX
|
2017-07-17 21:02:41 +07:00
|
|
|
UPX!
|
|
|
|
$Info: This file is packed with the UPX executable packer http://upx.sf.net $
|
|
|
|
$Id: UPX 3.08 Copyright (C) 1996-2011 the UPX Team. All Rights Reserved. $
|
|
|
|
UPX!
|
|
|
|
UPX!
|
2017-09-12 14:38:29 +07:00
|
|
|
$ upx -d flag_pwnablekr
|
2017-07-17 21:02:41 +07:00
|
|
|
Ultimate Packer for eXecutables
|
|
|
|
Copyright (C) 1996 - 2017
|
|
|
|
UPX 3.94 Markus Oberhumer, Laszlo Molnar & John Reiser May 12th 2017
|
|
|
|
File size Ratio Format Name
|
|
|
|
-------------------- ------ ----------- -----------
|
|
|
|
883745 <- 335288 37.94% linux/amd64 flag_pwnablekr
|
|
|
|
Unpacked 1 file.
|
2017-09-12 14:38:29 +07:00
|
|
|
$ strings flag_pwnablekr | grep -i upx
|
2017-07-17 21:02:41 +07:00
|
|
|
UPX...? sounds like a delivery service :)
|
|
|
|
```
|
|
|
|
|
|
|
|
#### xxd - xxd_crackme
|
|
|
|
```text
|
2017-09-12 14:38:29 +07:00
|
|
|
$ xxd -g1 xxd_crackme
|
2017-07-17 21:02:41 +07:00
|
|
|
......
|
|
|
|
00001020: 00 00 00 00 67 30 30 64 4a 30 42 21 00 00 00 00 ....g00dJ0B!....
|
|
|
|
......
|
|
|
|
```
|
|
|
|
```text
|
2017-09-12 14:38:29 +07:00
|
|
|
$ strings -d xxd_crackme
|
2017-07-17 21:02:41 +07:00
|
|
|
......
|
|
|
|
g00dJ0B!
|
|
|
|
......
|
|
|
|
```
|