mirror of
https://github.com/nganhkhoa/CTF-All-In-One.git
synced 2024-12-25 11:41:16 +07:00
add 6.1.17
This commit is contained in:
parent
c032c0aaf6
commit
41440f5629
@ -139,6 +139,7 @@ GitHub 地址:https://github.com/firmianay/CTF-All-In-One
|
|||||||
* [6.1.14 pwn 32C3CTF2015 readme](doc/6.1.14_pwn_32c3ctf2015_readme.md)
|
* [6.1.14 pwn 32C3CTF2015 readme](doc/6.1.14_pwn_32c3ctf2015_readme.md)
|
||||||
* [6.1.15 pwn 34C3CTF2017 SimpleGC](doc/6.1.15_pwn_34c3ctf2017_simplegc.md)
|
* [6.1.15 pwn 34C3CTF2017 SimpleGC](doc/6.1.15_pwn_34c3ctf2017_simplegc.md)
|
||||||
* [6.1.16 pwn HITBGSECCTF2017 1000levels](doc/6.1.16_pwn_hitbgsecctf2017_1000levels.md)
|
* [6.1.16 pwn HITBGSECCTF2017 1000levels](doc/6.1.16_pwn_hitbgsecctf2017_1000levels.md)
|
||||||
|
* [6.1.17 pwn SECCONCTF2016 jmper](doc/6.1.17_pwn_secconctf2016_jmper.md)
|
||||||
* re
|
* re
|
||||||
* [6.2.1 re XHPCTF2017 dont_panic](doc/6.2.1_re_xhpctf2017_dont_panic.md)
|
* [6.2.1 re XHPCTF2017 dont_panic](doc/6.2.1_re_xhpctf2017_dont_panic.md)
|
||||||
* [6.2.2 re ECTF2016 tayy](doc/6.2.2_re_ectf2016_tayy.md)
|
* [6.2.2 re ECTF2016 tayy](doc/6.2.2_re_ectf2016_tayy.md)
|
||||||
|
@ -303,7 +303,7 @@ RELRO(ReLocation Read-Only)设置符号重定向表为只读或在程序启
|
|||||||
|
|
||||||
RELOR 有两种形式:
|
RELOR 有两种形式:
|
||||||
- Partial RELRO:一些段(包括 `.dynamic`)在初始化后将会被标记为只读。
|
- Partial RELRO:一些段(包括 `.dynamic`)在初始化后将会被标记为只读。
|
||||||
- Full RELRO:除了Partial RELRO,延迟绑定将被禁止,所有的导入符号将在开始时被解析,`.got.plt` 段会被完全初始化为目标函数的最终地址,并被标记为只读。另外 `link_map` 和 `_dl_runtime_resolve` 的地址也不会被装入。
|
- Full RELRO:除了 Partial RELRO,延迟绑定将被禁止,所有的导入符号将在开始时被解析,`.got.plt` 段会被完全初始化为目标函数的最终地址,并被标记为只读。另外 `link_map` 和 `_dl_runtime_resolve` 的地址也不会被装入。
|
||||||
|
|
||||||
|
|
||||||
## 编译参数
|
## 编译参数
|
||||||
|
30
doc/6.1.17_pwn_secconctf2016_jmper.md
Normal file
30
doc/6.1.17_pwn_secconctf2016_jmper.md
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
# 6.1.17 pwn SECCONCTF2016 jmper
|
||||||
|
|
||||||
|
- [题目复现](#题目复现)
|
||||||
|
- [题目解析](#题目解析)
|
||||||
|
- [Exploit](#exploit)
|
||||||
|
- [参考资料](#参考资料)
|
||||||
|
|
||||||
|
|
||||||
|
[下载文件](../src/writeup/6.1.17_pwn_secconctf2016_jmper)
|
||||||
|
|
||||||
|
## 题目复现
|
||||||
|
```
|
||||||
|
$ file jmper
|
||||||
|
jmper: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.24, BuildID[sha1]=9fce8ae11b21c03bf2aade96e1d763be668848fa, not stripped
|
||||||
|
$ checksec -f jmper
|
||||||
|
RELRO STACK CANARY NX PIE RPATH RUNPATH FORTIFY Fortified Fortifiable FILE
|
||||||
|
Full RELRO No canary found NX enabled No PIE No RPATH No RUNPATH No 0 4 jmper
|
||||||
|
$ strings libc-2.19.so | grep "GNU C"
|
||||||
|
GNU C Library (Ubuntu EGLIBC 2.19-0ubuntu6.9) stable release version 2.19, by Roland McGrath et al.
|
||||||
|
Compiled by GNU CC version 4.8.4.
|
||||||
|
```
|
||||||
|
64 位动态链接程序,但 Full RELRO 表示我们不能修改 GOT 表,然后还开启了 NX。
|
||||||
|
|
||||||
|
|
||||||
|
## 题目解析
|
||||||
|
|
||||||
|
## Exploit
|
||||||
|
|
||||||
|
## 参考资料
|
||||||
|
- https://ctftime.org/task/3169
|
@ -17,6 +17,7 @@
|
|||||||
- [6.1.14 pwn 32C3CTF2015 readme](6.1.14_pwn_32c3ctf2015_readme.md)
|
- [6.1.14 pwn 32C3CTF2015 readme](6.1.14_pwn_32c3ctf2015_readme.md)
|
||||||
- [6.1.15 pwn 34C3CTF2017 SimpleGC](6.1.15_pwn_34c3ctf2017_simplegc.md)
|
- [6.1.15 pwn 34C3CTF2017 SimpleGC](6.1.15_pwn_34c3ctf2017_simplegc.md)
|
||||||
- [6.1.16 pwn HITBGSECCTF2017 1000levels](6.1.16_pwn_hitbgsecctf2017_1000levels.md)
|
- [6.1.16 pwn HITBGSECCTF2017 1000levels](6.1.16_pwn_hitbgsecctf2017_1000levels.md)
|
||||||
|
- [6.1.17 pwn SECCONCTF2016 jmper](6.1.17_pwn_secconctf2016_jmper.md)
|
||||||
- re
|
- re
|
||||||
- [6.2.1 re XHPCTF2017 dont_panic](6.2.1_re_xhpctf2017_dont_panic.md)
|
- [6.2.1 re XHPCTF2017 dont_panic](6.2.1_re_xhpctf2017_dont_panic.md)
|
||||||
- [6.2.2 re ECTF2016 tayy](6.2.2_re_ectf2016_tayy.md)
|
- [6.2.2 re ECTF2016 tayy](6.2.2_re_ectf2016_tayy.md)
|
||||||
|
BIN
src/writeup/6.1.17_pwn_secconctf2016_jmper/jmper
Executable file
BIN
src/writeup/6.1.17_pwn_secconctf2016_jmper/jmper
Executable file
Binary file not shown.
BIN
src/writeup/6.1.17_pwn_secconctf2016_jmper/libc-2.19.so
Executable file
BIN
src/writeup/6.1.17_pwn_secconctf2016_jmper/libc-2.19.so
Executable file
Binary file not shown.
Loading…
Reference in New Issue
Block a user