From 5046320bc2f1fec09c87beff099104714a673954 Mon Sep 17 00:00:00 2001 From: firmianay Date: Sat, 4 Nov 2017 16:35:26 +0800 Subject: [PATCH] add 3.3.4_rop --- CONTRIBUTION.md | 2 +- README.md | 3 ++- SUMMARY.md | 3 ++- doc/3.3.1_format_string.md | 2 +- doc/3.3.4_heap_overflow.md | 1 - doc/3.3.4_rop.md | 7 +++++++ doc/3.3.5_heap_overflow.md | 1 + doc/3.3_pwn.md | 6 ++++++ doc/3_topics.md | 3 ++- 9 files changed, 22 insertions(+), 6 deletions(-) delete mode 100644 doc/3.3.4_heap_overflow.md create mode 100644 doc/3.3.4_rop.md create mode 100644 doc/3.3.5_heap_overflow.md diff --git a/CONTRIBUTION.md b/CONTRIBUTION.md index f7c7f52..35c048d 100644 --- a/CONTRIBUTION.md +++ b/CONTRIBUTION.md @@ -51,4 +51,4 @@ | 章节 | 作者 | 进度 | | ------------------ | --------- | ------ | -| 1.5.5_static_link | firmianay | 未完成 | +| 3.3.4_rop.md | firmianay | 未完成 | diff --git a/README.md b/README.md index 4c70b77..d378d2e 100644 --- a/README.md +++ b/README.md @@ -40,7 +40,8 @@ - [3.3.1 格式化字符串漏洞](doc/3.3.1_format_string.md) - [3.3.2 整数溢出](doc/3.3.2_integer_overflow.md) - [3.3.3 栈溢出](doc/3.3.3_stack_overflow.md) - - [3.3.4 堆溢出](doc/3.3.4_heap_overflow.md) + - [3.3.4 返回导向编程(ROP)](doc/3.3.4_rop.md) + - [3.3.5 堆溢出](doc/3.3.5_heap_overflow.md) - [3.4 Web](doc/3.4_web.md) - [3.5 Misc](doc/3.5_misc.md) - [3.6 Mobile](doc/3.6_mobile.md) diff --git a/SUMMARY.md b/SUMMARY.md index d8e3de2..b9a1077 100644 --- a/SUMMARY.md +++ b/SUMMARY.md @@ -40,7 +40,8 @@ * [3.3.1 格式化字符串漏洞](doc/3.3.1_format_string.md) * [3.3.2 整数溢出](doc/3.3.2_integer_overflow.md) * [3.3.3 栈溢出](doc/3.3.3_stack_overflow.md) - * [3.3.4 堆溢出](doc/3.3.4_heap_overflow.md) + * [3.3.4 返回导向编程(ROP)](doc/3.3.4_rop.md) + * [3.3.5 堆溢出](doc/3.3.5_heap_overflow.md) * [3.4 Web](doc/3.4_web.md) * [3.5 Misc](doc/3.5_misc.md) * [3.6 Mobile](doc/3.6_mobile.md) diff --git a/doc/3.3.1_format_string.md b/doc/3.3.1_format_string.md index a7dcc0c..20492a8 100644 --- a/doc/3.3.1_format_string.md +++ b/doc/3.3.1_format_string.md @@ -1210,7 +1210,7 @@ AAAAAAAA0x1.0x88888888.0xffffffff.0x7fffffffe3c6.0xa.0x4241000000000000.0x4443.0 ## CTF 中的格式化字符串漏洞 -#### pwntools pwnlib.fmtster 模块 +#### pwntools pwnlib.fmtstr 模块 文档地址:http://pwntools.readthedocs.io/en/stable/fmtstr.html diff --git a/doc/3.3.4_heap_overflow.md b/doc/3.3.4_heap_overflow.md deleted file mode 100644 index c204042..0000000 --- a/doc/3.3.4_heap_overflow.md +++ /dev/null @@ -1 +0,0 @@ -# 3.3.4 堆溢出 diff --git a/doc/3.3.4_rop.md b/doc/3.3.4_rop.md new file mode 100644 index 0000000..4c55918 --- /dev/null +++ b/doc/3.3.4_rop.md @@ -0,0 +1,7 @@ +# 3.3.4 返回导向编程(ROP) + +- [ROP 简介](rop-简介) + + +## ROP 简介 +返回导向编程(Return-Oriented Programming,缩写:ROP)是一种高级的内存攻击技术,该技术允许攻击者在现代操作系统的各种通用防御下执行代码,如内存不可执行和代码签名等。这类攻击往往利用操作堆栈调用时的程序漏洞,通常是缓冲区溢出。攻击者控制堆栈调用以劫持程序控制流并执行针对性的机器语言指令序列(gadgets),每一段 gadget 通常以 return 指令(`ret`)结束,并位于共享库代码中的子程序中。通过执行这些指令序列,也就控制了程序的执行。 diff --git a/doc/3.3.5_heap_overflow.md b/doc/3.3.5_heap_overflow.md new file mode 100644 index 0000000..f7998bd --- /dev/null +++ b/doc/3.3.5_heap_overflow.md @@ -0,0 +1 @@ +# 3.3.5 堆溢出 diff --git a/doc/3.3_pwn.md b/doc/3.3_pwn.md index f333868..aab53bd 100644 --- a/doc/3.3_pwn.md +++ b/doc/3.3_pwn.md @@ -1 +1,7 @@ # 3.3 Pwn + +- [3.3.1 格式化字符串漏洞](3.3.1_format_string.md) +- [3.3.2 整数溢出](3.3.2_integer_overflow.md) +- [3.3.3 栈溢出](3.3.3_stack_overflow.md) +- [3.3.4 返回导向编程(ROP)](3.3.4_rop.md) +- [3.3.5 堆溢出](3.3.5_heap_overflow.md) diff --git a/doc/3_topics.md b/doc/3_topics.md index 2a1f5fa..6d19485 100644 --- a/doc/3_topics.md +++ b/doc/3_topics.md @@ -6,7 +6,8 @@ - [3.3.1 格式化字符串漏洞](3.3.1_format_string.md) - [3.3.2 整数溢出](3.3.2_integer_overflow.md) - [3.3.3 栈溢出](3.3.3_stack_overflow.md) - - [3.3.4 堆溢出](3.3.4_heap_overflow.md) + - [3.3.4 返回导向编程(ROP)](3.3.4_rop.md) + - [3.3.5 堆溢出](3.3.5_heap_overflow.md) - [3.4 Web](3.4_web.md) - [3.5 Misc](3.5_misc.md) - [3.6 Mobile](3.6_mobile.md)