mirror of
https://github.com/nganhkhoa/CTF-All-In-One.git
synced 2024-12-24 19:21:15 +07:00
add 7.1.9
This commit is contained in:
parent
f1c51d8ea3
commit
60c75b44da
17
SUMMARY.md
17
SUMMARY.md
@ -167,14 +167,15 @@ GitHub 地址:https://github.com/firmianay/CTF-All-In-One
|
||||
* Mobile
|
||||
* [七、实战篇](doc/7_exploit.md)
|
||||
* CVE
|
||||
* [7.1.1 [CVE-2017-11543] tcpdump 4.9.0 Buffer Overflow](doc/7.1.1_tcpdump_2017-11543.md)
|
||||
* [7.1.2 [CVE-2015-0235] glibc 2.17 Buffer Overflow](doc/7.1.2_glibc_2015-0235.md)
|
||||
* [7.1.3 [CVE-2016-4971] wget 1.17.1 Arbitrary File Upload](doc/7.1.3_wget_2016-4971.md)
|
||||
* [7.1.4 [CVE-2017-13089] wget 1.19.1 Buffer Overflow](doc/7.1.4_wget_2017-13089.md)
|
||||
* [7.1.5 [CVE–2018-1000001] glibc Buffer Underflow](doc/7.1.5_glibc_2018-1000001.md)
|
||||
* [7.1.6 [CVE-2017-9430] DNSTracer 1.9 Buffer Overflow](doc/7.1.6_dnstracer_2017-9430.md)
|
||||
* [7.1.7 [CVE-2018-6323] GNU binutils 2.26.1 Integer Overflow](doc/7.1.7_binutils_2018-6323.md)
|
||||
* [7.1.8 [CVE-2010-2883] Adobe Reader 9.3.4 Stack Buffer Overflow](doc/7.1.8_adobe_reader_2010-2883.md)
|
||||
* [7.1.1 CVE-2017-11543 tcpdump sliplink_print 栈溢出漏洞](doc/7.1.1_tcpdump_2017-11543.md)
|
||||
* [7.1.2 CVE-2015-0235 glibc __nss_hostname_digits_dots 堆溢出漏洞](doc/7.1.2_glibc_2015-0235.md)
|
||||
* [7.1.3 CVE-2016-4971 wget 任意文件上传漏洞](doc/7.1.3_wget_2016-4971.md)
|
||||
* [7.1.4 CVE-2017-13089 wget skip_short_body 栈溢出漏洞](doc/7.1.4_wget_2017-13089.md)
|
||||
* [7.1.5 CVE–2018-1000001 glibc realpath 缓冲区下溢漏洞](doc/7.1.5_glibc_2018-1000001.md)
|
||||
* [7.1.6 CVE-2017-9430 DNSTracer 栈溢出漏洞](doc/7.1.6_dnstracer_2017-9430.md)
|
||||
* [7.1.7 CVE-2018-6323 GNU binutils elf_object_p 整型溢出漏洞](doc/7.1.7_binutils_2018-6323.md)
|
||||
* [7.1.8 CVE-2010-2883 Adobe CoolType SING 表栈溢出漏洞](doc/7.1.8_adobe_reader_2010-2883.md)
|
||||
* [7.1.9 CVE-2010-2333 Microsoft Word RTF pFragments 栈溢出漏洞](doc/7.1.9_ms_word_2010-2333.md)
|
||||
* Malware
|
||||
* [八、学术篇](doc/8_academic.md)
|
||||
* [8.1 The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86)](doc/8.1_ret2libc_without_func_calls.md)
|
||||
|
@ -25,6 +25,7 @@
|
||||
- [SimplifyGraph](https://github.com/fireeye/SimplifyGraph) -- 简化复杂的函数流程图
|
||||
- [bincat](https://github.com/airbus-seclab/bincat) -- 静态二进制代码分析工具包,2017 Hex-Rays 插件第一名
|
||||
- [golang_loader_assist](https://github.com/strazzere/golang_loader_assist) -- Golang编译的二进制文件分析助手
|
||||
- [BinDiff](https://www.zynamics.com/bindiff.html)
|
||||
|
||||
|
||||
## 常用脚本
|
||||
|
@ -1,4 +1,4 @@
|
||||
# 7.1.1 [CVE-2017-11543] tcpdump 4.9.0 Buffer Overflow
|
||||
# 7.1.1 CVE-2017-11543 tcpdump sliplink_print 栈溢出漏洞
|
||||
|
||||
- [漏洞描述](#漏洞描述)
|
||||
- [漏洞复现](#漏洞复现)
|
||||
|
@ -1,4 +1,4 @@
|
||||
# 7.1.2 [CVE-2015-0235] glibc 2.17 Buffer Overflow
|
||||
# 7.1.2 CVE-2015-0235 glibc __nss_hostname_digits_dots 堆溢出漏洞
|
||||
|
||||
- [漏洞描述](#漏洞描述)
|
||||
- [漏洞复现](#漏洞复现)
|
||||
|
@ -1,4 +1,4 @@
|
||||
# 7.1.3 [CVE-2016-4971] wget 1.17.1 Arbitrary File Upload
|
||||
# 7.1.3 CVE-2016-4971 wget 任意文件上传漏洞
|
||||
|
||||
- [漏洞描述](#漏洞描述)
|
||||
- [漏洞复现](#漏洞复现)
|
||||
|
@ -1,4 +1,4 @@
|
||||
# 7.1.4 [CVE-2017-13089] wget 1.19.1 Buffer Overflow
|
||||
# 7.1.4 CVE-2017-13089 wget skip_short_body 栈溢出漏洞
|
||||
|
||||
- [漏洞描述](#漏洞描述)
|
||||
- [漏洞复现](#漏洞复现)
|
||||
|
@ -1,4 +1,4 @@
|
||||
# 7.1.5 [CVE–2018-1000001] glibc Buffer Underflow
|
||||
# 7.1.5 CVE–2018-1000001 glibc realpath 缓冲区下溢漏洞
|
||||
|
||||
- [漏洞描述](#漏洞描述)
|
||||
- [漏洞复现](#漏洞复现)
|
||||
|
@ -1,4 +1,4 @@
|
||||
# 7.1.6 [CVE-2017-9430] DNSTracer 1.9 Buffer Overflow
|
||||
# 7.1.6 CVE-2017-9430 DNSTracer 栈溢出漏洞
|
||||
|
||||
- [漏洞描述](#漏洞描述)
|
||||
- [漏洞复现](#漏洞复现)
|
||||
|
@ -1,4 +1,4 @@
|
||||
# 7.1.7 [CVE-2018-6323] GNU binutils 2.29.1 Integer Overflow
|
||||
# 7.1.7 CVE-2018-6323 GNU binutils elf_object_p 整型溢出漏洞
|
||||
|
||||
- [漏洞描述](#漏洞描述)
|
||||
- [漏洞复现](#漏洞复现)
|
||||
|
18
doc/7.1.9_ms_word_2010-2333.md
Normal file
18
doc/7.1.9_ms_word_2010-2333.md
Normal file
@ -0,0 +1,18 @@
|
||||
# 7.1.9 CVE-2010-2333 Microsoft Word RTF pFragments 栈溢出漏洞
|
||||
|
||||
- [漏洞描述](#漏洞描述)
|
||||
- [漏洞复现](#漏洞复现)
|
||||
- [漏洞分析](#漏洞分析)
|
||||
- [参考资料](#参考资料)
|
||||
|
||||
|
||||
[下载文件](../src/exploit/7.1.9_ms_word_2010-2333)
|
||||
|
||||
## 漏洞描述
|
||||
|
||||
## 漏洞复现
|
||||
|
||||
## 漏洞分析
|
||||
|
||||
## 参考资料
|
||||
- https://www.cvedetails.com/cve/CVE-2010-2333
|
@ -1,12 +1,13 @@
|
||||
# 第七篇 实战篇
|
||||
|
||||
* CVE
|
||||
* [7.1.1 [CVE-2017-11543] tcpdump 4.9.0 Buffer Overflow](7.1.1_tcpdump_2017-11543.md)
|
||||
* [7.1.2 [CVE-2015-0235] glibc 2.17 Buffer Overflow](7.1.2_glibc_2015-0235.md)
|
||||
* [7.1.3 [CVE-2016-4971] wget 1.17.1 Arbitrary File Upload](7.1.3_wget_2016-4971.md)
|
||||
* [7.1.4 [CVE-2017-13089] wget 1.19.1 Buffer Overflow](7.1.4_wget_2017-13089.md)
|
||||
* [7.1.5 [CVE–2018-1000001] glibc Buffer Underflow](7.1.5_glibc_2018-1000001.md)
|
||||
* [7.1.6 [CVE-2017-9430] DNSTracer 1.9 Buffer Overflow](7.1.6_dnstracer_2017-9430.md)
|
||||
* [7.1.7 [CVE-2018-6323] GNU binutils 2.26.1 Integer Overflow](7.1.7_binutils_2018-6323.md)
|
||||
* [7.1.8 [CVE-2010-2883] Adobe Reader 9.3.4 Stack Buffer Overflow](7.1.8_adobe_reader_2010-2883.md)
|
||||
* [7.1.1 CVE-2017-11543 tcpdump sliplink_print 栈溢出漏洞](7.1.1_tcpdump_2017-11543.md)
|
||||
* [7.1.2 CVE-2015-0235 glibc __nss_hostname_digits_dots 堆溢出漏洞](7.1.2_glibc_2015-0235.md)
|
||||
* [7.1.3 CVE-2016-4971 wget 任意文件上传漏洞](7.1.3_wget_2016-4971.md)
|
||||
* [7.1.4 CVE-2017-13089 wget skip_short_body 栈溢出漏洞](7.1.4_wget_2017-13089.md)
|
||||
* [7.1.5 CVE–2018-1000001 glibc realpath 缓冲区下溢漏洞](7.1.5_glibc_2018-1000001.md)
|
||||
* [7.1.6 CVE-2017-9430 DNSTracer 栈溢出漏洞](7.1.6_dnstracer_2017-9430.md)
|
||||
* [7.1.7 CVE-2018-6323 GNU binutils elf_object_p 整型溢出漏洞](7.1.7_binutils_2018-6323.md)
|
||||
* [7.1.8 CVE-2010-2883 Adobe CoolType SING 表栈溢出漏洞](7.1.8_adobe_reader_2010-2883.md)
|
||||
* [7.1.9 CVE-2010-2333 Microsoft Word RTF pFragments 栈溢出漏洞](7.1.9_ms_word_2010-2333.md)
|
||||
* Malware
|
||||
|
@ -9,6 +9,7 @@
|
||||
- [Resource Hacker](#resource-hacker)
|
||||
- [wxHexEditor](#wxhexeditor)
|
||||
- [PDF Stream Dumper](#pdf-stream-dumper)
|
||||
- [EMET](#emet)
|
||||
|
||||
|
||||
## 010 Editor
|
||||
@ -39,3 +40,6 @@ http://www.wxhexeditor.org/
|
||||
|
||||
## PDF Stream Dumper
|
||||
http://sandsprite.com/blogs/index.php?uid=7&pid=57
|
||||
|
||||
## EMET
|
||||
https://support.microsoft.com/en-us/help/2458544/the-enhanced-mitigation-experience-toolkit
|
||||
|
229
src/exploit/7.1.8_adobe_reader_2010-2883/dump.txt
Normal file
229
src/exploit/7.1.8_adobe_reader_2010-2883/dump.txt
Normal file
@ -0,0 +1,229 @@
|
||||
PDF Comment %PDF-1.5
|
||||
|
||||
|
||||
PDF Comment %äÐ<C390>
|
||||
|
||||
|
||||
obj 1 0
|
||||
Type: /Catalog
|
||||
Referencing: 2 0 R, 11 0 R, 13 0 R
|
||||
|
||||
<<
|
||||
/P#61ge#73 2 0 R
|
||||
/#54yp#65 /C#61t#61lo#67
|
||||
/#4fpenAc#74io#6e 11 0 R
|
||||
/#41#63r#6f#46o#72#6d 13 0 R
|
||||
>>
|
||||
|
||||
|
||||
<<
|
||||
/Pages 2 0 R
|
||||
/Type /Catalog
|
||||
/OpenAction 11 0 R
|
||||
/AcroForm 13 0 R
|
||||
>>
|
||||
|
||||
|
||||
obj 2 0
|
||||
Type: /Pages
|
||||
Referencing: 3 0 R, 4 0 R, 5 0 R
|
||||
|
||||
<<
|
||||
/#4d#65d#69#61#42#6fx 3 0 R
|
||||
/#52e#73#6f#75#72ce#73 4 0 R
|
||||
/K#69ds [5 0 R]
|
||||
/#43#6funt 1
|
||||
/T#79p#65 /#50#61#67es
|
||||
>>
|
||||
|
||||
|
||||
<<
|
||||
/MediaBox 3 0 R
|
||||
/Resources 4 0 R
|
||||
/Kids [5 0 R]
|
||||
/Count 1
|
||||
/Type /Pages
|
||||
>>
|
||||
|
||||
|
||||
obj 3 0
|
||||
Type:
|
||||
Referencing:
|
||||
|
||||
[0 0 595 842]
|
||||
|
||||
|
||||
|
||||
|
||||
obj 4 0
|
||||
Type:
|
||||
Referencing: 6 0 R
|
||||
|
||||
<<
|
||||
/#46o#6e#74 6 0 R
|
||||
>>
|
||||
|
||||
|
||||
<<
|
||||
/Font 6 0 R
|
||||
>>
|
||||
|
||||
|
||||
obj 5 0
|
||||
Type: /Page
|
||||
Referencing: 2 0 R, 3 0 R, 4 0 R, 8 0 R
|
||||
|
||||
<<
|
||||
/#50ar#65n#74 2 0 R
|
||||
/Me#64#69aBox 3 0 R
|
||||
/#52#65s#6furc#65#73 4 0 R
|
||||
/C#6fntent#73 [8 0 R]
|
||||
/Ty#70#65 /#50#61ge
|
||||
>>
|
||||
|
||||
|
||||
<<
|
||||
/Parent 2 0 R
|
||||
/MediaBox 3 0 R
|
||||
/Resources 4 0 R
|
||||
/Contents [8 0 R]
|
||||
/Type /Page
|
||||
>>
|
||||
|
||||
|
||||
obj 6 0
|
||||
Type:
|
||||
Referencing: 7 0 R
|
||||
|
||||
<<
|
||||
/F1 7 0 R
|
||||
>>
|
||||
|
||||
|
||||
<<
|
||||
/F1 7 0 R
|
||||
>>
|
||||
|
||||
|
||||
obj 7 0
|
||||
Type: /Font
|
||||
Referencing: 9 0 R
|
||||
|
||||
<<
|
||||
/T#79pe /F#6f#6et
|
||||
/S#75#62#74ype /T#72ue#54#79#70e
|
||||
/Name /#461
|
||||
/B#61#73e#46ont /C#69nem#61
|
||||
/Wi#64ths []
|
||||
/F#6f#6e#74#44e#73cr#69#70#74or 9 0 R/#45#6e#63#6fdi#6e#67 /Ma#63#52o#6da#6e#45nc#6fd#69ng>>
|
||||
|
||||
|
||||
<<
|
||||
/Type /Font
|
||||
/Subtype /TrueType
|
||||
/Name /F1
|
||||
/BaseFont /Cinema
|
||||
/Widths []
|
||||
/FontDescriptor 9 0 R
|
||||
/Encoding /MacRomanEncoding
|
||||
>>
|
||||
|
||||
|
||||
obj 8 0
|
||||
Type:
|
||||
Referencing:
|
||||
Contains stream
|
||||
|
||||
<<
|
||||
/Length 65
|
||||
>>
|
||||
|
||||
|
||||
obj 9 0
|
||||
Type: /FontDescriptor
|
||||
Referencing: 10 0 R
|
||||
|
||||
<</#54#79#70#65/F#6f#6e#74De#73c#72#69#70tor/#46ontN#61#6de/#43ine#6d#61/Flag#73 131140/Fo#6et#42B#6f#78 [-177 -269 1123 866]/#46#6f#6et#46il#652 10 0 R>>
|
||||
|
||||
|
||||
<<
|
||||
/Type /FontDescriptor
|
||||
/FontName /Cinema
|
||||
/Flags 131140
|
||||
/FontBBox [-177 -269 1123 866]
|
||||
/FontFile2 10 0 R
|
||||
>>
|
||||
|
||||
|
||||
obj 10 0
|
||||
Type:
|
||||
Referencing:
|
||||
Contains stream
|
||||
|
||||
<<
|
||||
/Length 40240
|
||||
/Filter /FlateDecode
|
||||
/Length1 65932
|
||||
>>
|
||||
|
||||
|
||||
obj 11 0
|
||||
Type: /Action
|
||||
Referencing: 12 0 R
|
||||
|
||||
<</Ty#70e/#41#63ti#6fn/#53/J#61v#61#53#63ri#70#74/#4a#53 12 0 R>>
|
||||
|
||||
|
||||
<<
|
||||
/Type /Action
|
||||
/S /JavaScript
|
||||
/JS 12 0 R
|
||||
>>
|
||||
|
||||
|
||||
obj 12 0
|
||||
Type:
|
||||
Referencing:
|
||||
Contains stream
|
||||
|
||||
<<
|
||||
/Length 3734
|
||||
/Filter [/#46la#74#65De#63#6fd#65/#41#53C#49I#48#65#78#44ec#6f#64e]
|
||||
>>
|
||||
|
||||
|
||||
obj 13 0
|
||||
Type:
|
||||
Referencing: 14 0 R
|
||||
|
||||
<</#58#46#41 14 0 R>>
|
||||
|
||||
|
||||
<<
|
||||
/XFA 14 0 R
|
||||
>>
|
||||
|
||||
|
||||
obj 14 0
|
||||
Type:
|
||||
Referencing:
|
||||
Contains stream
|
||||
|
||||
<<
|
||||
/Length 372
|
||||
>>
|
||||
|
||||
|
||||
xref
|
||||
|
||||
trailer
|
||||
<<
|
||||
/Size 15
|
||||
/Root 1 0 R
|
||||
>>
|
||||
|
||||
startxref 45789
|
||||
|
||||
PDF Comment %%EOF
|
||||
|
||||
|
BIN
src/exploit/7.1.8_adobe_reader_2010-2883/hexC0E5.tmp
Normal file
BIN
src/exploit/7.1.8_adobe_reader_2010-2883/hexC0E5.tmp
Normal file
Binary file not shown.
Loading…
Reference in New Issue
Block a user