add 7.1.9

This commit is contained in:
firmianay 2018-05-19 21:22:04 +08:00
parent f1c51d8ea3
commit 60c75b44da
14 changed files with 277 additions and 23 deletions

View File

@ -167,14 +167,15 @@ GitHub 地址https://github.com/firmianay/CTF-All-In-One
* Mobile
* [七、实战篇](doc/7_exploit.md)
* CVE
* [7.1.1 [CVE-2017-11543] tcpdump 4.9.0 Buffer Overflow](doc/7.1.1_tcpdump_2017-11543.md)
* [7.1.2 [CVE-2015-0235] glibc 2.17 Buffer Overflow](doc/7.1.2_glibc_2015-0235.md)
* [7.1.3 [CVE-2016-4971] wget 1.17.1 Arbitrary File Upload](doc/7.1.3_wget_2016-4971.md)
* [7.1.4 [CVE-2017-13089] wget 1.19.1 Buffer Overflow](doc/7.1.4_wget_2017-13089.md)
* [7.1.5 [CVE2018-1000001] glibc Buffer Underflow](doc/7.1.5_glibc_2018-1000001.md)
* [7.1.6 [CVE-2017-9430] DNSTracer 1.9 Buffer Overflow](doc/7.1.6_dnstracer_2017-9430.md)
* [7.1.7 [CVE-2018-6323] GNU binutils 2.26.1 Integer Overflow](doc/7.1.7_binutils_2018-6323.md)
* [7.1.8 [CVE-2010-2883] Adobe Reader 9.3.4 Stack Buffer Overflow](doc/7.1.8_adobe_reader_2010-2883.md)
* [7.1.1 CVE-2017-11543 tcpdump sliplink_print 栈溢出漏洞](doc/7.1.1_tcpdump_2017-11543.md)
* [7.1.2 CVE-2015-0235 glibc __nss_hostname_digits_dots 堆溢出漏洞](doc/7.1.2_glibc_2015-0235.md)
* [7.1.3 CVE-2016-4971 wget 任意文件上传漏洞](doc/7.1.3_wget_2016-4971.md)
* [7.1.4 CVE-2017-13089 wget skip_short_body 栈溢出漏洞](doc/7.1.4_wget_2017-13089.md)
* [7.1.5 CVE2018-1000001 glibc realpath 缓冲区下溢漏洞](doc/7.1.5_glibc_2018-1000001.md)
* [7.1.6 CVE-2017-9430 DNSTracer 栈溢出漏洞](doc/7.1.6_dnstracer_2017-9430.md)
* [7.1.7 CVE-2018-6323 GNU binutils elf_object_p 整型溢出漏洞](doc/7.1.7_binutils_2018-6323.md)
* [7.1.8 CVE-2010-2883 Adobe CoolType SING 表栈溢出漏洞](doc/7.1.8_adobe_reader_2010-2883.md)
* [7.1.9 CVE-2010-2333 Microsoft Word RTF pFragments 栈溢出漏洞](doc/7.1.9_ms_word_2010-2333.md)
* Malware
* [八、学术篇](doc/8_academic.md)
* [8.1 The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86)](doc/8.1_ret2libc_without_func_calls.md)

View File

@ -25,6 +25,7 @@
- [SimplifyGraph](https://github.com/fireeye/SimplifyGraph) -- 简化复杂的函数流程图
- [bincat](https://github.com/airbus-seclab/bincat) -- 静态二进制代码分析工具包2017 Hex-Rays 插件第一名
- [golang_loader_assist](https://github.com/strazzere/golang_loader_assist) -- Golang编译的二进制文件分析助手
- [BinDiff](https://www.zynamics.com/bindiff.html)
## 常用脚本

View File

@ -1,4 +1,4 @@
# 7.1.1 [CVE-2017-11543] tcpdump 4.9.0 Buffer Overflow
# 7.1.1 CVE-2017-11543 tcpdump sliplink_print 栈溢出漏洞
- [漏洞描述](#漏洞描述)
- [漏洞复现](#漏洞复现)

View File

@ -1,4 +1,4 @@
# 7.1.2 [CVE-2015-0235] glibc 2.17 Buffer Overflow
# 7.1.2 CVE-2015-0235 glibc __nss_hostname_digits_dots 堆溢出漏洞
- [漏洞描述](#漏洞描述)
- [漏洞复现](#漏洞复现)

View File

@ -1,4 +1,4 @@
# 7.1.3 [CVE-2016-4971] wget 1.17.1 Arbitrary File Upload
# 7.1.3 CVE-2016-4971 wget 任意文件上传漏洞
- [漏洞描述](#漏洞描述)
- [漏洞复现](#漏洞复现)

View File

@ -1,4 +1,4 @@
# 7.1.4 [CVE-2017-13089] wget 1.19.1 Buffer Overflow
# 7.1.4 CVE-2017-13089 wget skip_short_body 栈溢出漏洞
- [漏洞描述](#漏洞描述)
- [漏洞复现](#漏洞复现)

View File

@ -1,4 +1,4 @@
# 7.1.5 [CVE2018-1000001] glibc Buffer Underflow
# 7.1.5 CVE2018-1000001 glibc realpath 缓冲区下溢漏洞
- [漏洞描述](#漏洞描述)
- [漏洞复现](#漏洞复现)

View File

@ -1,4 +1,4 @@
# 7.1.6 [CVE-2017-9430] DNSTracer 1.9 Buffer Overflow
# 7.1.6 CVE-2017-9430 DNSTracer 栈溢出漏洞
- [漏洞描述](#漏洞描述)
- [漏洞复现](#漏洞复现)

View File

@ -1,4 +1,4 @@
# 7.1.7 [CVE-2018-6323] GNU binutils 2.29.1 Integer Overflow
# 7.1.7 CVE-2018-6323 GNU binutils elf_object_p 整型溢出漏洞
- [漏洞描述](#漏洞描述)
- [漏洞复现](#漏洞复现)

View File

@ -0,0 +1,18 @@
# 7.1.9 CVE-2010-2333 Microsoft Word RTF pFragments 栈溢出漏洞
- [漏洞描述](#漏洞描述)
- [漏洞复现](#漏洞复现)
- [漏洞分析](#漏洞分析)
- [参考资料](#参考资料)
[下载文件](../src/exploit/7.1.9_ms_word_2010-2333)
## 漏洞描述
## 漏洞复现
## 漏洞分析
## 参考资料
- https://www.cvedetails.com/cve/CVE-2010-2333

View File

@ -1,12 +1,13 @@
# 第七篇 实战篇
* CVE
* [7.1.1 [CVE-2017-11543] tcpdump 4.9.0 Buffer Overflow](7.1.1_tcpdump_2017-11543.md)
* [7.1.2 [CVE-2015-0235] glibc 2.17 Buffer Overflow](7.1.2_glibc_2015-0235.md)
* [7.1.3 [CVE-2016-4971] wget 1.17.1 Arbitrary File Upload](7.1.3_wget_2016-4971.md)
* [7.1.4 [CVE-2017-13089] wget 1.19.1 Buffer Overflow](7.1.4_wget_2017-13089.md)
* [7.1.5 [CVE2018-1000001] glibc Buffer Underflow](7.1.5_glibc_2018-1000001.md)
* [7.1.6 [CVE-2017-9430] DNSTracer 1.9 Buffer Overflow](7.1.6_dnstracer_2017-9430.md)
* [7.1.7 [CVE-2018-6323] GNU binutils 2.26.1 Integer Overflow](7.1.7_binutils_2018-6323.md)
* [7.1.8 [CVE-2010-2883] Adobe Reader 9.3.4 Stack Buffer Overflow](7.1.8_adobe_reader_2010-2883.md)
* [7.1.1 CVE-2017-11543 tcpdump sliplink_print 栈溢出漏洞](7.1.1_tcpdump_2017-11543.md)
* [7.1.2 CVE-2015-0235 glibc __nss_hostname_digits_dots 堆溢出漏洞](7.1.2_glibc_2015-0235.md)
* [7.1.3 CVE-2016-4971 wget 任意文件上传漏洞](7.1.3_wget_2016-4971.md)
* [7.1.4 CVE-2017-13089 wget skip_short_body 栈溢出漏洞](7.1.4_wget_2017-13089.md)
* [7.1.5 CVE2018-1000001 glibc realpath 缓冲区下溢漏洞](7.1.5_glibc_2018-1000001.md)
* [7.1.6 CVE-2017-9430 DNSTracer 栈溢出漏洞](7.1.6_dnstracer_2017-9430.md)
* [7.1.7 CVE-2018-6323 GNU binutils elf_object_p 整型溢出漏洞](7.1.7_binutils_2018-6323.md)
* [7.1.8 CVE-2010-2883 Adobe CoolType SING 表栈溢出漏洞](7.1.8_adobe_reader_2010-2883.md)
* [7.1.9 CVE-2010-2333 Microsoft Word RTF pFragments 栈溢出漏洞](7.1.9_ms_word_2010-2333.md)
* Malware

View File

@ -9,6 +9,7 @@
- [Resource Hacker](#resource-hacker)
- [wxHexEditor](#wxhexeditor)
- [PDF Stream Dumper](#pdf-stream-dumper)
- [EMET](#emet)
## 010 Editor
@ -39,3 +40,6 @@ http://www.wxhexeditor.org/
## PDF Stream Dumper
http://sandsprite.com/blogs/index.php?uid=7&pid=57
## EMET
https://support.microsoft.com/en-us/help/2458544/the-enhanced-mitigation-experience-toolkit

View File

@ -0,0 +1,229 @@
PDF Comment %PDF-1.5
PDF Comment %äЭ<C390>
obj 1 0
Type: /Catalog
Referencing: 2 0 R, 11 0 R, 13 0 R
<<
/P#61ge#73 2 0 R
/#54yp#65 /C#61t#61lo#67
/#4fpenAc#74io#6e 11 0 R
/#41#63r#6f#46o#72#6d 13 0 R
>>
<<
/Pages 2 0 R
/Type /Catalog
/OpenAction 11 0 R
/AcroForm 13 0 R
>>
obj 2 0
Type: /Pages
Referencing: 3 0 R, 4 0 R, 5 0 R
<<
/#4d#65d#69#61#42#6fx 3 0 R
/#52e#73#6f#75#72ce#73 4 0 R
/K#69ds [5 0 R]
/#43#6funt 1
/T#79p#65 /#50#61#67es
>>
<<
/MediaBox 3 0 R
/Resources 4 0 R
/Kids [5 0 R]
/Count 1
/Type /Pages
>>
obj 3 0
Type:
Referencing:
[0 0 595 842]
obj 4 0
Type:
Referencing: 6 0 R
<<
/#46o#6e#74 6 0 R
>>
<<
/Font 6 0 R
>>
obj 5 0
Type: /Page
Referencing: 2 0 R, 3 0 R, 4 0 R, 8 0 R
<<
/#50ar#65n#74 2 0 R
/Me#64#69aBox 3 0 R
/#52#65s#6furc#65#73 4 0 R
/C#6fntent#73 [8 0 R]
/Ty#70#65 /#50#61ge
>>
<<
/Parent 2 0 R
/MediaBox 3 0 R
/Resources 4 0 R
/Contents [8 0 R]
/Type /Page
>>
obj 6 0
Type:
Referencing: 7 0 R
<<
/F1 7 0 R
>>
<<
/F1 7 0 R
>>
obj 7 0
Type: /Font
Referencing: 9 0 R
<<
/T#79pe /F#6f#6et
/S#75#62#74ype /T#72ue#54#79#70e
/Name /#461
/B#61#73e#46ont /C#69nem#61
/Wi#64ths []
/F#6f#6e#74#44e#73cr#69#70#74or 9 0 R/#45#6e#63#6fdi#6e#67 /Ma#63#52o#6da#6e#45nc#6fd#69ng>>
<<
/Type /Font
/Subtype /TrueType
/Name /F1
/BaseFont /Cinema
/Widths []
/FontDescriptor 9 0 R
/Encoding /MacRomanEncoding
>>
obj 8 0
Type:
Referencing:
Contains stream
<<
/Length 65
>>
obj 9 0
Type: /FontDescriptor
Referencing: 10 0 R
<</#54#79#70#65/F#6f#6e#74De#73c#72#69#70tor/#46ontN#61#6de/#43ine#6d#61/Flag#73 131140/Fo#6et#42B#6f#78 [-177 -269 1123 866]/#46#6f#6et#46il#652 10 0 R>>
<<
/Type /FontDescriptor
/FontName /Cinema
/Flags 131140
/FontBBox [-177 -269 1123 866]
/FontFile2 10 0 R
>>
obj 10 0
Type:
Referencing:
Contains stream
<<
/Length 40240
/Filter /FlateDecode
/Length1 65932
>>
obj 11 0
Type: /Action
Referencing: 12 0 R
<</Ty#70e/#41#63ti#6fn/#53/J#61v#61#53#63ri#70#74/#4a#53 12 0 R>>
<<
/Type /Action
/S /JavaScript
/JS 12 0 R
>>
obj 12 0
Type:
Referencing:
Contains stream
<<
/Length 3734
/Filter [/#46la#74#65De#63#6fd#65/#41#53C#49I#48#65#78#44ec#6f#64e]
>>
obj 13 0
Type:
Referencing: 14 0 R
<</#58#46#41 14 0 R>>
<<
/XFA 14 0 R
>>
obj 14 0
Type:
Referencing:
Contains stream
<<
/Length 372
>>
xref
trailer
<<
/Size 15
/Root 1 0 R
>>
startxref 45789
PDF Comment %%EOF

Binary file not shown.