diff --git a/README.md b/README.md index 939e494..fe7ec24 100644 --- a/README.md +++ b/README.md @@ -83,6 +83,7 @@ - [6.2.1 re XHPCTF2017 dont_panic](doc/6.2.1_re_xhpctf2017_dont_panic.md) - [6.2.2 re ECTF2016 tayy](doc/6.2.2_re_ectf2016_tayy.md) - [6.2.3 re Codegate2017 angrybird](doc/6.2.3_re_codegate2017_angrybird.md) + - [6.2.4 re CSAWCTF2015 wyvern](doc/6.2.4_re_csawctf2015_wyvern.md) - [七、附录](doc/7_appendix.md) - [7.1 更多 Linux 工具](doc/7.1_Linuxtools.md) diff --git a/SUMMARY.md b/SUMMARY.md index aa8de36..4d4c08b 100644 --- a/SUMMARY.md +++ b/SUMMARY.md @@ -82,6 +82,7 @@ GitHub 地址:https://github.com/firmianay/CTF-All-In-One * [6.2.1 re XHPCTF2017 dont_panic](doc/6.2.1_re_xhpctf2017_dont_panic.md) * [6.2.2 re ECTF2016 tayy](doc/6.2.2_re_ectf2016_tayy.md) * [6.2.3 re Codegate2017 angrybird](doc/6.2.3_re_codegate2017_angrybird.md) + * [6.2.4 re CSAWCTF2015 wyvern](doc/6.2.4_re_csawctf2015_wyvern.md) * [七、附录](doc/7_appendix.md) * [7.1 更多 Linux 工具](doc/7.1_Linuxtools.md) * [7.2 更多 Windows 工具](doc/7.2_wintools.md) diff --git a/doc/5.2_pin.md b/doc/5.2_pin.md index 6d2371c..cdafb55 100644 --- a/doc/5.2_pin.md +++ b/doc/5.2_pin.md @@ -422,7 +422,6 @@ Count 152786 #### 练习 - [**RE** - picoCTF 2014 - Baleful](../src/Reverse/5.2_baleful) - [**RE** - Hack You 2014 - reverse - 400](../src/Reverse/5.2_reverse_400) -- [**RE** - CSAW CTF 2015 - wyvern - 500](../src/Reverse/5.2_wyvern_500) - [**RE** - th3jackers CTF 2015 - rev100 - 100](../src/Reverse/5.2_th3jackers_100) diff --git a/doc/5.3_angr.md b/doc/5.3_angr.md index 8dc7971..a1a0b42 100644 --- a/doc/5.3_angr.md +++ b/doc/5.3_angr.md @@ -263,6 +263,7 @@ Nice! ## 参考资料 +- [angr.io](http://angr.io/) - [docs.angr.io](https://docs.angr.io/) - [angr API documentation](http://angr.io/api-doc/) - [The Art of War:Offensive Techniques in Binary Analysis](https://www.cs.ucsb.edu/~vigna/publications/2016_SP_angrSoK.pdf) diff --git a/doc/6.1.3_pwn_xdctf2015_pwn200.md b/doc/6.1.3_pwn_xdctf2015_pwn200.md index 767de48..2820e16 100644 --- a/doc/6.1.3_pwn_xdctf2015_pwn200.md +++ b/doc/6.1.3_pwn_xdctf2015_pwn200.md @@ -355,8 +355,8 @@ typedef struct Elf64_Sxword r_addend; /* Addend */ } Elf64_Rela; ``` -32 位程序使用 REL,而 64 位程序使用 RE -LA。 +32 位程序使用 REL,而 64 位程序使用 RELA。 + 下面的宏描述了 r_info 是怎样被解析和插入的: ```C /* How to extract and insert information held in the r_info field. */ diff --git a/doc/6.2.4_re_csawctf2015_wyvern.md b/doc/6.2.4_re_csawctf2015_wyvern.md new file mode 100644 index 0000000..ca11599 --- /dev/null +++ b/doc/6.2.4_re_csawctf2015_wyvern.md @@ -0,0 +1,14 @@ +# 6.2.4 re CSAWCTF2015 wyvern + +- [题目解析](#题目解析) +- [参考资料](#参考资料) + + +## 题目解析 +``` +$ file wyvern +wyvern: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.24, BuildID[sha1]=45f9b5b50d013fe43405dc5c7fe651c91a7a7ee8, not stripped +``` + + +## 参考资料 diff --git a/doc/6_writeup.md b/doc/6_writeup.md index 10524bf..d21c948 100644 --- a/doc/6_writeup.md +++ b/doc/6_writeup.md @@ -12,3 +12,4 @@ - [6.2.1 re XHPCTF2017 dont_panic](6.2.1_re_xhpctf2017_dont_panic.md) - [6.2.2 re ECTF2016 tayy](6.2.2_re_ectf2016_tayy.md) - [6.2.3 re Codegate2017 angrybird](6.2.3_re_codegate2017_angrybird.md) + - [6.2.4 re CSAWCTF2015 wyvern](6.2.4_re_csawctf2015_wyvern.md) diff --git a/doc/7.4_writeup.md b/doc/7.4_writeup.md index 4aca207..7ee9ce7 100644 --- a/doc/7.4_writeup.md +++ b/doc/7.4_writeup.md @@ -1,72 +1,15 @@ # 7.4 习题答案 -- [一、基础知识篇]() - - [1.3 Linux 基础]() - - [1.4 Web 安全基础]() - - [1.5 逆向工程基础]() - - [1.5.1 C 语言基础]() - - [1.5.2 x86/x64/ARM 汇编基础]() - - [1.5.3 Linux ELF]() - - [1.5.4 Windows PE]() - - [1.5.5 静态链接]() - - [1.5.6 动态链接]() - - [1.5.7 内存管理]() - - [1.5.8 glibc malloc]() - - [1.6 密码学基础]() - - [1.7 Android 安全基础]() -- [二、工具篇]() - - [2.1 VM]() - - [2.1 gdb/peda]() - - [2.2 ollydbg]() - - [2.3 windbg]() - - [2.4 radare2]() - - [2.5 IDA Pro]() - - [2.6 pwntools]() - - [2.8 zio]() - - [2.9 metasploit]() - - [2.10 binwalk]() - - [2.11 Burp Suite]() -- [三、分类专题篇]() - - [3.1 Reverse]() - - [3.2 Crypto]() - - [3.3 Pwn]() - - [3.3.1 格式化字符串漏洞](#331-格式化字符串漏洞) - - [3.3.2 整数溢出]() - - [3.3.3 栈溢出]() - - [3.3.4 堆溢出]() - - [3.4 Web]() - - [3.5 Misc]() - - [3.6 Mobile]() -- [四、技巧篇]() - - [4.1 AWD模式]() - - [4.2 Linux 命令行技巧]() - - [4.3 GCC 堆栈保护技术]() - - [4.4 使用 DynELF 泄露函数地址]() -- [五、高级篇]() - - [5.1 Fuzz 测试]() - - [5.2 Pin 动态二进制插桩](#52-Pin-动态二进制插桩) - - [5.3 angr 二进制自动化分析]() - - [5.4 反调试技术]() - - [5.5 符号执行]() - - [5.6 LLVM]() -- [六、附录]() - - [6.1 更多 Linux 工具](#61-更多-linux-工具) - - [6.2 更多 Windows 工具]() - ## 3.3.1 格式化字符串漏洞 #### **pwn** - UIUCTF 2017 - goodluck - 200 -#### **Pwn** - NJCTF 2017 - pingme - 200 - ## 5.2 Pin 动态二进制插桩 #### **RE** - picoCTF 2014 - Baleful #### **RE** - Hack You 2014 - reverse - 400 -#### **RE** - CSAW CTF 2015 - wyvern - 500 - #### **RE** - th3jackers CTF 2015 - rev100 - 100 diff --git a/src/Reverse/5.2_wyvern_500 b/src/writeup/6.2.4_re_csawctf2015_wyvern/wyvern similarity index 100% rename from src/Reverse/5.2_wyvern_500 rename to src/writeup/6.2.4_re_csawctf2015_wyvern/wyvern