mirror of
https://github.com/nganhkhoa/CTF-All-In-One.git
synced 2024-12-24 03:01:15 +07:00
update
This commit is contained in:
parent
1296b4faaf
commit
7e72dbbc4a
@ -24,6 +24,7 @@
|
||||
- [五、高级篇](doc/5_advanced.md)
|
||||
|
||||
- [六、附录](doc/6_appendix.md)
|
||||
- [6.1 更多工具](doc/6.1_moretools.md)
|
||||
- [6.1.1 terminal commands](doc/6.1.1_commands.md)
|
||||
- 书籍,博客和文章
|
||||
- [6.1 更多 Linux 工具](doc/6.1_Linuxtools.md)
|
||||
- [6.2 更多 Windows 工具](doc/6.2_wintools.md)
|
||||
- [6.3 博客、文章和书籍](doc/6.3_books&blogs.md)
|
||||
- [6.4 习题 write-up](doc/6.4_writeup.md)
|
||||
|
@ -1 +0,0 @@
|
||||
# 6.1 Terminal Commands
|
53
doc/6.1_Linuxtools.md
Normal file
53
doc/6.1_Linuxtools.md
Normal file
@ -0,0 +1,53 @@
|
||||
# 6.1 更多 Linux 工具
|
||||
|
||||
- [strings](#strings)
|
||||
- [xxd](#xxd)
|
||||
|
||||
## <span id="strings">strings</span>
|
||||
**strings**命令在对象文件或二进制文件中查找可打印的字符串。字符串是4个或更多可打印字符的任意序列,以换行符或空字符结束。strings命令对识别随机对象文件很有用。
|
||||
|
||||
#### 重要参数
|
||||
```text
|
||||
-d --data Only scan the data sections in the file
|
||||
-t --radix={o,d,x} Print the location of the string in base 8, 10 or 16
|
||||
-e --encoding={s,S,b,l,B,L} Select character size and endianness:
|
||||
s = 7-bit, S = 8-bit, {b,l} = 16-bit, {B,L} = 32-bit
|
||||
```
|
||||
|
||||
#### 常见用法
|
||||
组合使用 *strings* 和 *grep*。
|
||||
|
||||
在 **ret2lib** 攻击中,得到字符串的偏移:
|
||||
```text
|
||||
strings -t x /lib32/libc-2.24.so | grep /bin/sh
|
||||
```
|
||||
|
||||
检查是否使用了 **UPX** 加壳
|
||||
```text
|
||||
strings [executable] | grep -i upx
|
||||
```
|
||||
|
||||
#### 练习
|
||||
[strings_crackme](../source/Reverse/strings_crackme)
|
||||
|
||||
[flag_pwnablekr](../source/Reverse/flag_pwnablekr)
|
||||
|
||||
|
||||
## <span id="xxd">xxd</span>
|
||||
**xxd**的作用就是将一个文件以十六进制的形式显示出来。
|
||||
|
||||
#### 重要参数:
|
||||
```text
|
||||
-g number of octets per group in normal output. Default 2 (-e: 4).
|
||||
-i output in C include file style.
|
||||
-l len stop after <len> octets.
|
||||
-u use upper case hex letters.
|
||||
```
|
||||
|
||||
#### 常见用法
|
||||
```text
|
||||
xxd -g1
|
||||
```
|
||||
|
||||
#### 练习
|
||||
[xxd_crackme](../source/Reverse/xxd_crackme) (使用 *strings* 再做一次)
|
@ -1 +0,0 @@
|
||||
# 更多工具
|
5
doc/6.2_wintools.md
Normal file
5
doc/6.2_wintools.md
Normal file
@ -0,0 +1,5 @@
|
||||
# 6.1.2 更多 Windows 工具
|
||||
|
||||
- [wxHexEditor](#wxhexeditor)
|
||||
|
||||
## <span id="wxhexeditor">wxHexEditor</span>
|
10
doc/6.3_books&blogs.md
Normal file
10
doc/6.3_books&blogs.md
Normal file
@ -0,0 +1,10 @@
|
||||
# 博客、文章和书籍
|
||||
|
||||
## 博客
|
||||
|
||||
## 文章
|
||||
|
||||
## 书籍
|
||||
- Hacking: The Art of Exploitation, 2nd Edition by Jon Erickson
|
||||
- The Shellcoder's Handbook: Discovering and Exploiting
|
||||
Security Holes, 2nd Edition by Chris Anley et al
|
73
doc/6.4_writeup.md
Normal file
73
doc/6.4_writeup.md
Normal file
@ -0,0 +1,73 @@
|
||||
# 6.4 习题答案
|
||||
|
||||
- 一、基础知识篇
|
||||
- [1.1 ctf 介绍]
|
||||
|
||||
- 二、工具篇
|
||||
- [2.1 gdb/peda]
|
||||
- [2.2 ollydbg]
|
||||
- [2.3 windbg]
|
||||
- [2.4 radare2]
|
||||
- [2.5 IDA Pro]
|
||||
- [2.6 pwntools]
|
||||
|
||||
- 三、分类专题篇
|
||||
- [3.1 Reverse]
|
||||
- [3.2 Crypto]
|
||||
- [3.3 Pwn]
|
||||
- [3.4 Web]
|
||||
- [3.5 Misc]
|
||||
- [3.6 Mobile]
|
||||
|
||||
- 四、技巧篇
|
||||
|
||||
- 五、高级篇
|
||||
|
||||
- 六、附录
|
||||
- [6.1 更多 Linux 工具]
|
||||
- [6.2 更多 Windows 工具]
|
||||
- [6.3 博客、文章和书籍]
|
||||
- [6.4 习题 write-up]
|
||||
|
||||
## 6.1 更多 Linux 工具
|
||||
#### Strings - strings_crackme
|
||||
```text
|
||||
[firmy@Reverse]$ strings -e L strings_crackme
|
||||
w0wgreat
|
||||
```
|
||||
|
||||
#### Strings - flag_pwnablekr
|
||||
```text
|
||||
[firmy@Reverse]$ ./flag_pwnablekr
|
||||
I will malloc() and strcpy the flag there. take it.
|
||||
[firmy@Reverse]$ strings flag_pwnablekr | grep UPX
|
||||
UPX!
|
||||
$Info: This file is packed with the UPX executable packer http://upx.sf.net $
|
||||
$Id: UPX 3.08 Copyright (C) 1996-2011 the UPX Team. All Rights Reserved. $
|
||||
UPX!
|
||||
UPX!
|
||||
[firmy@Reverse]$ upx -d flag_pwnablekr
|
||||
Ultimate Packer for eXecutables
|
||||
Copyright (C) 1996 - 2017
|
||||
UPX 3.94 Markus Oberhumer, Laszlo Molnar & John Reiser May 12th 2017
|
||||
File size Ratio Format Name
|
||||
-------------------- ------ ----------- -----------
|
||||
883745 <- 335288 37.94% linux/amd64 flag_pwnablekr
|
||||
Unpacked 1 file.
|
||||
[firmy@Reverse]$ strings flag_pwnablekr | grep -i upx
|
||||
UPX...? sounds like a delivery service :)
|
||||
```
|
||||
|
||||
#### xxd - xxd_crackme
|
||||
```text
|
||||
[firmy@Reverse]$ xxd -g1 xxd_crackme
|
||||
......
|
||||
00001020: 00 00 00 00 67 30 30 64 4a 30 42 21 00 00 00 00 ....g00dJ0B!....
|
||||
......
|
||||
```
|
||||
```text
|
||||
[firmy@Reverse]$ strings -d xxd_crackme
|
||||
......
|
||||
g00dJ0B!
|
||||
......
|
||||
```
|
BIN
source/Reverse/flag_pwnablekr
Executable file
BIN
source/Reverse/flag_pwnablekr
Executable file
Binary file not shown.
BIN
source/Reverse/strings_crackme
Executable file
BIN
source/Reverse/strings_crackme
Executable file
Binary file not shown.
BIN
source/Reverse/xxd_crackme
Executable file
BIN
source/Reverse/xxd_crackme
Executable file
Binary file not shown.
Loading…
Reference in New Issue
Block a user