This commit is contained in:
firmianay 2017-07-17 22:02:41 +08:00
parent 1296b4faaf
commit 7e72dbbc4a
10 changed files with 145 additions and 5 deletions

View File

@ -24,6 +24,7 @@
- [五、高级篇](doc/5_advanced.md) - [五、高级篇](doc/5_advanced.md)
- [六、附录](doc/6_appendix.md) - [六、附录](doc/6_appendix.md)
- [6.1 更多工具](doc/6.1_moretools.md) - [6.1 更多 Linux 工具](doc/6.1_Linuxtools.md)
- [6.1.1 terminal commands](doc/6.1.1_commands.md) - [6.2 更多 Windows 工具](doc/6.2_wintools.md)
- 书籍,博客和文章 - [6.3 博客、文章和书籍](doc/6.3_books&blogs.md)
- [6.4 习题 write-up](doc/6.4_writeup.md)

View File

@ -1 +0,0 @@
# 6.1 Terminal Commands

53
doc/6.1_Linuxtools.md Normal file
View File

@ -0,0 +1,53 @@
# 6.1 更多 Linux 工具
- [strings](#strings)
- [xxd](#xxd)
## <span id="strings">strings</span>
**strings**命令在对象文件或二进制文件中查找可打印的字符串。字符串是4个或更多可打印字符的任意序列以换行符或空字符结束。strings命令对识别随机对象文件很有用。
#### 重要参数
```text
-d --data Only scan the data sections in the file
-t --radix={o,d,x} Print the location of the string in base 8, 10 or 16
-e --encoding={s,S,b,l,B,L} Select character size and endianness:
s = 7-bit, S = 8-bit, {b,l} = 16-bit, {B,L} = 32-bit
```
#### 常见用法
组合使用 *strings**grep*
**ret2lib** 攻击中,得到字符串的偏移:
```text
strings -t x /lib32/libc-2.24.so | grep /bin/sh
```
检查是否使用了 **UPX** 加壳
```text
strings [executable] | grep -i upx
```
#### 练习
[strings_crackme](../source/Reverse/strings_crackme)
[flag_pwnablekr](../source/Reverse/flag_pwnablekr)
## <span id="xxd">xxd</span>
**xxd**的作用就是将一个文件以十六进制的形式显示出来。
#### 重要参数:
```text
-g number of octets per group in normal output. Default 2 (-e: 4).
-i output in C include file style.
-l len stop after <len> octets.
-u use upper case hex letters.
```
#### 常见用法
```text
xxd -g1
```
#### 练习
[xxd_crackme](../source/Reverse/xxd_crackme) (使用 *strings* 再做一次)

View File

@ -1 +0,0 @@
# 更多工具

5
doc/6.2_wintools.md Normal file
View File

@ -0,0 +1,5 @@
# 6.1.2 更多 Windows 工具
- [wxHexEditor](#wxhexeditor)
## <span id="wxhexeditor">wxHexEditor</span>

10
doc/6.3_books&blogs.md Normal file
View File

@ -0,0 +1,10 @@
# 博客、文章和书籍
## 博客
## 文章
## 书籍
- Hacking: The Art of Exploitation, 2nd Edition by Jon Erickson
- The Shellcoder's Handbook: Discovering and Exploiting
Security Holes, 2nd Edition by Chris Anley et al

73
doc/6.4_writeup.md Normal file
View File

@ -0,0 +1,73 @@
# 6.4 习题答案
- 一、基础知识篇
- [1.1 ctf 介绍]
- 二、工具篇
- [2.1 gdb/peda]
- [2.2 ollydbg]
- [2.3 windbg]
- [2.4 radare2]
- [2.5 IDA Pro]
- [2.6 pwntools]
- 三、分类专题篇
- [3.1 Reverse]
- [3.2 Crypto]
- [3.3 Pwn]
- [3.4 Web]
- [3.5 Misc]
- [3.6 Mobile]
- 四、技巧篇
- 五、高级篇
- 六、附录
- [6.1 更多 Linux 工具]
- [6.2 更多 Windows 工具]
- [6.3 博客、文章和书籍]
- [6.4 习题 write-up]
## 6.1 更多 Linux 工具
#### Strings - strings_crackme
```text
[firmy@Reverse]$ strings -e L strings_crackme
w0wgreat
```
#### Strings - flag_pwnablekr
```text
[firmy@Reverse]$ ./flag_pwnablekr
I will malloc() and strcpy the flag there. take it.
[firmy@Reverse]$ strings flag_pwnablekr | grep UPX
UPX!
$Info: This file is packed with the UPX executable packer http://upx.sf.net $
$Id: UPX 3.08 Copyright (C) 1996-2011 the UPX Team. All Rights Reserved. $
UPX!
UPX!
[firmy@Reverse]$ upx -d flag_pwnablekr
Ultimate Packer for eXecutables
Copyright (C) 1996 - 2017
UPX 3.94 Markus Oberhumer, Laszlo Molnar & John Reiser May 12th 2017
File size Ratio Format Name
-------------------- ------ ----------- -----------
883745 <- 335288 37.94% linux/amd64 flag_pwnablekr
Unpacked 1 file.
[firmy@Reverse]$ strings flag_pwnablekr | grep -i upx
UPX...? sounds like a delivery service :)
```
#### xxd - xxd_crackme
```text
[firmy@Reverse]$ xxd -g1 xxd_crackme
......
00001020: 00 00 00 00 67 30 30 64 4a 30 42 21 00 00 00 00 ....g00dJ0B!....
......
```
```text
[firmy@Reverse]$ strings -d xxd_crackme
......
g00dJ0B!
......
```

BIN
source/Reverse/flag_pwnablekr Executable file

Binary file not shown.

BIN
source/Reverse/strings_crackme Executable file

Binary file not shown.

BIN
source/Reverse/xxd_crackme Executable file

Binary file not shown.