mirror of
https://github.com/nganhkhoa/CTF-All-In-One.git
synced 2024-12-24 19:21:15 +07:00
update
This commit is contained in:
parent
1296b4faaf
commit
7e72dbbc4a
@ -24,6 +24,7 @@
|
|||||||
- [五、高级篇](doc/5_advanced.md)
|
- [五、高级篇](doc/5_advanced.md)
|
||||||
|
|
||||||
- [六、附录](doc/6_appendix.md)
|
- [六、附录](doc/6_appendix.md)
|
||||||
- [6.1 更多工具](doc/6.1_moretools.md)
|
- [6.1 更多 Linux 工具](doc/6.1_Linuxtools.md)
|
||||||
- [6.1.1 terminal commands](doc/6.1.1_commands.md)
|
- [6.2 更多 Windows 工具](doc/6.2_wintools.md)
|
||||||
- 书籍,博客和文章
|
- [6.3 博客、文章和书籍](doc/6.3_books&blogs.md)
|
||||||
|
- [6.4 习题 write-up](doc/6.4_writeup.md)
|
||||||
|
@ -1 +0,0 @@
|
|||||||
# 6.1 Terminal Commands
|
|
53
doc/6.1_Linuxtools.md
Normal file
53
doc/6.1_Linuxtools.md
Normal file
@ -0,0 +1,53 @@
|
|||||||
|
# 6.1 更多 Linux 工具
|
||||||
|
|
||||||
|
- [strings](#strings)
|
||||||
|
- [xxd](#xxd)
|
||||||
|
|
||||||
|
## <span id="strings">strings</span>
|
||||||
|
**strings**命令在对象文件或二进制文件中查找可打印的字符串。字符串是4个或更多可打印字符的任意序列,以换行符或空字符结束。strings命令对识别随机对象文件很有用。
|
||||||
|
|
||||||
|
#### 重要参数
|
||||||
|
```text
|
||||||
|
-d --data Only scan the data sections in the file
|
||||||
|
-t --radix={o,d,x} Print the location of the string in base 8, 10 or 16
|
||||||
|
-e --encoding={s,S,b,l,B,L} Select character size and endianness:
|
||||||
|
s = 7-bit, S = 8-bit, {b,l} = 16-bit, {B,L} = 32-bit
|
||||||
|
```
|
||||||
|
|
||||||
|
#### 常见用法
|
||||||
|
组合使用 *strings* 和 *grep*。
|
||||||
|
|
||||||
|
在 **ret2lib** 攻击中,得到字符串的偏移:
|
||||||
|
```text
|
||||||
|
strings -t x /lib32/libc-2.24.so | grep /bin/sh
|
||||||
|
```
|
||||||
|
|
||||||
|
检查是否使用了 **UPX** 加壳
|
||||||
|
```text
|
||||||
|
strings [executable] | grep -i upx
|
||||||
|
```
|
||||||
|
|
||||||
|
#### 练习
|
||||||
|
[strings_crackme](../source/Reverse/strings_crackme)
|
||||||
|
|
||||||
|
[flag_pwnablekr](../source/Reverse/flag_pwnablekr)
|
||||||
|
|
||||||
|
|
||||||
|
## <span id="xxd">xxd</span>
|
||||||
|
**xxd**的作用就是将一个文件以十六进制的形式显示出来。
|
||||||
|
|
||||||
|
#### 重要参数:
|
||||||
|
```text
|
||||||
|
-g number of octets per group in normal output. Default 2 (-e: 4).
|
||||||
|
-i output in C include file style.
|
||||||
|
-l len stop after <len> octets.
|
||||||
|
-u use upper case hex letters.
|
||||||
|
```
|
||||||
|
|
||||||
|
#### 常见用法
|
||||||
|
```text
|
||||||
|
xxd -g1
|
||||||
|
```
|
||||||
|
|
||||||
|
#### 练习
|
||||||
|
[xxd_crackme](../source/Reverse/xxd_crackme) (使用 *strings* 再做一次)
|
@ -1 +0,0 @@
|
|||||||
# 更多工具
|
|
5
doc/6.2_wintools.md
Normal file
5
doc/6.2_wintools.md
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
# 6.1.2 更多 Windows 工具
|
||||||
|
|
||||||
|
- [wxHexEditor](#wxhexeditor)
|
||||||
|
|
||||||
|
## <span id="wxhexeditor">wxHexEditor</span>
|
10
doc/6.3_books&blogs.md
Normal file
10
doc/6.3_books&blogs.md
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
# 博客、文章和书籍
|
||||||
|
|
||||||
|
## 博客
|
||||||
|
|
||||||
|
## 文章
|
||||||
|
|
||||||
|
## 书籍
|
||||||
|
- Hacking: The Art of Exploitation, 2nd Edition by Jon Erickson
|
||||||
|
- The Shellcoder's Handbook: Discovering and Exploiting
|
||||||
|
Security Holes, 2nd Edition by Chris Anley et al
|
73
doc/6.4_writeup.md
Normal file
73
doc/6.4_writeup.md
Normal file
@ -0,0 +1,73 @@
|
|||||||
|
# 6.4 习题答案
|
||||||
|
|
||||||
|
- 一、基础知识篇
|
||||||
|
- [1.1 ctf 介绍]
|
||||||
|
|
||||||
|
- 二、工具篇
|
||||||
|
- [2.1 gdb/peda]
|
||||||
|
- [2.2 ollydbg]
|
||||||
|
- [2.3 windbg]
|
||||||
|
- [2.4 radare2]
|
||||||
|
- [2.5 IDA Pro]
|
||||||
|
- [2.6 pwntools]
|
||||||
|
|
||||||
|
- 三、分类专题篇
|
||||||
|
- [3.1 Reverse]
|
||||||
|
- [3.2 Crypto]
|
||||||
|
- [3.3 Pwn]
|
||||||
|
- [3.4 Web]
|
||||||
|
- [3.5 Misc]
|
||||||
|
- [3.6 Mobile]
|
||||||
|
|
||||||
|
- 四、技巧篇
|
||||||
|
|
||||||
|
- 五、高级篇
|
||||||
|
|
||||||
|
- 六、附录
|
||||||
|
- [6.1 更多 Linux 工具]
|
||||||
|
- [6.2 更多 Windows 工具]
|
||||||
|
- [6.3 博客、文章和书籍]
|
||||||
|
- [6.4 习题 write-up]
|
||||||
|
|
||||||
|
## 6.1 更多 Linux 工具
|
||||||
|
#### Strings - strings_crackme
|
||||||
|
```text
|
||||||
|
[firmy@Reverse]$ strings -e L strings_crackme
|
||||||
|
w0wgreat
|
||||||
|
```
|
||||||
|
|
||||||
|
#### Strings - flag_pwnablekr
|
||||||
|
```text
|
||||||
|
[firmy@Reverse]$ ./flag_pwnablekr
|
||||||
|
I will malloc() and strcpy the flag there. take it.
|
||||||
|
[firmy@Reverse]$ strings flag_pwnablekr | grep UPX
|
||||||
|
UPX!
|
||||||
|
$Info: This file is packed with the UPX executable packer http://upx.sf.net $
|
||||||
|
$Id: UPX 3.08 Copyright (C) 1996-2011 the UPX Team. All Rights Reserved. $
|
||||||
|
UPX!
|
||||||
|
UPX!
|
||||||
|
[firmy@Reverse]$ upx -d flag_pwnablekr
|
||||||
|
Ultimate Packer for eXecutables
|
||||||
|
Copyright (C) 1996 - 2017
|
||||||
|
UPX 3.94 Markus Oberhumer, Laszlo Molnar & John Reiser May 12th 2017
|
||||||
|
File size Ratio Format Name
|
||||||
|
-------------------- ------ ----------- -----------
|
||||||
|
883745 <- 335288 37.94% linux/amd64 flag_pwnablekr
|
||||||
|
Unpacked 1 file.
|
||||||
|
[firmy@Reverse]$ strings flag_pwnablekr | grep -i upx
|
||||||
|
UPX...? sounds like a delivery service :)
|
||||||
|
```
|
||||||
|
|
||||||
|
#### xxd - xxd_crackme
|
||||||
|
```text
|
||||||
|
[firmy@Reverse]$ xxd -g1 xxd_crackme
|
||||||
|
......
|
||||||
|
00001020: 00 00 00 00 67 30 30 64 4a 30 42 21 00 00 00 00 ....g00dJ0B!....
|
||||||
|
......
|
||||||
|
```
|
||||||
|
```text
|
||||||
|
[firmy@Reverse]$ strings -d xxd_crackme
|
||||||
|
......
|
||||||
|
g00dJ0B!
|
||||||
|
......
|
||||||
|
```
|
BIN
source/Reverse/flag_pwnablekr
Executable file
BIN
source/Reverse/flag_pwnablekr
Executable file
Binary file not shown.
BIN
source/Reverse/strings_crackme
Executable file
BIN
source/Reverse/strings_crackme
Executable file
Binary file not shown.
BIN
source/Reverse/xxd_crackme
Executable file
BIN
source/Reverse/xxd_crackme
Executable file
Binary file not shown.
Loading…
Reference in New Issue
Block a user