mirror of
https://github.com/nganhkhoa/CTF-All-In-One.git
synced 2024-12-24 19:21:15 +07:00
add 6.1.24 6.1.25
This commit is contained in:
parent
38adff96ae
commit
8fe1a305ae
@ -28,13 +28,6 @@ GitHub 地址:https://github.com/firmianay/CTF-All-In-One
|
|||||||
* [1.5.9 Linux 内核](doc/1.5.9_linux_kernel.md)
|
* [1.5.9 Linux 内核](doc/1.5.9_linux_kernel.md)
|
||||||
* [1.5.10 Windows 内核](doc/1.5.10_windows_kernel.md)
|
* [1.5.10 Windows 内核](doc/1.5.10_windows_kernel.md)
|
||||||
* [1.6 密码学基础](doc/1.6_crypto_basic.md)
|
* [1.6 密码学基础](doc/1.6_crypto_basic.md)
|
||||||
* [1.6.1 初等数论](doc/1.6.1_number_theory.md)
|
|
||||||
* [1.6.2 近世代数](doc/1.6.2_modern_algebra.md)
|
|
||||||
* [1.6.3 流密码](doc/1.6.3_stream_cipher.md)
|
|
||||||
* [1.6.4 分组密码](doc/1.6.4_block_cipher.md)
|
|
||||||
* [1.6.5 公钥密码](doc/1.6.5_public-key_crypto.md)
|
|
||||||
* [1.6.6 哈希函数](doc/1.6.6_hash.md)
|
|
||||||
* [1.6.7 数字签名](doc/1.6.7_digital_signature.md)
|
|
||||||
* [1.7 Android 安全基础](doc/1.7_android_basic.md)
|
* [1.7 Android 安全基础](doc/1.7_android_basic.md)
|
||||||
* [1.7.1 Android 环境搭建](doc/1.7.1_android_env.md)
|
* [1.7.1 Android 环境搭建](doc/1.7.1_android_env.md)
|
||||||
* [1.7.2 Dalvik 指令集](doc/1.7.2_dalvik.md)
|
* [1.7.2 Dalvik 指令集](doc/1.7.2_dalvik.md)
|
||||||
@ -154,6 +147,8 @@ GitHub 地址:https://github.com/firmianay/CTF-All-In-One
|
|||||||
* [6.1.21 pwn HITCONCTF2016 Secret_Holder](doc/6.1.21_pwn_hitconctf2016_secret_holder.md)
|
* [6.1.21 pwn HITCONCTF2016 Secret_Holder](doc/6.1.21_pwn_hitconctf2016_secret_holder.md)
|
||||||
* [6.1.22 pwn HITCONCTF2016 Sleepy_Holder](doc/6.1.22_pwn_hitconctf2016_sleepy_holder.md)
|
* [6.1.22 pwn HITCONCTF2016 Sleepy_Holder](doc/6.1.22_pwn_hitconctf2016_sleepy_holder.md)
|
||||||
* [6.1.23 pwn BCTF2016 bcloud](doc/6.1.23_pwn_bctf2016_bcloud.md)
|
* [6.1.23 pwn BCTF2016 bcloud](doc/6.1.23_pwn_bctf2016_bcloud.md)
|
||||||
|
* [6.1.24 pwn HCTF2017 babyprintf](doc/6.1.24_pwn_hctf2017_babyprintf.md)
|
||||||
|
* [6.1.25 pwn 34C3CTF2017 300](doc/6.1.25_pwn_34c3ctf2017_300.md)
|
||||||
* Reverse
|
* Reverse
|
||||||
* [6.2.1 re XHPCTF2017 dont_panic](doc/6.2.1_re_xhpctf2017_dont_panic.md)
|
* [6.2.1 re XHPCTF2017 dont_panic](doc/6.2.1_re_xhpctf2017_dont_panic.md)
|
||||||
* [6.2.2 re ECTF2016 tayy](doc/6.2.2_re_ectf2016_tayy.md)
|
* [6.2.2 re ECTF2016 tayy](doc/6.2.2_re_ectf2016_tayy.md)
|
||||||
|
@ -1 +0,0 @@
|
|||||||
# 1.6.1 初等数论
|
|
@ -1 +0,0 @@
|
|||||||
# 1.6.2 近世代数
|
|
@ -1,11 +0,0 @@
|
|||||||
# 1.6.3 流密码
|
|
||||||
|
|
||||||
- [流密码概述](#流密码概述)
|
|
||||||
- [参考资料](#参考资料)
|
|
||||||
|
|
||||||
|
|
||||||
## 流密码概述
|
|
||||||
|
|
||||||
|
|
||||||
## 参考资料
|
|
||||||
- [Stream cipher](https://en.wikipedia.org/wiki/Stream_cipher)
|
|
@ -1,57 +0,0 @@
|
|||||||
# 1.6.4 分组密码
|
|
||||||
|
|
||||||
- [分组密码概述](#分组密码概述)
|
|
||||||
- [Feistel 密码结构](#feistel-密码结构)
|
|
||||||
- [数据加密标准](#数据加密标准)
|
|
||||||
- [DES](#des)
|
|
||||||
- [3DES](#3des)
|
|
||||||
- [高级加密标准](#高级加密标准)
|
|
||||||
- [分组密码工作模式](#分组密码工作模式)
|
|
||||||
- [电子密码本模式](#电子密码本模式)
|
|
||||||
- [密码分组链接模式](#密码分组链接模式)
|
|
||||||
- [密码反馈模式](#密码反馈模式)
|
|
||||||
- [输出反馈模式](#输出反馈模式)
|
|
||||||
- [计数器模式](#计数器模式)
|
|
||||||
- [参考资料](#参考资料)
|
|
||||||
|
|
||||||
|
|
||||||
## 分组密码概述
|
|
||||||
|
|
||||||
#### Feistel 密码结构
|
|
||||||
Feistel 结构是分组密码的一个通用结构。其加密算法的输入是长度为 2*w* 比特的明文分组及密钥 *K*。明文分组被分为两半:![L0][1] 和 ![R0][2]
|
|
||||||
|
|
||||||
![](../pic/1.6.4_feistel.png)
|
|
||||||
|
|
||||||
|
|
||||||
## 数据加密标准
|
|
||||||
|
|
||||||
#### DES
|
|
||||||
|
|
||||||
#### 3DES
|
|
||||||
|
|
||||||
|
|
||||||
## 高级加密标准
|
|
||||||
|
|
||||||
|
|
||||||
## 分组密码工作模式
|
|
||||||
|
|
||||||
#### 电子密码本模式
|
|
||||||
|
|
||||||
#### 密码分组链接模式
|
|
||||||
|
|
||||||
#### 密码反馈模式
|
|
||||||
|
|
||||||
#### 输出反馈模式
|
|
||||||
|
|
||||||
#### 计数器模式
|
|
||||||
|
|
||||||
|
|
||||||
## 参考资料
|
|
||||||
- [Block cipher](https://en.wikipedia.org/wiki/Block_cipher)
|
|
||||||
- [Data Encryption Standard](https://en.wikipedia.org/wiki/Data_Encryption_Standard)
|
|
||||||
- [Advanced Encryption Standard](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard)
|
|
||||||
- [Block cipher mode of operation](https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation)
|
|
||||||
|
|
||||||
|
|
||||||
[1]: http://chart.apis.google.com/chart?cht=tx&chl=L_0
|
|
||||||
[2]: http://chart.apis.google.com/chart?cht=tx&chl=R_0
|
|
@ -1,12 +0,0 @@
|
|||||||
# 1.6.5 公钥密码
|
|
||||||
|
|
||||||
- [参考资料](#参考资料)
|
|
||||||
- [RSA](#rsa)
|
|
||||||
|
|
||||||
|
|
||||||
## RSA
|
|
||||||
|
|
||||||
|
|
||||||
## 参考资料
|
|
||||||
- [Public-key cryptography](https://en.wikipedia.org/wiki/Public-key_cryptography)
|
|
||||||
- [RSA (cryptosystem)](https://en.wikipedia.org/wiki/RSA_(cryptosystem))
|
|
@ -1,7 +0,0 @@
|
|||||||
# 1.6.6 哈希函数
|
|
||||||
|
|
||||||
- [参考资料](#参考资料)
|
|
||||||
|
|
||||||
|
|
||||||
## 参考资料
|
|
||||||
- [Hash function](https://en.wikipedia.org/wiki/Hash_function)
|
|
@ -1,7 +0,0 @@
|
|||||||
# 1.6.7 数字签名
|
|
||||||
|
|
||||||
- [参考资料](#参考资料)
|
|
||||||
|
|
||||||
|
|
||||||
## 参考资料
|
|
||||||
- [Digital signature](https://en.wikipedia.org/wiki/Digital_signature)
|
|
@ -1,9 +1 @@
|
|||||||
# 1.6 密码学基础
|
# 1.6 密码学基础
|
||||||
|
|
||||||
- [1.6.1 初等数论](1.6.1_number_theory.md)
|
|
||||||
- [1.6.2 近世代数](1.6.2_modern_algebra.md)
|
|
||||||
- [1.6.3 流密码](1.6.3_stream_cipher.md)
|
|
||||||
- [1.6.4 分组密码](1.6.4_block_cipher.md)
|
|
||||||
- [1.6.5 公钥密码](1.6.5_public-key_crypto.md)
|
|
||||||
- [1.6.6 哈希函数](1.6.6_hash.md)
|
|
||||||
- [1.6.7 数字签名](1.6.7_digital_signature.md)
|
|
||||||
|
@ -19,6 +19,7 @@ $ strings libc-2.19.so | grep "GNU C"
|
|||||||
GNU C Library (Ubuntu EGLIBC 2.19-0ubuntu6.7) stable release version 2.19, by Roland McGrath et al.
|
GNU C Library (Ubuntu EGLIBC 2.19-0ubuntu6.7) stable release version 2.19, by Roland McGrath et al.
|
||||||
Compiled by GNU CC version 4.8.2.
|
Compiled by GNU CC version 4.8.2.
|
||||||
```
|
```
|
||||||
|
32 位程序,开启了 Canary 和 NX,默认开启 ASLR。
|
||||||
|
|
||||||
|
|
||||||
## 题目解析
|
## 题目解析
|
||||||
|
29
doc/6.1.24_pwn_hctf2017_babyprintf.md
Normal file
29
doc/6.1.24_pwn_hctf2017_babyprintf.md
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
# 6.1.24 pwn HCTF2017 babyprintf
|
||||||
|
|
||||||
|
- [题目复现](#题目复现)
|
||||||
|
- [题目解析](#题目解析)
|
||||||
|
- [漏洞利用](#漏洞利用)
|
||||||
|
- [参考资料](#参考资料)
|
||||||
|
|
||||||
|
|
||||||
|
[下载文件](../src/writeup/6.1.24_pwn_hctf2017_babyprintf)
|
||||||
|
|
||||||
|
## 题目复现
|
||||||
|
```
|
||||||
|
$ file babyprintf
|
||||||
|
babyprintf: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=5652f65b98094d8ab456eb0a54d37d9b09b4f3f6, stripped
|
||||||
|
$ checksec -f babyprintf
|
||||||
|
RELRO STACK CANARY NX PIE RPATH RUNPATH FORTIFY Fortified Fortifiable FILE
|
||||||
|
Partial RELRO Canary found NX enabled No PIE No RPATH No RUNPATH Yes 1 2 babyprintf
|
||||||
|
$ strings libc-2.24.so | grep "GNU C"
|
||||||
|
GNU C Library (Ubuntu GLIBC 2.24-9ubuntu2.2) stable release version 2.24, by Roland McGrath et al.
|
||||||
|
Compiled by GNU CC version 6.3.0 20170406.
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
## 题目解析
|
||||||
|
|
||||||
|
## 漏洞利用
|
||||||
|
|
||||||
|
## 参考资料
|
||||||
|
- https://github.com/spineee/hctf/tree/master/2017/babyprintf
|
29
doc/6.1.25_pwn_34c3ctf2017_300.md
Normal file
29
doc/6.1.25_pwn_34c3ctf2017_300.md
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
# 6.1.25 pwn 34C3CTF2017 300
|
||||||
|
|
||||||
|
- [题目复现](#题目复现)
|
||||||
|
- [题目解析](#题目解析)
|
||||||
|
- [漏洞利用](#漏洞利用)
|
||||||
|
- [参考资料](#参考资料)
|
||||||
|
|
||||||
|
|
||||||
|
[下载文件](../src/writeup/6.1.25_pwn_34c3ctf2017_300)
|
||||||
|
|
||||||
|
## 题目复现
|
||||||
|
```
|
||||||
|
$ file 300
|
||||||
|
300: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=5f43b102f0fe3f3dd770637f1d244384f6b2a1c9, not stripped
|
||||||
|
$ checksec -f 300
|
||||||
|
RELRO STACK CANARY NX PIE RPATH RUNPATH FORTIFY Fortified Fortifiable FILE
|
||||||
|
Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH Yes 0 2 300
|
||||||
|
$ strings libc.so.6 | grep "GNU C"
|
||||||
|
GNU C Library (Ubuntu GLIBC 2.24-9ubuntu2.2) stable release version 2.24, by Roland McGrath et al.
|
||||||
|
Compiled by GNU CC version 6.3.0 20170406.
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
## 题目解析
|
||||||
|
|
||||||
|
## 漏洞利用
|
||||||
|
|
||||||
|
## 参考资料
|
||||||
|
- https://ctftime.org/task/5172
|
@ -24,6 +24,8 @@
|
|||||||
* [6.1.21 pwn HITCONCTF2016 Secret_Holder](6.1.21_pwn_hitconctf2016_secret_holder.md)
|
* [6.1.21 pwn HITCONCTF2016 Secret_Holder](6.1.21_pwn_hitconctf2016_secret_holder.md)
|
||||||
* [6.1.22 pwn HITCONCTF2016 Sleepy_Holder](6.1.22_pwn_hitconctf2016_sleepy_holder.md)
|
* [6.1.22 pwn HITCONCTF2016 Sleepy_Holder](6.1.22_pwn_hitconctf2016_sleepy_holder.md)
|
||||||
* [6.1.23 pwn BCTF2016 bcloud](6.1.23_pwn_bctf2016_bcloud.md)
|
* [6.1.23 pwn BCTF2016 bcloud](6.1.23_pwn_bctf2016_bcloud.md)
|
||||||
|
* [6.1.24 pwn HCTF2017 babyprintf](6.1.24_pwn_hctf2017_babyprintf.md)
|
||||||
|
* [6.1.25 pwn 34C3CTF2017 300](6.1.25_pwn_34c3ctf2017_300.md)
|
||||||
* Reverse
|
* Reverse
|
||||||
* [6.2.1 re XHPCTF2017 dont_panic](6.2.1_re_xhpctf2017_dont_panic.md)
|
* [6.2.1 re XHPCTF2017 dont_panic](6.2.1_re_xhpctf2017_dont_panic.md)
|
||||||
* [6.2.2 re ECTF2016 tayy](6.2.2_re_ectf2016_tayy.md)
|
* [6.2.2 re ECTF2016 tayy](6.2.2_re_ectf2016_tayy.md)
|
||||||
|
BIN
src/writeup/6.1.24_pwn_hctf2017_babyprintf/babyprintf
Normal file
BIN
src/writeup/6.1.24_pwn_hctf2017_babyprintf/babyprintf
Normal file
Binary file not shown.
BIN
src/writeup/6.1.24_pwn_hctf2017_babyprintf/libc-2.24.so
Normal file
BIN
src/writeup/6.1.24_pwn_hctf2017_babyprintf/libc-2.24.so
Normal file
Binary file not shown.
BIN
src/writeup/6.1.25_pwn_34c3ctf2017_300/300
Normal file
BIN
src/writeup/6.1.25_pwn_34c3ctf2017_300/300
Normal file
Binary file not shown.
BIN
src/writeup/6.1.25_pwn_34c3ctf2017_300/libc.so.6
Normal file
BIN
src/writeup/6.1.25_pwn_34c3ctf2017_300/libc.so.6
Normal file
Binary file not shown.
Loading…
Reference in New Issue
Block a user