This commit is contained in:
firmianay 2017-10-14 20:17:42 +08:00
parent 5c4df18f5a
commit f66305c535
4 changed files with 41 additions and 2 deletions

View File

@ -19,7 +19,7 @@ skanlite cantata kdenlive konversation libreoffice-still thunderbird-kde k3b cup
yaourt -S: yaourt -S:
virtualbox tree git ipython ipython2 gdb google-chrome tcpdump vim wireshark-qt edb ssdeep wps-office strace metasploit pwntools peda oh-my-zsh-git radare2 binwalk burpsuite checksec netcat wxhexeditor virtualbox tree git ipython ipython2 gdb google-chrome tcpdump vim wireshark-qt edb ssdeep wps-office strace ltrace metasploit python2-pwntools peda oh-my-zsh-git radare2 binwalk burpsuite checksec netcat wxhexeditor
pip3/pip2 install: pip3/pip2 install:

View File

@ -442,8 +442,47 @@ f7510000-f76df000 r-xp 1cf000 /usr/lib32/libc-2.26.so
该模块用于格式化字符串漏洞的利用,格式化字符串漏洞是 CTF 中一种常见的题型,我们会在后面的章节中详细讲述,关于该模块的使用也会留到那儿。详见 *3.3.1 格式化字符串漏洞* 该模块用于格式化字符串漏洞的利用,格式化字符串漏洞是 CTF 中一种常见的题型,我们会在后面的章节中详细讲述,关于该模块的使用也会留到那儿。详见 *3.3.1 格式化字符串漏洞*
#### gdb #### gdb
`pwnlib.gdb`
在写漏洞利用的时候,常常需要使用 gdb 动态调试,该模块就提供了这方面的支持。
两个常用函数:
- `gdb.attach(target, gdbscript=None)`:在一个新终端打开 gdb 并 attach 到指定 PID 的进程,或是一个 `pwnlib.tubes` 对象。
- `gdb.debug(args, gdbscript=None)`:在新终端中使用 gdb 加载一个二进制文件。
上面两种方法都可以在开启的时候传递一个脚本到 gdb可以很方便地做一些操作如自动设置断点。
```python
# attach to pid 1234
gdb.attach(1234)
# attach to a process
bash = process('bash')
gdb.attach(bash, '''
set follow-fork-mode child
continue
''')
bash.sendline('whoami')
```
```
# Create a new process, and stop it at 'main'
io = gdb.debug('bash', '''
# Wait until we hit the main executable's entry point
break _start
continue
# Now set breakpoint on shared library routines
break malloc
break free
continue
''')
```
#### memleak #### memleak
`pwnlib.memleak`
该模块用于内存泄露的利用。可用作装饰器。它会将泄露的内存缓存起来,在漏洞利用过程中可能会用到。
#### rop #### rop

View File

@ -230,7 +230,7 @@ $ ssdeep -bm hash.txt modified.elf
```text ```text
-a --all Scan the entire file, not just the data section [default] -a --all Scan the entire file, not just the data section [default]
-t --radix={o,d,x} Print the location of the string in base 8, 10 or 16 -t --radix={o,d,x} Print the location of the string in base 8, 10 or 16
-e --encoding={s,S,b,l,B,L} Select character size and endianness: -e --encoding={s,S,b,l,B,L} Select character size and endianess:
s = 7-bit, S = 8-bit, {b,l} = 16-bit, {B,L} = 32-bit s = 7-bit, S = 8-bit, {b,l} = 16-bit, {B,L} = 32-bit
``` ```

BIN
ppt/01_fight-with-linux.pdf Normal file

Binary file not shown.