mirror of
https://github.com/nganhkhoa/CTF-All-In-One.git
synced 2024-12-24 19:21:15 +07:00
add ppt
This commit is contained in:
parent
5c4df18f5a
commit
f66305c535
@ -19,7 +19,7 @@ skanlite cantata kdenlive konversation libreoffice-still thunderbird-kde k3b cup
|
||||
|
||||
yaourt -S:
|
||||
|
||||
virtualbox tree git ipython ipython2 gdb google-chrome tcpdump vim wireshark-qt edb ssdeep wps-office strace metasploit pwntools peda oh-my-zsh-git radare2 binwalk burpsuite checksec netcat wxhexeditor
|
||||
virtualbox tree git ipython ipython2 gdb google-chrome tcpdump vim wireshark-qt edb ssdeep wps-office strace ltrace metasploit python2-pwntools peda oh-my-zsh-git radare2 binwalk burpsuite checksec netcat wxhexeditor
|
||||
|
||||
pip3/pip2 install:
|
||||
|
||||
|
@ -442,8 +442,47 @@ f7510000-f76df000 r-xp 1cf000 /usr/lib32/libc-2.26.so
|
||||
该模块用于格式化字符串漏洞的利用,格式化字符串漏洞是 CTF 中一种常见的题型,我们会在后面的章节中详细讲述,关于该模块的使用也会留到那儿。详见 *3.3.1 格式化字符串漏洞*
|
||||
|
||||
#### gdb
|
||||
`pwnlib.gdb`
|
||||
|
||||
在写漏洞利用的时候,常常需要使用 gdb 动态调试,该模块就提供了这方面的支持。
|
||||
|
||||
两个常用函数:
|
||||
- `gdb.attach(target, gdbscript=None)`:在一个新终端打开 gdb 并 attach 到指定 PID 的进程,或是一个 `pwnlib.tubes` 对象。
|
||||
- `gdb.debug(args, gdbscript=None)`:在新终端中使用 gdb 加载一个二进制文件。
|
||||
|
||||
上面两种方法都可以在开启的时候传递一个脚本到 gdb,可以很方便地做一些操作,如自动设置断点。
|
||||
|
||||
```python
|
||||
# attach to pid 1234
|
||||
gdb.attach(1234)
|
||||
|
||||
# attach to a process
|
||||
bash = process('bash')
|
||||
gdb.attach(bash, '''
|
||||
set follow-fork-mode child
|
||||
continue
|
||||
''')
|
||||
bash.sendline('whoami')
|
||||
```
|
||||
|
||||
```
|
||||
# Create a new process, and stop it at 'main'
|
||||
io = gdb.debug('bash', '''
|
||||
# Wait until we hit the main executable's entry point
|
||||
break _start
|
||||
continue
|
||||
|
||||
# Now set breakpoint on shared library routines
|
||||
break malloc
|
||||
break free
|
||||
continue
|
||||
''')
|
||||
```
|
||||
|
||||
#### memleak
|
||||
`pwnlib.memleak`
|
||||
|
||||
该模块用于内存泄露的利用。可用作装饰器。它会将泄露的内存缓存起来,在漏洞利用过程中可能会用到。
|
||||
|
||||
#### rop
|
||||
|
||||
|
@ -230,7 +230,7 @@ $ ssdeep -bm hash.txt modified.elf
|
||||
```text
|
||||
-a --all Scan the entire file, not just the data section [default]
|
||||
-t --radix={o,d,x} Print the location of the string in base 8, 10 or 16
|
||||
-e --encoding={s,S,b,l,B,L} Select character size and endianness:
|
||||
-e --encoding={s,S,b,l,B,L} Select character size and endianess:
|
||||
s = 7-bit, S = 8-bit, {b,l} = 16-bit, {B,L} = 32-bit
|
||||
```
|
||||
|
||||
|
BIN
ppt/01_fight-with-linux.pdf
Normal file
BIN
ppt/01_fight-with-linux.pdf
Normal file
Binary file not shown.
Loading…
Reference in New Issue
Block a user