• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号

rosehgal/BinExp: Linux Binary Exploitation

原作者: [db:作者] 来自: 网络 收藏 邀请

开源软件名称(OpenSource Name):

rosehgal/BinExp

开源软件地址(OpenSource Url):

https://github.com/rosehgal/BinExp

开源编程语言(OpenSource Language):

C 100.0%

开源软件介绍(OpenSource Introduction):

Binary Exploitation

I have another interesting project @DockerENT, @Trashemail take some time to review it as well.

Any Doubt...? Let's Discuss

Introduction

I am quite passionate about exploiting binary files. The first time when I came across Buffer Overflow(a simple technique of exploitation), then I was not able to implement the same with the same copy of code on my system. The reason for that was there was no consolidated document that would guide me thoroughly to write a perfect exploit payload for the program in case of system changes. Also, there are very few descriptive blogs/tutorials that had helped me exploiting a given binary. I have come up with the consolidation of Modern exploitation techniques (in the form of the tutorial) that will allow you to understand exploitation from scratch.

I will be using vagrant file to set up the system on a virtual box. To do the same in your system follow:

  1. vagrant up
  2. vagrant ssh

Topics

  1. Lecture 1.

    • Memory Layout of C program.
    • ELF binaries.
    • Overview of stack during function call.
    • Assembly code for the function call and return.
    • Concept of $ebp and $esp.
    • Executable memory.
  2. Lecture 1.5.

    • How Linux finds the binaries utilis?
    • Simple exploit using Linux $PATH variable.
  3. Lecture 2.

    • What are stack overflows?
    • ASLR (basics), avoiding Stack protection.
    • Shellcodes
    • Buffer overflow:
      • Changing Control of the program to return to some other function
      • Shellcode injection in buffer and spawning the shell
  4. Lecture 3.

    • Shellcode injection with ASLR enabled.
      • Environment variables.
  5. Lecture 3.5

    • Return to Libc attacks.
    • Spawning shell in non executable stack
    • Stack organization in case ret2libc attack.
  6. Lecture 4.

    • This folder contains the set of questions to exploit binaries on the concept that we have learned so far.
  7. Lecture 5.

    • What is format string Vulnerability?
    • Seeing the content of stack.
    • Writing onto the stack.
    • Writing to arbitrary memory location.
  8. Lecture 6.

    • GOT
    • Overriding GOT entry.
    • Spawning shell with format string vuln.
  9. Lecture 7.

    • Heaps
    • Arena, Bins, Chunks.
    • Use after free exploit.
    • Double free exploit.



鲜花

握手

雷人

路过

鸡蛋
该文章已有0人参与评论

请发表评论

全部评论

专题导读
热门推荐
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap