Hacker之路技能树(1)

第一个任务,了解buffer overflow.

我是64位的,

64-bit, what you need to know

For the purpose of this tutorial, you should be aware of the following points:

  • General purpose registers have been expanded to 64-bit. So we now have RAX, RBX, RCX, RDX, RSI, and RDI.
  • Instruction pointer, base pointer, and stack pointer have also been expanded to 64-bit as RIP, RBP, and RSP respectively.
  • Additional registers have been provided: R8 to R15.
  • Pointers are 8-bytes wide.
  • Push/pop on the stack are 8-bytes wide.
  • Maximum canonical address size of 0x00007FFFFFFFFFFF.
  • Parameters to functions are passed through registers.
用到的工具:
  • Python Exploit Development Assistance for GDB
  • getenvaddr.c
我的 requirements:http://www.cis.syr.edu/~wedu/seed/Labs_12.04/Software/Buffer_Overflow/Buffer_Overflow.pdf:
但实际上我觉得这是一个非常渣的教程,问题设置的不错但是过程太笨了,所以找到另一个:
http://blog.techorganic.com/2015/04/10/64-bit-linux-stack-smashing-tutorial-part-1/

总结下:
先大胆overflow掉return address,然后用pattern检查具体是那一组把rip overwrite掉了($rsp),然后  再次overflow 此时用shellcode覆盖,就ok啦.说起来很简单,但其中道理却很多哈哈哈。

note:
Address Randomization: 这个会报Segmentation fault (core dumped),我觉得如果循环时间长总会碰到对的。
Stack Guard: *** stack smashing detected ***: ./classic terminated 直接杀死
Non-executable Stack: Segmentation fault (core dumped) only makes it impossible to run shellcode on the stack

你可能感兴趣的:(Hacker之路技能树(1))