Pwn学习总结(21):Heap-OtherBin/offbyone
实验平台: x86_64, Ubuntu 16.04.7 LTS, Kernel 4.15.0-142-generic GLIBC 2.23-0ubuntu11.3 实验Binary及答案:https://github.com/bjrjk/pwn-learning/tree/main/OtherBin/offbyone ELF安全性: Arch: amd64-64-little RELRO:...
View ArticlePwn学习总结(22):Heap-OtherBin/unsorted_bin
实验平台: x86_64, Ubuntu 16.04.7 LTS, Kernel 4.15.0-142-generic GLIBC 2.23-0ubuntu11.3 实验Binary及答案:https://github.com/bjrjk/pwn-learning/tree/main/OtherBin/unsorted_bin ELF安全性: Arch: amd64-64-little RELRO:...
View ArticlePwn学习总结(23):Heap – House of Orange – bookwriter
实验平台: x86_64, Ubuntu 16.04.7 LTS, Kernel 4.15.0-142-generic GLIBC 2.23-0ubuntu11.3 实验Binary及答案:https://github.com/bjrjk/pwn-learning/tree/main/OtherBin/bookwriter ELF安全性: Arch: amd64-64-little RELRO:...
View ArticlePwn学习总结(24):Heap – TCache – tcache
实验平台: x86_64, Ubuntu 18.04.6 LTS, Kernel 4.15.0-170-generic GLIBC 2.27-3ubuntu1.5 实验Binary及答案:https://github.com/bjrjk/pwn-learning/tree/main/TCache/tcache ELF安全信息: Arch: amd64-64-little RELRO: Full...
View ArticlePwn学习总结(25):_IO_FILE – io_leak
实验平台: x86_64, Ubuntu 18.04.6 LTS, Kernel 4.15.0-170-generic GLIBC 2.27-3ubuntu1.5 实验Binary及答案:https://github.com/bjrjk/pwn-learning/tree/main/IO_FILE/io_leak ELF安全性: Arch: amd64-64-little RELRO: Full...
View ArticlePwn学习总结(26):TCache – tcache231
实验环境: x86_64, Ubuntu 20.04.4 LTS, Kernel 5.13.0-37-generic GLIBC 2.31-0ubuntu9.8 实验Binary及答案:https://github.com/bjrjk/pwn-learning/tree/main/TCache/tcache231 ELF安全性: Arch: amd64-64-little RELRO:...
View ArticlePwn学习总结(27):SmallBin – playthenew
实验环境: x86_64, Ubuntu 18.04.6 LTS, Kernel 4.15.0-170-generic GLIBC 2.27-3ubuntu1.5 实验Binary及答案:https://github.com/bjrjk/pwn-learning/tree/main/OtherBin/playthenew ELF安全性: Arch: amd64-64-little RELRO:...
View ArticleLinux系统编程之sigtimedwait使用问题记录
近两天做实验,需要在Linux下编写一个反复调用其他程序(application)并等待的程序(invoker)。出现了一个有意思的问题,调了两天终于把这个事情解决了。特此记录一下。 这个程序想要实现的功能是:invoker循环带arguments调用application,并为application设定一个超时时间,如10秒。10秒钟到后,强制结束application并重新开始下一次调用。...
View ArticleJack’s 2023 New Year CTF WriteUp
排名及奖金如下: 排名及用户名 分数 奖金数额 领取状态 1 bml 456 84.56 Y 2 xtex 415 39.15 Y 3 QY 396 38.96 Y 4 Yuzhen 366 19.66 Y 5 FlyingSky 366 18.66 Y 6 undefined 296 8.96 Y 7 morty 296 7.96 8 predit 215 7.15 9 ricky8955555...
View ArticlePwn学习总结(28):Kernel Pwn –内核环境配置与KROP_LPE题目准备
由于个人需求,需要入门Kernel Pwn。所以又继续开始更新这个系列啦! 我的入门参考了Keith Makan的Kernel Pwn系列文章: – [Linux Kernel Exploitation 0x0] Debugging the Kernel with QEMU – [Linux Kernel Exploitation 0x1] Smashing Stack Overflows in...
View ArticlePwn学习总结(29):Kernel Pwn – KROP_LPE
实验Binary及答案:https://github.com/bjrjk/pwn-learning/tree/main/ROP/KROP_LPE 内核安全性: KASLR:关闭 Stack Canary:关闭 FORTIFY_SOURCE:关闭 SMEP/SMAP:开启 KPTI:开启 根因分析...
View Article