Hacker之路技能树(1)

第一个任务,了解buffer overflow.

我是64位的,

64-bit, what you need to know

For the purpose of this tutorial, you should be aware of the following points:

  • General purpose registers have been expanded to 64-bit. So we now have RAX, RBX, RCX, RDX, RSI, and RDI.
  • Instruction pointer, base pointer, and stack pointer have also been expanded to 64-bit as RIP, RBP, and RSP respectively.
  • Additional registers have been provided: R8 to R15.
  • Pointers are 8-bytes wide.
  • Push/pop on the stack are 8-bytes wide.
  • Maximum canonical address size of 0x00007FFFFFFFFFFF.
  • Parameters to functions are passed through registers.
用到的工具:
我的 requirements:http://www.cis.syr.edu/~wedu/seed/Labs_12.04/Software/Buffer_Overflow/Buffer_Overflow.pdf:
但实际上我觉得这是一个非常渣的教程,问题设置的不错但是过程太笨了,所以找到另一个:
http://blog.techorganic.com/2015/04/10/64-bit-linux-stack-smashing-tutorial-part-1/

总结下:
先大胆overflow掉return address,然后用pattern检查具体是那一组把rip overwrite掉了($rsp),然后  再次overflow 此时用shellcode覆盖,就ok啦.说起来很简单,但其中道理却很多哈哈哈。

note:
Address Randomization: 这个会报Segmentation fault (core dumped),我觉得如果循环时间长总会碰到对的。
Stack Guard: *** stack smashing detected ***: ./classic terminated 直接杀死
Non-executable Stack: Segmentation fault (core dumped) only makes it impossible to run shellcode on the stack

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值