A fuzzer is a program that provides unexpected input to a program to find where it breaks, for example providing a letter when the program expects a number. If you were performing a remote attack against say, a web server, you might download a copy of the server program the target is using and run the fuzzer against that and, based on the results, further develop your exploit before launching it against the actual server.
RIP and RSP are two registers in x86-64 architecture. RIP (the instruction pointer) is the register that points to the next instruction to be executed. As you can imagine, an attacker will want to control this since it will allow them to execute arbitrary memory. RSP (the stack pointer) is the register that points to the top of the call stack. Note that it doesn't haveto, and if it actually points to somewhere else the program will happily read/write to wherever it points to. Most code manipulates data relative to this pointer or manipulates the pointer itself, so in the case of your guide the article writer makes RSP point to a fake stack that they control (I think).
6263
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
