Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Binary Exploitation - Basic 補充篇
Search
LJP-TW
May 26, 2021
Technology
1
33
Binary Exploitation - Basic 補充篇
2021/05/26 台科資安社 社課
直播記錄檔:
https://www.youtube.com/watch?v=I3X69ADZOnw
- TLS
LJP-TW
May 26, 2021
Tweet
Share
More Decks by LJP-TW
See All by LJP-TW
Reverse Engineering - 1
ljptw
0
990
Reverse Engineering - 2
ljptw
0
460
Reverse Engineering - 3
ljptw
0
370
Re:0 從零開始的逆向工程
ljptw
1
530
Linux 極入門篇
ljptw
1
250
Fuzzing 101
ljptw
1
140
Binary Exploitation - File Structure
ljptw
1
220
Binary Exploitation - Heap
ljptw
1
110
Binary Exploitation - Basic
ljptw
1
74
Other Decks in Technology
See All in Technology
自己改善からチームを動かす! 「セルフエンジニアリングマネージャー」のすゝめ
shoota
6
1k
IaCジェネレーターとBedrockで詳細設計書を生成してみた
tsukasa_ishimaru
4
890
ルーターでプレゼンする
puhitaku
1
3.3k
GrafanaMeetup_AmazonManagedGrafanaのアクセス制御機能とマルチテナント環境下でのアクセス制御について
daitak
0
410
How to do well in consulting–Balkan Ruby 2024
irinanazarova
0
150
ゼロから始めるVue.jsコミュニティ貢献 / first-vuejs-community-contribution-link-and-motivation
lmi
1
150
MixIT 2024 - Pulumi : Gérer son infra avec son langage de programmation préféré
ju_hnny5
1
120
【基本】データベース設計
oracle4engineer
PRO
2
200
Cracking the KubeCon CfP
inductor
2
270
VSCodeの拡張機能を作っている話
ebarakazuhiro
1
810
2024春 注目のWeb系 OSS & SaaS 3選
makies
0
180
個人のAWSアカウントをマルチ運用してみた
miura55
2
110
Featured
See All Featured
StorybookのUI Testing Handbookを読んだ
zakiyama
13
4.6k
Building an army of robots
kneath
300
41k
Visualization
eitanlees
137
14k
Building Better People: How to give real-time feedback that sticks.
wjessup
356
18k
How STYLIGHT went responsive
nonsquared
92
4.8k
4 Signs Your Business is Dying
shpigford
176
21k
Become a Pro
speakerdeck
PRO
13
4.6k
Building Your Own Lightsaber
phodgson
100
5.7k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
123
39k
The Cost Of JavaScript in 2023
addyosmani
20
3.9k
GraphQLの誤解/rethinking-graphql
sonatard
55
9.3k
Creatively Recalculating Your Daily Design Routine
revolveconf
211
11k
Transcript
2021/5/26 NTUSTISC Binary Exploitation aka Pwn Basic 補充篇
# whoami - LJP / LJP-TW - Pwn / Rev
- NTUST / NCTU / NYCU - 10sec CTF Team 1
Outline - TLS 2
TLS 3
TLS - TLS 全名 Thread-Local Storage - Linux x64 使用
fs 暫存器記著 TLS 的位置 - Stack Canary 就是存在 TLS 中 4
TLS - fs 為 Segment Register - 計算方式 reg:offset =
ref + offset - 這時候你用 gdb 想看一下 fs 等於多少卻發現 - 難道 Canary 從 [0+0x28] 拿來的?? 5
TLS - GDB 也是 Process, fs = 0 是指 GDB
自己的 fs - 所以要怎麼拿到觀測中的 Process 的 fs? - 呼叫 arch_prctl 6 Ref: https://fasterthanli.me/series/making-our-own-executable-packer/part-13
TLS - Pwngdb 有實作取得 TLS 的功能 - 閱讀一下怎麼實作的, 發現其實一樣 -
https://github.com/scwuaptx/Pwngdb/blob/master/pwndbg/pwngdb.py#L77 7
TLS Demo 8
ljptw
shoota
tsukasa_ishimaru
puhitaku
daitak
irinanazarova
lmi
ju_hnny5
oracle4engineer
inductor
ebarakazuhiro
makies
miura55
zakiyama
kneath
eitanlees
wjessup
nonsquared
shpigford
speakerdeck
phodgson
soudai
addyosmani
sonatard
revolveconf
