$30 off During Our Annual Pro Sale. View Details »
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Binary Exploitation - Basic 補充篇
Search
LJP-TW
May 26, 2021
Technology
1
45
Binary Exploitation - Basic 補充篇
2021/05/26 台科資安社 社課
直播記錄檔:
https://www.youtube.com/watch?v=I3X69ADZOnw
- TLS
LJP-TW
May 26, 2021
Tweet
Share
More Decks by LJP-TW
See All by LJP-TW
Reverse Engineering - 1
ljptw
0
1.6k
Reverse Engineering - 2
ljptw
0
720
Reverse Engineering - 3
ljptw
0
570
Re:0 從零開始的逆向工程
ljptw
1
1.2k
Linux 極入門篇
ljptw
1
290
Fuzzing 101
ljptw
1
180
Binary Exploitation - File Structure
ljptw
1
280
Binary Exploitation - Heap
ljptw
1
150
Binary Exploitation - Basic
ljptw
1
110
Other Decks in Technology
See All in Technology
あなたの知らないDateのひみつ / The Secret of "Date" You Haven't known #tqrk16
expajp
0
110
【5分でわかる】セーフィー エンジニア向け会社紹介
safie_recruit
0
37k
知っていると得する!Movable Type 9 の新機能を徹底解説
masakah
0
200
段階的に進める、 挫折しない自宅サーバ入門
yu_kod
5
2.2k
MAP-7thplaceSolution
yukichi0403
2
250
たかが特別な時間の終わり / It's Only the End of Special Time
watany
2
500
名刺メーカーDevグループ 紹介資料
sansan33
PRO
0
980
AIにおける自由の追求
shujisado
3
470
翻訳・対話・越境で強いチームワークを作ろう! / Building Strong Teamwork through Interpretation, Dialogue, and Border-Crossing
ar_tama
4
1.6k
Playwrightのソースコードに見る、自動テストを自動で書く技術
yusukeiwaki
2
730
Claude Code はじめてガイド -1時間で学べるAI駆動開発の基本と実践-
oikon48
42
25k
バグハンター視点によるサプライチェーンの脆弱性
scgajge12
2
440
Featured
See All Featured
KATA
mclloyd
PRO
32
15k
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
4.1k
Typedesign – Prime Four
hannesfritz
42
2.9k
Mobile First: as difficult as doing things right
swwweet
225
10k
Java REST API Framework Comparison - PWX 2021
mraible
34
9k
A Tale of Four Properties
chriscoyier
162
23k
Unsuck your backbone
ammeep
671
58k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
231
54k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
25
1.6k
Optimizing for Happiness
mojombo
379
70k
Become a Pro
speakerdeck
PRO
30
5.7k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
12
1.3k
Transcript
2021/5/26 NTUSTISC Binary Exploitation aka Pwn Basic 補充篇
# whoami - LJP / LJP-TW - Pwn / Rev
- NTUST / NCTU / NYCU - 10sec CTF Team 1
Outline - TLS 2
TLS 3
TLS - TLS 全名 Thread-Local Storage - Linux x64 使用
fs 暫存器記著 TLS 的位置 - Stack Canary 就是存在 TLS 中 4
TLS - fs 為 Segment Register - 計算方式 reg:offset =
ref + offset - 這時候你用 gdb 想看一下 fs 等於多少卻發現 - 難道 Canary 從 [0+0x28] 拿來的?? 5
TLS - GDB 也是 Process, fs = 0 是指 GDB
自己的 fs - 所以要怎麼拿到觀測中的 Process 的 fs? - 呼叫 arch_prctl 6 Ref: https://fasterthanli.me/series/making-our-own-executable-packer/part-13
TLS - Pwngdb 有實作取得 TLS 的功能 - 閱讀一下怎麼實作的, 發現其實一樣 -
https://github.com/scwuaptx/Pwngdb/blob/master/pwndbg/pwngdb.py#L77 7
TLS Demo 8
ljptw
expajp
safie_recruit
masakah
yu_kod
yukichi0403
watany
sansan33
shujisado
ar_tama
yusukeiwaki
oikon48
scgajge12
mclloyd
kastner
hannesfritz
swwweet
mraible
chriscoyier
ammeep
destraynor
honnibal
mojombo
speakerdeck
tammyeverts
