Site updated: 2019-10-25 21:08:27
This commit is contained in:
Cool-Y
parent
8ff6b7ebf6
commit
b7f1fedb5d
@ -479,7 +479,7 @@
|
||||
|
||||
<hr>
|
||||
<h1 id="0x02-AFL快速入门"><a href="#0x02-AFL快速入门" class="headerlink" title="0x02 AFL快速入门"></a>0x02 <a href="http://lcamtuf.coredump.cx/afl/QuickStartGuide.txt" target="_blank" rel="noopener">AFL快速入门</a></h1><p>1)用<code>make</code>编译AFL。如果构建失败,请参阅docs / INSTALL以获取提示。<br>2)查找或编写一个相当快速和简单的程序,该程序从<strong><em>文件或标准输入</em></strong>中获取数据,以一种有价值的方式处理它,然后干净地退出。如果测试网络服务,请将其修改为在前台运行并从stdin读取。在对使用校验和的格式进行模糊测试时,也要注释掉校验和验证码。<br>遇到故障时,程序必须正常崩溃。注意自定义SIGSEGV或SIGABRT处理程序和后台进程。有关检测非崩溃缺陷的提示,请参阅<code>docs/README</code>中的第11节。<br>3)使用afl-gcc编译要模糊的程序/库。一种常见的方法是:<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">$ CC = /path/to/afl-gcc CXX =/path/to/afl-g++ ./configure --disable-shared</span><br><span class="line">$ make clean all</span><br></pre></td></tr></table></figure></p>
|
||||
<p>如果程序构建失败,请联系 <a href="mailto:afl-users@googlegroups.com" target="_blank" rel="noopener">afl-users@googlegroups.com</a>。<br>4)获取一个对程序有意义的小而有效的输入文件。在模糊详细语法(SQL,HTTP等)时,也要创建字典,如<code>dictionaries/README.dictionaries</code>中所述。<br>5)如果程序从stdin读取,则运行<code>afl-fuzz</code>,如下所示:<br><code>./afl-fuzz -i testcase_dir -o findings_dir -- /path/to/tested/program [... program's cmdline ...]</code><br> 如果程序从文件中获取输入,则可以在程序的命令行中输入@@; AFL会为您放置一个自动生成的文件名。</p>
|
||||
<p>如果程序构建失败,请联系 <a href="mailto:afl-users@googlegroups.com" target="_blank" rel="noopener">afl-users@googlegroups.com</a>。<br>4)获取一个对程序有意义的小而有效的输入文件。在模糊详细语法(SQL,HTTP等)时,也要创建字典,如<code>dictionaries/README.dictionaries</code>中所述。<br>5)如果程序从stdin读取,则运行<code>afl-fuzz</code>,如下所示:<br><code>./afl-fuzz -i testcase_dir -o findings_dir -- /path/to/tested/program [... program's cmdline ...]</code><br> 如果程序从文件中获取输入,则可以在程序的命令行中输入@@; AFL会为您放置一个自动生成的文件名。</p>
|
||||
<p><strong>一些参考文档</strong></p>
|
||||
<blockquote>
|
||||
<p><a href="http://lcamtuf.coredump.cx/afl/README.txt" target="_blank" rel="noopener">docs/README</a> - AFL的一般介绍,<br><a href="https://github.com/mirrorer/afl/blob/master/docs/perf_tips.txt" target="_blank" rel="noopener">docs/perf_tips.txt</a> - 关于如何快速模糊的简单提示,<br><a href="http://lcamtuf.coredump.cx/afl/status_screen.txt" target="_blank" rel="noopener">docs/status_screen.txt</a> - UI中显示的花絮的解释,<br><a href="https://github.com/mirrorer/afl/blob/master/docs/parallel_fuzzing.txt" target="_blank" rel="noopener">docs/parallel_fuzzing.txt</a> - 关于在多个核上运行AFL的建议<br><a href="http://lcamtuf.coredump.cx/afl/demo/" target="_blank" rel="noopener">Generated test cases for common image formats</a> - 生成图像文件测试用例的demo<br><a href="http://lcamtuf.coredump.cx/afl/technical_details.txt" target="_blank" rel="noopener">Technical “whitepaper” for afl-fuzz</a> - 技术白皮书</p>
|
||||
@ -496,10 +496,10 @@
|
||||
</ol>
|
||||
<hr>
|
||||
<h1 id="0x04-AFL-README"><a href="#0x04-AFL-README" class="headerlink" title="0x04 AFL README"></a>0x04 <a href="http://lcamtuf.coredump.cx/afl/README.txt" target="_blank" rel="noopener">AFL README</a></h1><blockquote>
|
||||
<p>Written and maintained by Michal Zalewski <a href="mailto:lcamtuf@google.com" target="_blank" rel="noopener">lcamtuf@google.com</a></p>
|
||||
<p>Written and maintained by Michal Zalewski <a href="mailto:lcamtuf@google.com" target="_blank" rel="noopener">lcamtuf@google.com</a></p>
|
||||
<p> Copyright 2013, 2014, 2015, 2016 Google Inc. All rights reserved.<br> Released under terms and conditions of Apache License, Version 2.0.</p>
|
||||
<p> For new versions and additional information, check out:<br> <a href="http://lcamtuf.coredump.cx/afl/" target="_blank" rel="noopener">http://lcamtuf.coredump.cx/afl/</a></p>
|
||||
<p> To compare notes with other users or get notified about major new features,<br> send a mail to <a href="mailto:afl-users+subscribe@googlegroups.com" target="_blank" rel="noopener">afl-users+subscribe@googlegroups.com</a>.</p>
|
||||
<p> To compare notes with other users or get notified about major new features,<br> send a mail to <a href="mailto:afl-users+subscribe@googlegroups.com" target="_blank" rel="noopener">afl-users+subscribe@googlegroups.com</a>.</p>
|
||||
<p> <strong>See QuickStartGuide.txt if you don’t have time to read this file.</strong></p>
|
||||
</blockquote>
|
||||
<h2 id="1)具有导向性的模糊测试的挑战"><a href="#1)具有导向性的模糊测试的挑战" class="headerlink" title="1)具有导向性的模糊测试的挑战"></a>1)具有导向性的模糊测试的挑战</h2><p>Fuzzing是用于识别真实软件中的安全问题的最强大且经过验证的策略之一;它负责安全关键软件中迄今为止发现的绝大多数远程代码执行和权限提升漏洞。<br>不幸的是,模糊测试也不够有力。盲目的、随机的变异使得它不太可能在测试代码中达到某些代码路径,从而使一些漏洞超出了这种技术的范围。<br>已经有许多尝试来解决这个问题。早期方法之一 - 由Tavis Ormandy开创 - 是一种 <strong>语义库蒸馏(corpus distillation)</strong> 。网上找到的一些大型语料库中往往包含大量的文件,这时就需要对其精简,该方法依赖于覆盖信号从大量高质量的候选文件语料库中选择有趣种子的子集,然后通过传统方式对其进行模糊处理。该方法非常有效,但需要这样的语料库随时可用。正因为如此,<strong>代码覆盖率</strong> 也只是衡量程序执行状态的一个简单化的度量,这种方式并不适合后续引导fuzzing测试的。<br>其他更复杂的研究集中在诸如 <strong>程序流分析(“concoic execution”),符号执行或静态分析</strong> 等技术上。所有这些方法在实验环境中都非常有前景,但在实际应用中往往会遇到可靠性和性能问题 - 部分高价值的程序都有非常复杂的内部状态和执行路径,在这一方面符号执行和concolic技术往往会显得不够健壮(如路径爆炸问题),所以仍然稍逊于传统的fuzzing技术。</p>
|
||||
|
||||
@ -104,7 +104,7 @@
|
||||
<meta property="og:image" content="https://res.cloudinary.com/dozyfkbg3/image/upload/v1562744240/pwn/231.png">
|
||||
<meta property="og:image" content="https://res.cloudinary.com/dozyfkbg3/image/upload/v1562744461/%E5%9B%BE%E7%89%8712.png">
|
||||
<meta property="og:image" content="https://res.cloudinary.com/dozyfkbg3/image/upload/v1562744518/pwn/%E6%8D%9511%E8%8E%B7.png">
|
||||
<meta property="og:updated_time" content="2019-07-26T01:00:43.904Z">
|
||||
<meta property="og:updated_time" content="2019-10-25T13:07:23.257Z">
|
||||
<meta name="twitter:card" content="summary">
|
||||
<meta name="twitter:title" content="x86-basic 漏洞利用">
|
||||
<meta name="twitter:description" content="这部分是对Window x86平台下的几个典型漏洞利用方式的介绍,从最基础的、没有开启任何保护的漏洞程序入手,然后开启GS,最后通过rop绕过DEP。 0x00 漏洞利用开发简介(1)需要什么 Immunity Debugger -Download Mona.py -Download Metasploit框架-下载 靶机–Windows XP sp3 函数调用与栈:调用、返回 寄存器与函">
|
||||
@ -385,8 +385,8 @@
|
||||
|
||||
|
||||
<span itemprop="about" itemscope itemtype="http://schema.org/Thing">
|
||||
<a href="/categories/Pwn二进制漏洞/" itemprop="url" rel="index">
|
||||
<span itemprop="name">Pwn二进制漏洞</span>
|
||||
<a href="/categories/Pwn/" itemprop="url" rel="index">
|
||||
<span itemprop="name">Pwn</span>
|
||||
</a>
|
||||
</span>
|
||||
|
||||
|
||||
@ -88,7 +88,7 @@
|
||||
<meta property="og:description" content="之前介绍了Windows x86平台下栈溢出漏洞的开放与利用,鉴于CTF基本都是Linux,还有实际开发环境,很多智能设备的系统都是基于Linux,所以从很现实的需求出发,一定要学习学习Linux下漏洞的分析。 ref: CTF-WIKI:https://ctf-wiki.github.io/ctf-wiki/pwn/readme-zh/蒸米大佬的一步一步学rop http://www.anqu">
|
||||
<meta property="og:locale" content="zh-Hans">
|
||||
<meta property="og:image" content="https://res.cloudinary.com/dozyfkbg3/image/upload/v1563267241/pwn/4a7227aa9f00bd2fd45d363da4cf25c6fd425638.jpg">
|
||||
<meta property="og:updated_time" content="2019-07-16T09:16:44.729Z">
|
||||
<meta property="og:updated_time" content="2019-10-25T13:06:26.899Z">
|
||||
<meta name="twitter:card" content="summary">
|
||||
<meta name="twitter:title" content="Linux Pwn-缓冲区溢出利用">
|
||||
<meta name="twitter:description" content="之前介绍了Windows x86平台下栈溢出漏洞的开放与利用,鉴于CTF基本都是Linux,还有实际开发环境,很多智能设备的系统都是基于Linux,所以从很现实的需求出发,一定要学习学习Linux下漏洞的分析。 ref: CTF-WIKI:https://ctf-wiki.github.io/ctf-wiki/pwn/readme-zh/蒸米大佬的一步一步学rop http://www.anqu">
|
||||
@ -369,8 +369,8 @@
|
||||
|
||||
|
||||
<span itemprop="about" itemscope itemtype="http://schema.org/Thing">
|
||||
<a href="/categories/Pwn二进制漏洞/" itemprop="url" rel="index">
|
||||
<span itemprop="name">Pwn二进制漏洞</span>
|
||||
<a href="/categories/Pwn/" itemprop="url" rel="index">
|
||||
<span itemprop="name">Pwn</span>
|
||||
</a>
|
||||
</span>
|
||||
|
||||
|
||||
@ -1,11 +1,14 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
|
||||
<url>
|
||||
<loc>https://cool-y.github.io/2019/07/10/x86basic/</loc>
|
||||
<lastmod>2019-10-25</lastmod>
|
||||
</url> <url>
|
||||
<loc>https://cool-y.github.io/2019/07/16/linux-pwn-32/</loc>
|
||||
<lastmod>2019-10-25</lastmod>
|
||||
</url> <url>
|
||||
<loc>https://cool-y.github.io/2019/03/25/Samba-CVE/</loc>
|
||||
<lastmod>2019-07-27</lastmod>
|
||||
</url> <url>
|
||||
<loc>https://cool-y.github.io/2019/07/10/x86basic/</loc>
|
||||
<lastmod>2019-07-26</lastmod>
|
||||
</url> <url>
|
||||
<loc>https://cool-y.github.io/2019/07/25/Debug-a-router-firmware/</loc>
|
||||
<lastmod>2019-07-25</lastmod>
|
||||
@ -18,9 +21,6 @@
|
||||
</url> <url>
|
||||
<loc>https://cool-y.github.io/2019/07/24/web-dvwa/</loc>
|
||||
<lastmod>2019-07-24</lastmod>
|
||||
</url> <url>
|
||||
<loc>https://cool-y.github.io/2019/07/16/linux-pwn-32/</loc>
|
||||
<lastmod>2019-07-16</lastmod>
|
||||
</url> <url>
|
||||
<loc>https://cool-y.github.io/2019/04/21/XIAOMI-UPnP/</loc>
|
||||
<lastmod>2019-07-11</lastmod>
|
||||
|
||||
1170
categories/Pwn/index.html
Normal file
1170
categories/Pwn/index.html
Normal file
File diff suppressed because it is too large
Load Diff
@ -324,7 +324,7 @@
|
||||
目前共计 7 个分类
|
||||
</div>
|
||||
<div class="category-all">
|
||||
<ul class="category-list"><li class="category-list-item"><a class="category-list-link" href="/categories/IOT/">IOT</a><span class="category-list-count">6</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/Pwn二进制漏洞/">Pwn二进制漏洞</a><span class="category-list-count">2</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/web/">web</a><span class="category-list-count">1</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/二进制/">二进制</a><span class="category-list-count">5</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/加密解密/">加密解密</a><span class="category-list-count">1</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/杂七杂八/">杂七杂八</a><span class="category-list-count">1</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/顶会论文/">顶会论文</a><span class="category-list-count">3</span></li></ul>
|
||||
<ul class="category-list"><li class="category-list-item"><a class="category-list-link" href="/categories/IOT/">IOT</a><span class="category-list-count">6</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/Pwn/">Pwn</a><span class="category-list-count">2</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/web/">web</a><span class="category-list-count">1</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/二进制/">二进制</a><span class="category-list-count">5</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/加密解密/">加密解密</a><span class="category-list-count">1</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/杂七杂八/">杂七杂八</a><span class="category-list-count">1</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/顶会论文/">顶会论文</a><span class="category-list-count">3</span></li></ul>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
|
||||
@ -1943,7 +1943,7 @@ pre .javascript .function {
|
||||
width: 4px;
|
||||
height: 4px;
|
||||
border-radius: 50%;
|
||||
background: #048809;
|
||||
background: #b85483;
|
||||
}
|
||||
.links-of-blogroll {
|
||||
font-size: 13px;
|
||||
|
||||
@ -929,8 +929,8 @@ http:
|
||||
|
||||
|
||||
<span itemprop="about" itemscope itemtype="http://schema.org/Thing">
|
||||
<a href="/categories/Pwn二进制漏洞/" itemprop="url" rel="index">
|
||||
<span itemprop="name">Pwn二进制漏洞</span>
|
||||
<a href="/categories/Pwn/" itemprop="url" rel="index">
|
||||
<span itemprop="name">Pwn</span>
|
||||
</a>
|
||||
</span>
|
||||
|
||||
@ -1118,8 +1118,8 @@ CTF-WIKI:https://ctf-wiki.github.io/ct
|
||||
|
||||
|
||||
<span itemprop="about" itemscope itemtype="http://schema.org/Thing">
|
||||
<a href="/categories/Pwn二进制漏洞/" itemprop="url" rel="index">
|
||||
<span itemprop="name">Pwn二进制漏洞</span>
|
||||
<a href="/categories/Pwn/" itemprop="url" rel="index">
|
||||
<span itemprop="name">Pwn</span>
|
||||
</a>
|
||||
</span>
|
||||
|
||||
|
||||
File diff suppressed because one or more lines are too long
36
sitemap.xml
36
sitemap.xml
@ -1,6 +1,20 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
|
||||
|
||||
<url>
|
||||
<loc>https://cool-y.github.io/2019/07/10/x86basic/</loc>
|
||||
|
||||
<lastmod>2019-10-25T13:07:23.257Z</lastmod>
|
||||
|
||||
</url>
|
||||
|
||||
<url>
|
||||
<loc>https://cool-y.github.io/2019/07/16/linux-pwn-32/</loc>
|
||||
|
||||
<lastmod>2019-10-25T13:06:26.899Z</lastmod>
|
||||
|
||||
</url>
|
||||
|
||||
<url>
|
||||
<loc>https://cool-y.github.io/hack%E4%B9%8B%E5%A4%96/index.html</loc>
|
||||
|
||||
@ -15,13 +29,6 @@
|
||||
|
||||
</url>
|
||||
|
||||
<url>
|
||||
<loc>https://cool-y.github.io/2019/07/10/x86basic/</loc>
|
||||
|
||||
<lastmod>2019-07-26T01:00:43.904Z</lastmod>
|
||||
|
||||
</url>
|
||||
|
||||
<url>
|
||||
<loc>https://cool-y.github.io/2019/07/25/Debug-a-router-firmware/</loc>
|
||||
|
||||
@ -50,13 +57,6 @@
|
||||
|
||||
</url>
|
||||
|
||||
<url>
|
||||
<loc>https://cool-y.github.io/2019/07/16/linux-pwn-32/</loc>
|
||||
|
||||
<lastmod>2019-07-16T09:16:44.729Z</lastmod>
|
||||
|
||||
</url>
|
||||
|
||||
<url>
|
||||
<loc>https://cool-y.github.io/2019/04/21/XIAOMI-UPnP/</loc>
|
||||
|
||||
@ -121,7 +121,7 @@
|
||||
</url>
|
||||
|
||||
<url>
|
||||
<loc>https://cool-y.github.io/tags/index.html</loc>
|
||||
<loc>https://cool-y.github.io/googleacf4df440b4becc4.html</loc>
|
||||
|
||||
<lastmod>2019-04-15T07:35:38.085Z</lastmod>
|
||||
|
||||
@ -135,7 +135,7 @@
|
||||
</url>
|
||||
|
||||
<url>
|
||||
<loc>https://cool-y.github.io/googleacf4df440b4becc4.html</loc>
|
||||
<loc>https://cool-y.github.io/tags/index.html</loc>
|
||||
|
||||
<lastmod>2019-04-15T07:35:38.085Z</lastmod>
|
||||
|
||||
@ -149,14 +149,14 @@
|
||||
</url>
|
||||
|
||||
<url>
|
||||
<loc>https://cool-y.github.io/about/index.html</loc>
|
||||
<loc>https://cool-y.github.io/2018/12/23/%E5%9F%BA%E4%BA%8E%E8%A7%84%E5%88%99%E5%BC%95%E6%93%8E%E5%8F%91%E7%8E%B0IOT%E8%AE%BE%E5%A4%87/</loc>
|
||||
|
||||
<lastmod>2019-04-15T07:35:38.083Z</lastmod>
|
||||
|
||||
</url>
|
||||
|
||||
<url>
|
||||
<loc>https://cool-y.github.io/2018/12/23/%E5%9F%BA%E4%BA%8E%E8%A7%84%E5%88%99%E5%BC%95%E6%93%8E%E5%8F%91%E7%8E%B0IOT%E8%AE%BE%E5%A4%87/</loc>
|
||||
<loc>https://cool-y.github.io/about/index.html</loc>
|
||||
|
||||
<lastmod>2019-04-15T07:35:38.083Z</lastmod>
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user