Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Binary Exploitation - Basic 補充篇
Search
LJP-TW
May 26, 2021
Technology
1
35
Binary Exploitation - Basic 補充篇
2021/05/26 台科資安社 社課
直播記錄檔:
https://www.youtube.com/watch?v=I3X69ADZOnw
- TLS
LJP-TW
May 26, 2021
Tweet
Share
More Decks by LJP-TW
See All by LJP-TW
Reverse Engineering - 1
ljptw
0
1.2k
Reverse Engineering - 2
ljptw
0
520
Reverse Engineering - 3
ljptw
0
410
Re:0 從零開始的逆向工程
ljptw
1
720
Linux 極入門篇
ljptw
1
270
Fuzzing 101
ljptw
1
140
Binary Exploitation - File Structure
ljptw
1
240
Binary Exploitation - Heap
ljptw
1
120
Binary Exploitation - Basic
ljptw
1
90
Other Decks in Technology
See All in Technology
グイグイ系QAマネージャーの仕事
sadonosake
0
350
eBPFのこれまでとこれから
yutarohayakawa
10
3.2k
Fediverse Discovery Providers overview
andypiper
0
170
再考 アクターモデル/ reconsider actor model
ytake
0
360
PDF Viewer作成の今までとこれから
hunachi
0
480
OCI で始める!! Red Hat OpenShift / Get Started OpenShift on OCI
oracle4engineer
PRO
1
190
フルカイテン株式会社 採用資料
fullkaiten
0
32k
タイミーのレコメンドにおける ABテストの運用
ozeshun
1
190
watsonx.ai Dojo 環境準備について
oniak3ibm
PRO
0
340
AI活用したくてもできなかった不動産SaaSの今とこれから
nealle
0
340
Jetpack Compose Modifier 徹底解説 / Jetpack Compose Modifier
wiroha
0
200
チームビルディングは"感性"で向き合おう / Team Building with Awareness
kohzas
0
260
Featured
See All Featured
Designing for humans not robots
tammielis
248
25k
Atom: Resistance is Futile
akmur
261
25k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
26
1.3k
ParisWeb 2013: Learning to Love: Crash Course in Emotional UX Design
dotmariusz
109
6.9k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
158
15k
How to Think Like a Performance Engineer
csswizardry
16
960
The MySQL Ecosystem @ GitHub 2015
samlambert
250
12k
Code Review Best Practice
trishagee
62
16k
Making the Leap to Tech Lead
cromwellryan
128
8.8k
Optimising Largest Contentful Paint
csswizardry
31
2.8k
Ruby is Unlike a Banana
tanoku
96
11k
WebSockets: Embracing the real-time Web
robhawkes
59
7.3k
Transcript
2021/5/26 NTUSTISC Binary Exploitation aka Pwn Basic 補充篇
# whoami - LJP / LJP-TW - Pwn / Rev
- NTUST / NCTU / NYCU - 10sec CTF Team 1
Outline - TLS 2
TLS 3
TLS - TLS 全名 Thread-Local Storage - Linux x64 使用
fs 暫存器記著 TLS 的位置 - Stack Canary 就是存在 TLS 中 4
TLS - fs 為 Segment Register - 計算方式 reg:offset =
ref + offset - 這時候你用 gdb 想看一下 fs 等於多少卻發現 - 難道 Canary 從 [0+0x28] 拿來的?? 5
TLS - GDB 也是 Process, fs = 0 是指 GDB
自己的 fs - 所以要怎麼拿到觀測中的 Process 的 fs? - 呼叫 arch_prctl 6 Ref: https://fasterthanli.me/series/making-our-own-executable-packer/part-13
TLS - Pwngdb 有實作取得 TLS 的功能 - 閱讀一下怎麼實作的, 發現其實一樣 -
https://github.com/scwuaptx/Pwngdb/blob/master/pwndbg/pwngdb.py#L77 7
TLS Demo 8