Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Binary Exploitation - Basic 補充篇
Search
LJP-TW
May 26, 2021
Technology
1
44
Binary Exploitation - Basic 補充篇
2021/05/26 台科資安社 社課
直播記錄檔:
https://www.youtube.com/watch?v=I3X69ADZOnw
- TLS
LJP-TW
May 26, 2021
Tweet
Share
More Decks by LJP-TW
See All by LJP-TW
Reverse Engineering - 1
ljptw
0
1.6k
Reverse Engineering - 2
ljptw
0
710
Reverse Engineering - 3
ljptw
0
560
Re:0 從零開始的逆向工程
ljptw
1
1.1k
Linux 極入門篇
ljptw
1
280
Fuzzing 101
ljptw
1
170
Binary Exploitation - File Structure
ljptw
1
280
Binary Exploitation - Heap
ljptw
1
150
Binary Exploitation - Basic
ljptw
1
110
Other Decks in Technology
See All in Technology
Introduction to Bill One Development Engineer
sansan33
PRO
0
300
RDS の負荷が高い場合に AWS で取りうる具体策 N 連発/a-series-of-specific-countermeasures-available-on-aws-when-rds-is-under-high-load
emiki
7
4.5k
CNCFの視点で捉えるPlatform Engineering - 最新動向と展望 / Platform Engineering from the CNCF Perspective
hhiroshell
0
120
AI AgentをLangflowでサクッと作って、1日働かせてみた!
yano13
1
120
Node.js 2025: What's new and what's next
ruyadorno
0
970
事業開発におけるDify活用事例
kentarofujii
4
1.2k
All About Sansan – for New Global Engineers
sansan33
PRO
1
1.2k
SCONE - 動画配信の帯域を最適化する新プロトコル
kazuho
1
310
映像エッジAIにおけるNode-RED活用事例
emirmatsui
0
130
アウトプットから始めるOSSコントリビューション 〜eslint-plugin-vueの場合〜 #vuefes
bengo4com
3
130
Introduction to Sansan Meishi Maker Development Engineer
sansan33
PRO
0
310
[VPoE Global Summit] サービスレベル目標による信頼性への投資最適化
satos
0
210
Featured
See All Featured
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
34
2.3k
Designing for Performance
lara
610
69k
The Invisible Side of Design
smashingmag
302
51k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
132
19k
Balancing Empowerment & Direction
lara
5
700
Dealing with People You Can't Stand - Big Design 2015
cassininazir
367
27k
Rails Girls Zürich Keynote
gr2m
95
14k
Building Applications with DynamoDB
mza
96
6.7k
Product Roadmaps are Hard
iamctodd
PRO
55
11k
The Language of Interfaces
destraynor
162
25k
Speed Design
sergeychernyshev
32
1.2k
Stop Working from a Prison Cell
hatefulcrawdad
271
21k
Transcript
2021/5/26 NTUSTISC Binary Exploitation aka Pwn Basic 補充篇
# whoami - LJP / LJP-TW - Pwn / Rev
- NTUST / NCTU / NYCU - 10sec CTF Team 1
Outline - TLS 2
TLS 3
TLS - TLS 全名 Thread-Local Storage - Linux x64 使用
fs 暫存器記著 TLS 的位置 - Stack Canary 就是存在 TLS 中 4
TLS - fs 為 Segment Register - 計算方式 reg:offset =
ref + offset - 這時候你用 gdb 想看一下 fs 等於多少卻發現 - 難道 Canary 從 [0+0x28] 拿來的?? 5
TLS - GDB 也是 Process, fs = 0 是指 GDB
自己的 fs - 所以要怎麼拿到觀測中的 Process 的 fs? - 呼叫 arch_prctl 6 Ref: https://fasterthanli.me/series/making-our-own-executable-packer/part-13
TLS - Pwngdb 有實作取得 TLS 的功能 - 閱讀一下怎麼實作的, 發現其實一樣 -
https://github.com/scwuaptx/Pwngdb/blob/master/pwndbg/pwngdb.py#L77 7
TLS Demo 8
ljptw
sansan33
emiki
hhiroshell
yano13
ruyadorno
kentarofujii
kazuho
emirmatsui
bengo4com
satos
marcduiker
lara
smashingmag
morganepeng
cassininazir
gr2m
mza
iamctodd
destraynor
sergeychernyshev
hatefulcrawdad
