Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Binary Exploitation - Basic 補充篇
Search
LJP-TW
May 26, 2021
Technology
61
1
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Binary Exploitation - Basic 補充篇
2021/05/26 台科資安社 社課
直播記錄檔:
https://www.youtube.com/watch?v=I3X69ADZOnw
- TLS
LJP-TW
May 26, 2021
More Decks by LJP-TW
See All by LJP-TW
Reverse Engineering - 1
ljptw
0
1.8k
Reverse Engineering - 2
ljptw
0
780
Reverse Engineering - 3
ljptw
0
630
Re:0 從零開始的逆向工程
ljptw
1
1.3k
Linux 極入門篇
ljptw
1
320
Fuzzing 101
ljptw
1
230
Binary Exploitation - File Structure
ljptw
1
320
Binary Exploitation - Heap
ljptw
1
190
Binary Exploitation - Basic
ljptw
1
150
Other Decks in Technology
See All in Technology
AAIFに入ってみた ~内から見えるコミュニティ動向~
sato4
0
190
データサイエンスを価値につなげるプロジェクト設計 〜 DS一年目が現場で得た気づき 〜
ysd113
1
230
小さくはじめるSLI/SLO ~育てながら組織に定着させる実践知~ / Starting Small with SLI/SLOs: Building Adoption Through Continuous Growth
nari_ex
7
1.9k
AI駆動開発を通して感じた、 AI時代のデザイナーの役割変化
whisaiyo
3
2.1k
ルールやカスタム機能、どう活かす?ハンズオンで体感するIBM Bobの出力コントロール
muehara
1
150
SONiCのLinuxベースを活かしたZabbix監視
sonic
0
140
【NRUG vol.18】KubernetesにおけるNew Relicデータ取得量削減の考え方
nrug_member
0
110
脆弱性対応、どこで線を引くか
rymiyamoto
1
380
白金鉱業Meetup_Vol.24_「AIエージェントは分けるほど良い」は本当か? / Is it true that “the more you divide AI agents, the better”?
brainpadpr
1
360
日本 Fintech 未来予測レポート 2027〜2028年(手動編集版)
8maki
0
2.2k
RSA暗号を手計算したくなること、ありますよね?? (20260615_orestudy6_rsa)
thousanda
0
380
あなたの知らないPDFのアクセシビリティ
lycorptech_jp
PRO
0
180
Featured
See All Featured
AI in Enterprises - Java and Open Source to the Rescue
ivargrimstad
0
1.3k
Paper Plane (Part 1)
katiecoart
PRO
0
8.9k
Faster Mobile Websites
deanohume
310
31k
Typedesign – Prime Four
hannesfritz
42
3.1k
AI Search: Where Are We & What Can We Do About It?
aleyda
0
7.6k
Beyond borders and beyond the search box: How to win the global "messy middle" with AI-driven SEO
davidcarrasco
3
160
Raft: Consensus for Rubyists
vanstee
141
7.5k
Redefining SEO in the New Era of Traffic Generation
szymonslowik
1
330
Applied NLP in the Age of Generative AI
inesmontani
PRO
4
2.3k
Organizational Design Perspectives: An Ontology of Organizational Design Elements
kimpetersen
PRO
1
720
Impact Scores and Hybrid Strategies: The future of link building
tamaranovitovic
0
310
Building an army of robots
kneath
306
46k
Transcript
2021/5/26 NTUSTISC Binary Exploitation aka Pwn Basic 補充篇
# whoami - LJP / LJP-TW - Pwn / Rev
- NTUST / NCTU / NYCU - 10sec CTF Team 1
Outline - TLS 2
TLS 3
TLS - TLS 全名 Thread-Local Storage - Linux x64 使用
fs 暫存器記著 TLS 的位置 - Stack Canary 就是存在 TLS 中 4
TLS - fs 為 Segment Register - 計算方式 reg:offset =
ref + offset - 這時候你用 gdb 想看一下 fs 等於多少卻發現 - 難道 Canary 從 [0+0x28] 拿來的?? 5
TLS - GDB 也是 Process, fs = 0 是指 GDB
自己的 fs - 所以要怎麼拿到觀測中的 Process 的 fs? - 呼叫 arch_prctl 6 Ref: https://fasterthanli.me/series/making-our-own-executable-packer/part-13
TLS - Pwngdb 有實作取得 TLS 的功能 - 閱讀一下怎麼實作的, 發現其實一樣 -
https://github.com/scwuaptx/Pwngdb/blob/master/pwndbg/pwngdb.py#L77 7
TLS Demo 8
ljptw
sato4
ysd113
nari_ex
whisaiyo
muehara
sonic
nrug_member
rymiyamoto
brainpadpr
8maki
thousanda
lycorptech_jp
ivargrimstad
katiecoart
deanohume
hannesfritz
aleyda
davidcarrasco
vanstee
szymonslowik
inesmontani
kimpetersen
tamaranovitovic
kneath
