Exploit 开发及缓冲区溢出
[*]Justin Steven - dostackbufferoverflowgood
[*]The Cyber Mentor - Buffer Overflows Made Easy
[*]Brainpan: 1 - superkojiman
一、指南
[*]https://kalitut.com/exploit-development-resources/
[*]https://github.com/johnjhacking/Buffer-Overflow-Guide
[*]https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/
[*]https://www.corelan.be/index.php/2009/07/23/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-2/
[*]https://www.sans.org/reading-room/whitepapers/threats/buffer-overflows-dummies-481
[*]https://www.vortex.id.au/2017/05/pwkoscp-stack-buffer-overflow-practice/
[*]https://www-inst.eecs.berkeley.edu//~cs161/fa08/papers/stack_smashing.pdf
[*]https://samsclass.info/127/proj/lbuf1.htm
[*]https://github.com/D4mianWayne/PwnLand
[*]https://github.com/johnjhacking/Buffer-Overflow-Guide
[*]https://tc.gts3.org/cs6265/2019/tut/tut01-warmup1.html
[*]https://www.reddit.com/r/ExploitDev/comments/7zdrzc/exploit_development_learning_roadmap/
[*]https://github.com/ashemery/exploitation-course
[*]https://pwn.college/modules/intro
[*]https://www.hackingarticles.in/a-beginners-guide-to-buffer-overflow/
[*]https://breaking-bits.gitbook.io/breaking-bits/exploit-development/linux-kernel-exploit-development
[*]Penetration Testing: Stack based Buffer Overflow in Linux - pg. 361
[*]Penetration Testing: Stack based Buffer Overflow in Windows- pg. 379
[*]Penetration Testing: Structured Exception Handler Overwrites- pg. 401
二、参考
[*]https://owasp.org/www-community/attacks/Buffer_overflow_attack
[*]https://owasp.org/www-community/attacks/Buffer_Overflow_via_Environment_Variables
[*]https://github.com/m0chan/h4cks/tree/master/Buffer%20Overflow%20Stuff
[*]Attacking Network Protocols: Memory Corruption Vulnerabilities - pg. 210
三、培训视频
[*]https://www.youtube.com/watch?v=1S0aBV-Waeo
[*]http://www.securitytube.net/groups?operation=view&groupId=5
[*]http://www.securitytube.net/groups?operation=view&groupId=4
[*]http://www.securitytube.net/groups?operation=view&groupId=7
[*]https://www.youtube.com/playlist?list=PLLKT__MCUeix3O0DPbmuaRuR_4Hxo4m3G
四、例子
[*]https://www.exploit-db.com/exploits/636
[*]https://www.exploit-db.com/exploits/10434
[*]https://www.exploit-db.com/exploits/40673
[*]https://www.exploit-db.com/exploits/39480
五、工具
[*]Frida - 将任意代码注入其他应用程序
[*]Frida • A world-class dynamic instrumentation framework | Inject JavaScript to explore native apps on Windows, macOS, GNU/Linux, iOS, Android, and QNX
[*]Awesome Lists Collection: Frida
[*]Operator Handbook: Frida - pg.67
[*]buffer-overflow - 创建此工具是为了让渗透测试人员和研究人员能够快速测试简单的缓冲区溢出,而无需编写一行代码
[*]peda - PEDA - GDB 的 Python Exploit 开发协助
[*]pwntools - Pwntools 是一个 CTF 框架和漏洞利用开发库,它是用 Python 编写的,专为快速原型设计和开发而设计,旨在使漏洞利用编写尽可能简单
[*]gef - 一组用于 x86/64、ARM、MIPS、PowerPC 和 SPARC 的命令用于帮助正在使用旧 GDB 的开发人员和逆向工程师
[*]pwndbg - 使用 GDB 轻松利用开发和逆向工程
[*]bed - BED 是一个程序,旨在检查守护进程是否存在潜在的缓冲区溢出、格式化字符串等
[*]doona - Doona 是 Bruteforce Exploit Detector Tool (BED) 的一个分支
[*]Immunity Debugger: https://www.immunityinc.com/products/debugger/
[*]Vulnserver: http://www.thegreycorner.com/p/vulnserver.html
[*]Bad Chars: https://www.ins1gn1a.com/identifying-bad-characters/
页:
[1]