Security_RNRF

실제 업무에서 사용하는 단축키 위주로 정리 단축키 명칭 기능 X Cross Reference (Xref) 함수 및 변수가 사용되는 영역을 재참조 N Name reset 함수 및 변수 이름 재설정 Shift + F12 String 바이너리에 사용되는 모든 문자열 검색 F5 Decompile 어셈블리어를 C언어 형태로 변환 G - 임의 주소 및 레이블로 이동 (계속해서 업로드 예정...)

DreamHack 사이트의 리버싱 문제를 이용하여 IDA Pro 활용 방법을 설명한다. https://dreamhack.io/wargame/challenges/16/ rev-basic-2 Reversing Basic Challenge #2 이 문제는 사용자에게 문자열 입력을 받아 정해진 방법으로 입력값을 검증하여 correct 또는 wrong을 출력하는 프로그램이 주어집니다. 해당 바이너리를 분석하여 correct를 출 dreamhack.io 사용자가 어떤 값을 입력했을 때, 해당 입력 값에 따라 Correct와 Wrong이 출력된다. 즉, Correct 문자열이 뜨게 만들면 문제가 해결된다. [문자열 검색(= Shift+F12)] 기능을 이용하여, "Correct" 문자열을 검색한다. 그리고 해당 문자..

Stack6 introduces return to .text to gain code execution. The metasploit tool “msfelfscan” can make searching for suitable instructions very easy, otherwise looking through objdump output will suffice. This level is at /opt/protostar/bin/stack7 Link - https://exploit.education/protostar/stack-seven/#source-code #include #include #include #include char *getpath() { char buffer[64]; unsigned int r..

Compiler Explorer > 웹 상에서 코드를 빌드, 컴파일도 가능하지만 해당 코드를 실시간으로 어셈블리어로 보여주며, 파일을 저장하고 공유할 수 있는 기능까지 포함된 도구(=사이트)이다. https://godbolt.org/ Compiler Explorer godbolt.org https://dogbolt.org/ Decompiler Explorer Decompiler Explorer is an interactive online decompiler which shows equivalent C-like output of decompiled programs from many popular decompilers. dogbolt.org Ex.) 라이센스 체크 예시 코드 #include #include ..

Stack6 introduces return to .text to gain code execution. The metasploit tool “msfelfscan” can make searching for suitable instructions very easy, otherwise looking through objdump output will suffice. This level is at /opt/protostar/bin/stack7 Link - https://exploit.education/protostar/stack-seven/#source-code #include #include #include #include char *getpath() { char buffer[64]; unsigned int r..

Stack6 looks at what happens when you have restrictions on the return address. This level can be done in a couple of ways, such as finding the duplicate of the payload ( objdump -s will help with this), or ret2libc , or even return orientated programming. It is strongly suggested you experiment with multiple ways of getting your code to execute here. This level is at /opt/protostar/bin/stack6 Li..

Stack5 is a standard buffer overflow, this time introducing shellcode. This level is at /opt/protostar/bin/stack5 Hints At this point in time, it might be easier to use someone elses shellcode If debugging the shellcode, use \xcc (int3) to stop the program executing and return to the debugger remove the int3s once your shellcode is done. Link - https://exploit.education/protostar/stack-five/#sou..

Stack5 is a standard buffer overflow, this time introducing shellcode. This level is at /opt/protostar/bin/stack5 Hints At this point in time, it might be easier to use someone elses shellcode If debugging the shellcode, use \xcc (int3) to stop the program executing and return to the debugger remove the int3s once your shellcode is done. Link - https://exploit.education/protostar/stack-five/#sou..

Stack4 takes a look at overwriting saved EIP and standard buffer overflows. This level is at /opt/protostar/bin/stack4 Hints A variety of introductory papers into buffer overflows may help. gdb lets you do “run < input” EIP is not directly after the end of buffer, compiler padding can also increase the size. Link - https://exploit.education/protostar/stack-four/#source-code #include #include #in..

Stack3 looks at environment variables, and how they can be set, and overwriting function pointers stored on the stack (as a prelude to overwriting the saved EIP) Hints both gdb and objdump is your friend you determining where the win() function lies in memory. This level is at /opt/protostar/bin/stack3 Link - https://exploit.education/protostar/stack-three/#source-code #include #include #include..