목록Security/System Hacking (10)
보호되어 있는 글입니다.
SigReturn Oriented ProgrammingThis time I gonna post about SROP on x86, x86-64 linux(ubuntu). When i solved pwnable.kr 'unexploitable' challenge, there are over 2-way solutions. one is SROP(original intend) and another is ROP. So, i just decided to post 'SROP' tech. Surely there are differences, ROP and SROP. In short, when doing SROP, all we need is 'int 0x80;ret' and control of eax gadgets lik..
Return Oriented ProgrammingThis time i gonna introduce about ROP attack(Return Oriented Programming). Before doing ROP, there are prior knowledges. 'RTL Chaining', 'GOT Overwrite/Dereference', 'Gadget', etc... - RTL Chaining'RTL Chaining' means continuously executed RTL. By using pop-..-ret gadget, function's arguments will be popped by 'pop' and next function will be executed by 'ret'. and goin..
Memory Mitigations on Linux and WindowsThere are lots of memory mitigations on operation system like linux and windows. There are ASLR, NX, SSP(Stack Canary), PIE, etc... - On Linux1. ASLR(Address Space Layout Randomize)Enables randomization of memory allocation segments like stack, heap, vsdo, mmap, etc... So those base addresses will be randomize each every time. And we can set the value that ..