본문 바로가기

Security

[System Hacking] 4. Memory Mitigations on Linux and Windows Memory Mitigations on Linux and WindowsThere are lots of memory mitigations on operation system like linux and windows. There are ASLR, NX, SSP(Stack Canary), PIE, etc... - On Linux1. ASLR(Address Space Layout Randomize)Enables randomization of memory allocation segments like stack, heap, vsdo, mmap, etc... So those base addresses will be randomize each every time. And we can set the value that .. 더보기
[System Hacking] 3. Return To Library(RTL) Return To LibraryThis time, i gonna introduce about RTL attack techniques(Return To Library). This technique is usually used to bypass memory mitigation, NX(Non eXecutable). When NX is enabled, there isn't 'eXecutable' permission so even shellcode that executes /bin/sh is in stack, it won't be executed.Then, what is RTL? RTL is a technique that overwriting RET with library function address like .. 더보기
[System Hacking] 2. Basic Format String Bug Basic Format String Bug This time, i gonna introduce about FSB(Format String Bug) exploit technique. Before i introduce about a technique, let's see what kind of format strings are there.There are lots of format strings but let's see just 2 format strings what we mainly need. 123format string Value Output %n number of bytes written so far writes the number of bytes till the format string to memo.. 더보기
[System Hacking] 1. Basic Buffer Over Flow Exploit Basic Buffer Over Flow Exploit Today, i gonna introduce about BOF(Buffer Over Flow) Exploit Techniques. Buffer Over Flow means putting more data than limited size, so we can overwrite next buffer data. and next buffer data could be the other data or RET. That is real purpose of us.All we need to do is just finding vulnerable codes that allow us to overwrite next data caused by misusing kind of i.. 더보기
[Reversing] AVR 간단 정리 AVR Assembler Instructions 정리갑자기 AVR 인스트럭션 글을 왜 쓰냐면, Reversing.kr CustomShell 문제도 있고 요즘 AVR 개발에도 도전 해 보려고 해서먼저 asm code 정도 겸사겸사해서 공부를 해 보려고 야매노트식으로 적어봅니다. 1. AVR 이란?간단하게 AVR(이거 사람이름이 약자) 은 ATMEL 사에서 만든 RISC 구조의 MCU 입니다. 장점으로는 1 cycle 에 1 instruction 이 실행되 빠름빠름 합니다. ( 비싸다는게 단점 ) 그리고 1개의 타입의 MCU 만이 존재하는게 아니라 크게 3가지 계열로 나눠 볼 수 있는데ATmega, ATtiny, AT90s 이렇게 존재한다고 합니다. 또 각 계열마다 버전? 도 다르고요.. 2. 주로 쓰는 I.. 더보기