Njengoko bendijonge phambili ekuqhubekeni ndixoxa ngesi sihloko, mandikuxelele kancinci ngembali, ithiyori kunye nokuziqhelanisa nobuthathaka. Sonke sivile ngoku ukuba iziphene zokhuseleko zinokubiza imali eninzi, sonke siyazi ukuba kufuneka sigcine isoftware yethu ihlaziyiwe, sonke siyazi ukuba uhlaziyo oluninzi lubangelwa ziimpazamo kwezokhuseleko. Kodwa namhlanje ndiza kukuxelela kancinci malunga nendlela ezi mpazamo zifunyanwa kwaye zixhatshazwe ngayo.Kodwa ngaphambi koku siza kucacisa iinkcukacha ezimbalwa ukuze sibe nokujonga ngcono.
Ngaphambi kokuba uqale
Kuqala ndifuna ukukuxelela ukuba siza kugxila kukungakhuseleki kokuqala endikufundileyo ukuxhaphaza, okwaziwayo Ukuphuphuma kwebhafu, kobu buthathaka sithatha ithuba lokungabikho kokuqinisekiswa kwememori ukwenza izinto ezimnandi 🙂 Kodwa masicacise kancinci ngayo.
Oku akuyi kuba yimeko yokwenyani yehlabathi
Andinakho ukubanika ithuba lokubafundisa ukophula nayiphi na inkqubo abayibonayo 🙂 kuqala kuba kuyingozi kwiikhompyuter zabo, okwesibini kuba oko kuya kuthatha ngaphezulu kwesabelo sam esiqhelekileyo samagama.
Siya kuhambo oluya kwii-80s
Into endizokubonisa yona ndingayenza kwiLaptop yam, kodwa oko akuthethi ukuba inokwenziwa namhlanje ngendlela elula - uninzi lwezi ngcinga sele luxhatshazwe amaxesha amaninzi kangangokuba iindlela ezintsha zokukhusela kunye neendlela ezintsha zokuphepha ziye zavela 😛 kodwa loo nto isibuyisela endaweni enye, akukho sithuba sokwazi ukuxela konke oko 🙂
Isenokungasebenzi kwiprosesa yakho
Nangona ndiza kusebenzisa umzekelo olula, ndifuna ukuba icace kwasekuqaleni ukuba iinkcukacha zoku zininzi kwaye zahlukahlukene kangangokuba zinokuphuma ngokufanayo nam, ukuba ufuna ukuzama desired Kodwa unokucinga ukuba andinakucacisa ukuba kwesi sithuba, ngakumbi kuba ngale ntetho sele ndithathe ngaphezu kwamagama angama-300, ke siye ngqo kwindawo yethu.
Yintoni i Ukugcwala kweBuffer
Ukuphendula oku kufuneka kuqala siqonde isiqingatha sokuqala sale ndibaniselwano.
Iibuffers
Njengoko yonke into imalunga nememori kwikhompyuter, kusengqiqweni ukuba kufuneka kubekho uhlobo oluthile lwesikhongozeli solwazi. Xa sithetha ngayo igalelo o iziphumo, size ngqo kwingcinga buffers. Ukuyigcina imfutshane, a buffer Indawo yememori yobungakanani obuchaziweyo apho siza kugcina ubuninzi bolwazi, ngokulula 🙂
Ukugcwala kuyenzeka, njengoko igama lisitsho, xa i-buffer igcwalisa ngolwazi oluninzi kunokuba inako ukuphatha. Kodwa kutheni oku kubalulekile?
Stack
Ikwabizwa ngokuba zizistiki, ziluhlobo lwedatha ebambekayo esinakho isitaki ulwazi, uphawu lwabo oluphambili kukuba banoku-odolwa I-LIFO (Okokugqibela kuQala ngokuPhuma). Masicinge okomzuzwana malunga nesitaki samacwecwe, sizibeka ngaphezulu nganye nganye, emva koko sizikhuphe nganye nganye ukusuka phezulu, oku kwenza ipleyiti yokugqibela esiyibekileyo (leyo iphezulu) yipleyiti yokuqala Ukuba siza kukhupha ipleyiti enye ngexesha kwaye sithathe isigqibo sokwenza ngoluhlobo: P.
Ngoku ukuba uyazi le migaqo mibini, kufuneka siyibeke ngokulandelelana. Izitaki zibalulekile kuba inkqubo nganye esiyiqhubayo inezayo isitokhwe sokubulala. Kodwa lo mfumba une- uphawu oluthile, ikhula phantsi. Inye kuphela into ekufuneka uyazi malunga noku kukuba ngelixa inkqubo iqhubeka, xa umsebenzi ubizwa, isitaki sisuka kwinani X kwimemori lisiya kwinani (Xn). Kodwa ukuze siqhubeke kufuneka siqonde umbono omnye.
Izikhombisi
Lo ngumbono oqhuba uninzi lwabadwelisi benkqubo xa beqala kwihlabathi le-C, eneneni amandla amakhulu enkqubo ye-C kungenxa yokusetyenziswa kwezikhombisi. Ukuyigcina ilula, isikhombisi yalatha kwidilesi yememori. Oku kuvakala kunzima, kodwa akunzima kangako, sonke sine-RAM koomatshini bethu? Ewe, oku kunokuchazwa njenge ilandelelana ibhloko yeebhloko, ezi ndawo zihlala zichazwe kumanani ee-hexadecimal (ukusuka ku-0 ukuya ku-9 emva koko ukusuka ku-A ukuya ku-F, njenge-0x0, 0x1, 0x6, 0xA, 0xF, 0x10). Apha njengenqaku elinomdla, 0x10 Hayi ilingana no 10 😛 ukuba siyiguqulela kwi-decimal ngokulandelelana iyakufana nokuthi 15. Le yinto edida ngaphezulu kwesinye ekuqaleni, kodwa masihle siye kuyo.
Iingxelo
Iiprosesa zisebenza ngenani leefayile iirekhodi, esebenza ukuhambisa indawo ukusuka kwimemori ebonakalayo iye kwiprosesa, kuyilo olusebenzisa ii-bits ezingama-64, inani leerejista likhulu kwaye kunzima ukulichaza apha, kodwa ukufumana umbono, iirejista zifana nezikhombisi, zibonisa phakathi kwezinye izinto , indawo yememori (indawo).
Ngoku ziqhelanise
Ndiyazi ukuba ibinolwazi oluninzi ukuqhubekeka kude kube ngoku, kodwa enyanisweni yimicimbi enzima endizama ukuyicacisa ngendlela elula kakhulu, siza kubona inkqubo encinci esebenzisa i-buffers kwaye siza Yaphule ukuze uqonde oku malunga nokuphuphuma, ngokucacileyo le ayisiyiyo Inkqubo yokwenyani, kwaye siza "kuphepha" uninzi lwezinto ezisetyenziswayo namhlanje, ukubonisa nje ukuba izinto bezisenziwa njani ngaphambili before kwaye ngenxa yokuba ezinye zazo imigaqo-siseko iyimfuneko ukuze ukwazi ukufunda izinto ezinzima ngakumbi
GDB
Inkqubo entle ngokungathandabuzekiyo yenye yezona zisetyenziswa kakhulu ziinkqubo zeC.C phakathi kokulunga kwayo okuninzi sinesibakala sokuba iyasivumela ukuba siyibone yonke le nto kudala sithetha ngayo ukuza kuthi ga ngoku, iirejista, isitaki, iziphathi, njl. Masibone inkqubo esiza kuyisebenzisa njengomzekelo wethu.
sokukhuphela.c
Eyam. UChristopher Diaz Riveros
Le yinkqubo elula, siza kusebenzisa ithala leencwadi stdio.h ukuze ukwazi ukufumana ulwazi kwaye ulubonise kwisiphelo sendlela. Sibona umsebenzi obiziweyo return_input evelisa i buffer kubizwa uluhlu, enobude obungama-30 i-byte (uhlobo lwedatha yedatha ngu-1 byte ubude).
Umsebenzi gets(array); Cela ulwazi ngekhonsoli kunye nomsebenzi printf() ibuyisela umxholo woludwe kwaye iwubonise kwiscreen.
Yonke inkqubo ebhalwe ngo-C iqala ngomsebenzi main(), oku kuyakuba kukujongana kuphela nokubiza ukubuya_kungeniswa, ngoku siza kwenza inkqubo.
Eyam. UChristopher Diaz Riveros
Masikhe siyithathe kancinci le ndiyenzileyo. Inketho -ggdb ixelela i-gcc ukuba iqulunqe inkqubo kunye ne-gdb ukuze ikwazi ukulungisa ingxaki ngokufanelekileyo. -fno-stack-protector Lukhetho ekucacileyo ukuba bekungafanelekanga ukuba silusebenzisa, kodwa siza kulusebenzisa kuba kungenjalo kuya kubakho ukuvela okugcwala kwesitampu. Ekugqibeleni ndivavanye iziphumo. ./a.out iqhuba nje le ndiyenzileyo nje, ifuna ulwazi kwaye iyibuyise. Ukubaleka 🙂
Izilumkiso
Enye inqaku apha. Ngaba uyazibona izilumkiso? Ngokucacileyo yinto ekufuneka ithathelwe ingqalelo xa sisebenza ngekhowudi okanye sidibanisa, oku kuyacaca kwaye kukho iinkqubo ezimbalwa ezinomsebenzi namhlanje. gets() Kwikhowudi. Olunye uncedo lweGentoo kukuba ngokudibanisa inkqubo nganye, ndiyabona ukuba yintoni engalunganga, inkqubo "efanelekileyo" ayifanelanga ukuba nayo, kodwa uya kumangaliswa ukuba zingaphi iinkqubo ezinkulu ezinezi zilumkiso kuba zikhulu KAKHULU kwaye Kunzima ukugcina umkhondo kubo.imisebenzi eyingozi xa kukho izilumkiso ezininzi ngaxeshanye. Ngoku ukuba siyaqhubeka
Ukulungisa ingxaki kwinkqubo
Eyam. UChristopher Diaz Riveros
Ngoku eli candelo linokudideka, kodwa kuba sele ndibhalile kancinci, andinakukwazi ukuchaza yonke into, uxolo ke xa ubona ukuba ndihamba ngokukhawuleza okukhulu
Ukuphelisa ikhowudi
Masiqale ngokujonga inkqubo yethu edityanisiweyo yolwimi.
Eyam. UChristopher Diaz Riveros
Le yikhowudi yomsebenzi wethu ophambili kwi indibano, yile nto iprosesa yethu iqondayo, umgca ngasekhohlo yidilesi ebonakalayo kwimemori, i <+ n> yaziwa njenge ukucinywa, ngokusisiseko umgama ukusuka ekuqaleni komsebenzi (ophambili) ukuya kwingxelo (eyaziwa njenge ikhowudi ye-opcode). Emva koko sibona uhlobo lomyalelo (Push / mov / callq…) kunye noluhlu olunye nangaphezulu. Isishwankathelo sinokuthi luphawu olulandelwe ngumthombo / imvelaphi kunye nendawo ekuyiwa kuyo. <return_input> ibhekisa kumsebenzi wethu wesibini, masijonge.
Igalelo_lokubuyisela
Eyam. UChristopher Diaz Riveros
Oku kunzima ngakumbi, kodwa ndifuna nje ukuba ujonge izinto ezimbalwa, kukho ithegi ebizwa <gets@plt> kunye ne-opcode yokugqibela ebizwa ngokuba retq ibonisa ukuphela komsebenzi. Siza kubeka iindawo ezimbalwa zokuphumla, enye isebenze gets kunye nenye kwifayile ye- retq.
Eyam. UChristopher Diaz Riveros
Run
Ngoku siza kuqhuba inkqubo ukubona ukuba isenzo siqala njani.
Eyam. UChristopher Diaz Riveros
Siyabona ukuba utolo oluncinci luvela lubonisa i-opcode apho sikhona, ndifuna ukuba baqwalasele umkhombandlela 0x000055555555469bLe yidilesi emva komnxeba oya kuwo return_input ekusebenzeni main , oku kubalulekile njengoko kulapho inkqubo inokubuya khona xa ugqibile ukufumana ifayile ye negalelo, masingene emsebenzini. Ngoku siza kujonga imemori ngaphambi kokungena emsebenzini gets.
Eyam. UChristopher Diaz Riveros
Ndibuyisele umsebenzi ophambili kuwe, kwaye ndibonisile ikhowudi ebendibhekisa kuyo, njengoko ubona, ngenxa ye- ukunyaniseka yahlulwe yangamacandelo amabini, ndifuna ukuba baqwalasele umkhombandlela 0x7fffffffdbf0 (owokuqala ukusuka ekhohlo emva komyalelo x/20x $rspkuba le yindawo ekufuneka siyisebenzisile ukukhangela iziphumo, masiqhubeke:
Ukophula inkqubo
Eyam. UChristopher Diaz Riveros
Ndizicacisile ezo 0x44444444kuba ngabameli be-Ds zethu ngoku siqale ukongeza negalelo kwinkqubo, kwaye njengoko ubona, siyimigca emibini kuphela kwidilesi yethu, siya kuyizalisa de sibe siphambi kweedilesi esizibonakalisileyo kwinyathelo elidlulileyo.
Ukutshintsha indlela yokubuyela
Ngoku sikwazile ukungena kweli candelo lekhowudi apho libonisa khona ukubuya komsebenzi, masibone ukuba kwenzeka ntoni xa sitshintsha idilesi 🙂 endaweni yokuya kwindawo ye-opcode elandela leyo besinayo umzuzwana, ucinga ntoni ukuba sibuyela ku return_input? Kodwa oku, kuyimfuneko ukubhala idilesi esiyifunayo kubhinari, siza kuyenza nomsebenzi printf ukusuka bash 🙂
Eyam. UChristopher Diaz Riveros
Ngoku silufumene ulwazi kabini-ngokuqinisekileyo inkqubo ayenzelwanga loo nto, kodwa sikwazile ukophula ikhowudi kwaye sayenza ukuba iphinde iphinde ibe yinto engafanelekanga ukuba yenziwe.
Ukucinga
Olu tshintsho lulula lungaqwalaselwa njenge ukuxhaphaza esisiseko 🙂 ukwazile ukwaphula inkqubo kwaye wenza into esifuna ukuba ayenze.
Eli linyathelo nje lokuqala kuluhlu olungenasiphelo lwezinto ozibonayo kunye nokongeza, kukho iindlela zokongeza izinto ezingaphezulu kokuphinda-phinda iodolo, kodwa ngeli xesha ndibhale kakhulu kwaye yonke into enxulumene nayo iqokobhe sisifundo sokubhala ngaphezulu kwamanqaku, zingathi iincwadi ezigqibeleleyo. Uxolo ukuba khange ndikwazi ukuphinda ndifunde kancinane kwizihloko endiya kuzithanda, kodwa ngokuqinisekileyo kuyakubakho ithuba 🙂 Ukubulisa kunye nombulelo wokufika apha.
Yiba ngqo. Bhala kancinci ujolise kwezona zibalulekileyo
Molo, enkosi ngezimvo.
Ukuthetha inyani ndinqumle indawo elungileyo yeembono, kodwa nangona kunjalo kubonakala kum ukuba ishiye ubuncinci ukuze umntu ongenalo ulwazi lwenkqubo akwazi ukufumana umbono.
Phendula nge quote
Ingxaki kukuba abo bangenalo ulwazi lwenkqubo abayi kufumanisa nantoni na kuba inzima kakhulu ukuqala, kodwa abo bayaziyo indlela yokwenza inkqubo bayakuqonda ukungqala.
Ndicinga ukuba awukwazi ukufikelela kuwo wonke umntu, kufuneka ukhethe, kwaye kule meko wonile ngokufuna ukugubungela okuninzi.
Ngendlela, ndiyakuxelela njengokugxeka okwakhayo, ndiyazithanda ezi zihloko kwaye ndingathanda ukuba uqhubeke nokubhala amanqaku, ndiyavuyisana!
Ndicinga ukuba kunjalo.
Enkosi kakhulu kubo bobabini !! Ngokuqinisekileyo kunzima ukuqonda ukuba ungafikelela njani kubaphulaphuli ekujoliswe kubo xa inyani ikukuba inani labantu abanenqanaba eliphambili lenkqubo abafunda la manqaku liphantsi (ubuncinci elinokuboniswa ngokusekwe kumagqabantshintshi)
Ngokuqinisekileyo ndonile ngokufuna ukwenza lula into efuna ukuba isiseko solwazi esibanzi siqondwe. Ndiyathemba ukuba uyaqonda ukuba ukusukela ngoku ndiqala ukubhloga, andikayifumani eyona ndawo apho abafundi bam bazi kwaye baqonde le ndiyithethayo. Oko kuyakwenza lula kakhulu ukuthetha inyani 🙂
Ndizakuzama ukuba mfutshane xa kufanelekile ngaphandle kokulinganisa ifomathi, kuba ukwahlula indlela yokubhala kumxholo kunzima kakhulu kunokuba umntu enokucinga, ubuncinci ndinabo, kodwa ndicinga ukuba ekugqibeleni ndiza kuba nakho ukongeza imigca kwi endaweni yokusika umxholo.
Phendula nge quote
Ungafumanisa phi ngakumbi ngalo mbandela? Nayiphi na incwadi ekhuthazwayo?
Umzekelo endiwufumene kwiThe Shellcoder's Handbook nguChris Anley, John Heasman, Felix Linder noGerardo Richarte, kodwa ukuze ndenze inguqulelo engama-64 kuye kwafuneka ndifunde ngobugcisa bokwakha, incwadana yonjiniyela yenkqubo, umqulu wesi-2 nowesi-3 Umthombo othembekileyo wento leyo. Kulungile ukuba ufunde uxwebhu lwe-GDB, oluza nomyalelo 'we-info gdb', Ukufunda iNdibano kunye no-C zininzi kakhulu iincwadi ezilungileyo, ngaphandle kokuba iincwadi zeNdibano zindala noko kukho umsantsa wokugcwalisa olunye uhlobo amaxwebhu.
I-shellcode ngokwayo ayisasebenzi kule mihla ngenxa yezizathu ezahlukeneyo, kodwa kusenomdla ukufunda ubuchule obutsha.
Ndiyathemba iyanceda kancinci 🙂 Ukubulisa
Buen artículo, el viejo blog desdelinux ha vuelto a renacer =)
Xa usithi iqokobhe elikude alisebenzi kangako, uthetha iindlela zokulwa ezenzelwe ukunciphisa uhlaselo, bakubiza ngokuba kukhuseleko oluhlaselayo.
Ndiyabulisa kwaye uqhubeke njalo
Enkosi kakhulu kuFranz words amagama anobubele, eneneni bendithetha ukuba i-Shellcoding namhlanje inzima kakhulu kunale siyibonayo apha. Sine-ASLR (indawo yokugcina inkumbulo engaqhelekanga) isikhuseli sokugcina, amanyathelo ahlukeneyo kunye namanyathelo okuthintela umda kwinani lee-opcodes ezinokuthi zifakwe kwinkqubo, kwaye sisiqalo nje.
Regards,
Molo, uyakwenza enye indawo ekwandiseni isihloko? Inomdla
Molo, isihloko ngokuqinisekileyo sinomdla, kodwa inqanaba lokuntsokotha esiza kulithatha liya kuba phezulu kakhulu, mhlawumbi kubandakanya inani elikhulu lezithuba zokuchaza izinto ezifuneka kuqala ukuze uqonde enye. Ndiza kubhala malunga nayo, kodwa ayizukuba zizithuba zilandelayo, ndifuna ukubhala izihloko ezimbalwa ngaphambi kokuqhubeka nale.
Imibuliso, kwaye enkosi ngokwabelana
Kulunge kakhulu che! Unikela ngezithuba ezintle! Umbuzo omnye, ndiqala le nto yoKhuseleko lwe-IT ngokufunda incwadi ebizwa ngokuba "Ukuqinisekisa ukhuseleko ngovavanyo lwepeni." Ngaba le ncwadi iyacetyiswa? Ucebisa njani ukuba ndiqale ukubuza malunga nale micimbi?
Molo cactus, yindalo iphela malunga nokuba semngciphekweni, kunye nabanye, ukuthetha inyani kuxhomekeke kakhulu kwinto etsala umdla wakho, kunye neemfuno onazo, umphathi we-IT akufuneki azi ngokufanayo nomphengululi, Okanye umphandi osengozini, okanye umhlalutyi wasenkundleni, iqela lokubuyisela kwintlekele linezakhono ezahlukeneyo. Ngokucacileyo nganye yazo ifuna inqanaba elahlukileyo lolwazi lobuchwephesha, ndincoma ukuba uqalise ukufumanisa kanye le nto uyithandayo, kwaye uqalise ukutyisa iincwadi, amanqaku, kunye nezinye, kwaye okona kubaluleke kakhulu, yenza yonke into oyifundayo, nokuba iphelelwe lixesha, lonto izakwenza umahluko ekugqibeleni.
Regards,
Sawubona!
Enkosi kakhulu ngokuchaza esi sihloko, kunye nokubeka izimvo kulwazi olongezelelweyo sinayo "Incwadi yeshellcoder's Hand". Sele ndinofundo olulindileyo 😉