Njengoba bengilangazelela ukuqhubeka nokuxoxa ngalesi sihloko, ake ngikutshele umlando omncane, ithiyori, kanye nokuzilolonga ngobuthakathaka. Sonke sizwile manje ukuthi amaphutha ezokuphepha angabiza kakhulu, sonke siyazi ukuthi kufanele sigcine isoftware yethu isesikhathini, sonke siyazi ukuthi izibuyekezo eziningi zibangelwa izimbungulu zokuphepha. Kepha namhlanje ngizokutshela kancane ukuthi la maphutha atholakele futhi axhashazwe kanjani 🙂 Kepha ngaphambi kwalokhu sizocacisa imininingwane embalwa ukuze sibe nokubuka konke okungcono.
Ngaphambi kokuthi uqale
Okokuqala ngifuna ukukutshela ukuthi sizogxila ebucayini bokuqala engifunde ukubusebenzisa, okwaziwayo Ukuchichima Kwebhafa, kulokhu kuba sengozini sisebenzisa ngokunenzuzo ukuqinisekiswa kwememori ukwenza izinto ezimnandi 🙂 Kepha ake sicacise kancane ngakho.
Lokhu ngeke kube yisimo sangempela somhlaba
Anginamandla okubafundisa ukwephula noma yiluphi uhlelo abalubona 🙂 kuqala ngoba luyingozi kumakhompyutha abo, okwesibili ngoba lokho kungathatha isilinganiso esingejwayelekile samagama.
Sithatha uhambo oluya kuma-80s
Engizokukhombisa khona ngikwazi ukukwenza kwi-laptop yami, kepha akusho ukuthi kungenziwa namuhla ngendlela elula 🙂 eminingi yale miqondo isivele isetshenziswe kaningi kangangokuba izindlela ezintsha zokuvikela nezindlela ezintsha zokuzigwema sezivelile 😛 kepha lokho kusibuyisela endaweni efanayo, asikho isikhala sokukwazi ukukutshela konke lokho 🙂
Kungenzeka kungasebenzi kuphrosesa yakho
Yize ngizosebenzisa isibonelo esilula, ngifuna ukuthi kucace kwasekuqaleni ukuthi imininingwane yalokhu miningi kakhulu futhi ihlukahlukene kakhulu njengoba ingaphuma ifane nami, uma ufuna ukuyizama, umphumela oyifunayo nawo awutholakali 🙂 Kepha ungacabanga ukuthi angikwazi ukukuchaza lokho kulesi sikhala, ikakhulukazi ngoba ngalesi sethulo sengivele ngithathe amagama angaphezu kwama-300, ngakho-ke siqonda ngqo endaweni yethu.
Yini i- Ukuchichima Kwesibambi
Ukuphendula lokhu kufanele siqale siqonde isigamu sokuqala sale nhlanganisela.
Ama-Buffers
Njengoba konke kumayelana nenkumbulo kwikhompyutha, kunengqondo ukuthi kufanele kube nohlobo oluthile lwesitsha solwazi. Uma sikhuluma okokufaka o Imiphumela, siza ngqo emcabangweni we buffers. Ukuyigcina imfishane, a i-buffer Kuyisikhala sememori sosayizi ochaziwe lapho sizogcina khona imininingwane eminingi, elula 🙂
Ukuchichima kwenzeka, njengoba negama lisho, lapho i-buffer igcwalisa imininingwane engaphezulu kwengakwazi ukuyiphatha. Kodwa kungani lokhu kubalulekile?
Stack
Eyaziwa nangokuthi izitaki, ziwuhlobo lwedatha olungabonakali esingakwazi ngalo isitaki Imininingwane, isici sabo esiyinhloko ukuthi bane-oda I-LIFO (Kugcine Kuqala ukuphuma). Ake sicabange umzuzwana ngesitaki samapuleti, siwabeka phezulu ngakunye, bese siwakhipha ngamunye ngamunye phezulu, lokhu kwenza ipuleti lokugcina esilibekile (leli eliphezulu) liyipuleti lokuqala esizoyikhipha, kusobala ukuthi uma singakhipha ipuleti elilodwa ngasikhathi sinye bese sinquma ukukwenza ngaleyo ndlela: P.
Manje njengoba usuyazi lemiqondo emibili, kufanele siyibeke ngokulandelana kwayo. Izitaki zibalulekile ngoba uhlelo ngalunye esilusebenzisayo lunalo olwalo isitaki sokubulawa. Kepha lesi sitaki sine- isici esithile, ikhula phansi. Ukuphela kwento odinga ukuyazi ngalokhu ukuthi ngenkathi uhlelo lusebenza, lapho umsebenzi ubizwa, isitaki sisuka kwinombolo X ngememori siye kwinombolo (Xn). Kepha ukuze siqhubeke kumele siqonde umqondo owodwa.
Izikhombo
Lo ngumqondo osanganisa abaningi bohlelo lapho beqala emhlabeni we-C, empeleni amandla amakhulu wohlelo lwe-C ngokwengxenye ngenxa yokusetshenziswa kwezikhombi. Ukuyigcina ilula, isikhombi ukhomba ikheli lememori. Lokhu kuzwakala kuyinkimbinkimbi, kepha akuyona into eyinkimbinkimbi kangako, sonke sine-RAM emishinini yethu angithi? Yebo, lokhu kungachazwa njenge- ukuhlelwa okulandelanayo kwamabhulokhi, lezi zindawo zivame ukuvezwa ngezinombolo ze-hexadecimal (kusuka ku-0 kuye ku-9 bese kusuka ku-A kuye ku-F, njenge-0x0, 0x1, 0x6, 0xA, 0xF, 0x10). Lapha njengombhalo onelukuluku, 0x10 CHA ilingana no-10 😛 uma siyiguqulela ku-decimal oda kungafana nokuthi sithi 15. Lokhu kuyinto ebuye idideke ngaphezulu kweyodwa ekuqaleni, kepha ake sehle kuyona.
Amarekhodi
Amaprosesa asebenza ngenombolo ethile ye- amarekhodi, esebenza ukudlulisa izindawo kusuka kwimemori ebonakalayo iye ku-processor, yokwakha okusebenzisa ama-bits angama-64, inani lamarejista likhulu futhi kunzima ukulichaza lapha, kepha ukuthola umqondo, amarejista afana nezikhombisi, akhombisa phakathi kwezinye izinto, isikhala sememori (indawo).
Manje zijwayeze
Ngiyazi ukuthi bekululwazi oluningi ukucubungula kuze kube manje, kepha empeleni kuyizinkinga eziyinkimbinkimbi engizama ukuzichaza ngendlela elula kakhulu, sizobona uhlelo oluncane olusebenzisa ama-buffers futhi sizoluphula ukuze sikuqonde lokhu mayelana nokuchichima, kusobala ukuthi lolu akulona Kuluhlelo lwangempela, futhi "sizogwema" izindlela eziningi zokuphikisa ezisetshenziswayo namhlanje, ukukhombisa nje ukuthi izinto zazenziwa kanjani phambilini 🙂 futhi ngoba eminye yale migomo iyadingeka ukuze sikwazi ukufunda izinto eziyinkimbinkimbi 😉
I-GDB
Uhlelo olukhulu ngokungangabazeki olungenye yezinhlelo ezisetshenziswa kakhulu nguC. Phakathi kokuhle kwalo okuningi sineqiniso lokuthi lusivumela ukuthi sikubone konke lokhu ebesikhuluma ngakho kuze kube manje, amarejista, isitaki, izigaxa, njll. uhlelo esizolusebenzisa njengesibonelo sethu.
i-retinput.c
Lolu uhlelo olulula impela, sizosebenzisa umtapo wezincwadi stdio.h
ukukwazi ukuthola imininingwane nokuyiveza esigungwini. Sibona umsebenzi obizwa ngokuthi return_input
ekhiqiza i- i-buffer kubizwa i-array, enobude obungu-30 amabhayithi (uhlobo lwedatha ye-char lungu-1 Byte ubude)
Umsebenzi gets(array);
cela imininingwane nge-console nomsebenzi printf()
ibuyisa okuqukethwe kwamalungu afanayo bese ikubonisa esikrinini.
Lonke uhlelo olubhalwe ngo-C luqala ngomsebenzi main()
, lokhu kuzophatha kuphela ukubiza ukubuya_kungenayo, manje sizohlanganisa uhlelo.
Ake sithathe kancane kwalokho engisanda kukwenza. Inketho -ggdb
utshela i-gcc ukuthi kufanele ihlanganise uhlelo nolwazi lwe-gdb ukuze ikwazi ukulungisa iphutha kahle. -fno-stack-protector
Kuyinketho okusobala ukuthi bekungafanele ngabe siyayisebenzisa, kepha esizoyisebenzisa ngoba uma kungenjalo bekungenzeka ukuthi kukhiqizwe i-buffer echichima esitaki. Ekugcineni ngivivinye umphumela. ./a.out
iqhuba nje lokhu engisanda kukuhlanganisa, icela imininingwane bese iyakubuyisa. Iyagijima 🙂
Izixwayiso
Enye inothi lapha. Uyazibona yini izixwayiso? ngokusobala kuyinto okufanele ibhekwe lapho sisebenza ngekhodi noma sihlanganisa, lokhu kusobala futhi kunezinhlelo ezimbalwa namuhla ezinomsebenzi gets()
Kwikhodi. Enye inzuzo ye-Gentoo ukuthi ngokuhlanganisa uhlelo ngalunye, ngiyabona ukuthi yini engase ingahambi kahle, uhlelo "oluhle" akufanele lube nazo, kepha uzomangala ukuthi zingaki izinhlelo ezinkulu ezinezixwayiso ngoba zikhulu KAKHULU futhi kunzima ukuzilandela. imisebenzi eyingozi lapho kunezexwayiso eziningi ngasikhathi sinye. Manje uma siqhubeka
Isusa iphutha kuhlelo
Manje le ngxenye ingadida kancane, kepha njengoba sengibhale ngokwanele, anginamandla okuchaza konke, ngiyaxolisa uma ubona ukuthi ngishesha kakhulu 🙂
Ukukhubaza ikhodi
Ake siqale ngokubheka uhlelo lwethu oluhlanganisiwe lolimi lomshini.
Le yikhodi yomsebenzi wethu oyinhloko ku- Assembly, yilokhu okucutshungulwa yiprosesa yethu, umugqa ongakwesobunxele ikheli lendawo kwimemori, i- <+ n> yaziwa ngokuthi offset, ngokuyisisekelo ibanga kusukela ekuqaleni komsebenzi (main) kuleso sitatimende (esaziwa njenge i-opcode). Ngemuva kwalokho sibona uhlobo lwemiyalo (i-Push / mov / callq…) kanye nerejista eyodwa noma ngaphezulu. Ngokufingqiwe singasho ukuthi kuyinkomba elandelwa ngumthombo / imvelaphi nendawo okuyiwa kuyo. <return_input>
kubhekisa emsebenzini wethu wesibili, ake sibheke.
Buyisela_okufaka
Lokhu kuyinkimbinkimbi ngokwengeziwe, kepha ngifuna nje ukuthi ubheke izinto ezimbalwa, kukhona ithegi ebizwa <gets@plt>
kanye ne-opcode yokugcina yokugcina ebizwa ngokuthi retq
ekhombisa ukuphela komsebenzi. Sizobeka izindawo ezimbalwa zokuphumula, eyodwa emsebenzini gets
nomunye ku retq
.
Qalisa
Manje sizoqhuba uhlelo ukubona ukuthi isenzo siqala kanjani.
Siyabona ukuthi umcibisholo omncane uvela okhombisa i-opcode lapho sikhona, ngifuna ukuthi bacabangele inkomba 0x000055555555469b
, leli ikheli ngemuva kocingo oluya kulo return_input
ekusebenzeni main
, lokhu kubalulekile njengoba kulapho uhlelo kufanele lubuye khona lapho uqeda ukwamukela i- okokufaka, ake singene emsebenzini. Manje sizohlola inkumbulo ngaphambi kokufaka umsebenzi gets
.
Nginibekele umsebenzi omkhulu, futhi ngigqamise ikhodi ebengibhekise kuyo, njengoba nibona, ngenxa ye- okokugcina ihlukaniswe yaba izingxenye ezimbili, ngifuna ukuthi ubheke ukuqondiswa 0x7fffffffdbf0
(owokuqala kusuka kwesobunxele ngemuva komyalo x/20x $rsp
) ngoba le yindawo okufanele siyisebenzise ukuhlola imiphumela yokuthola, asiqhubeke:
Ukwephula uhlelo
Ngikuqhakambisile lokho 0x44444444
ngoba bamele ama-Ds wethu manje sesiqale ukungeza okokufaka ohlelweni, futhi njengoba ubona, simane nje imigqa emibili kusuka kukheli lethu esilifunayo, sizoligcwalisa size size ngaphambi nje kwamakheli esiwakhombise esinyathelweni esedlule.
Ukushintsha indlela yokubuyela
Manje njengoba sesikwazile ukufaka lesi sigaba sekhodi lapho sibonisa khona ukubuya komsebenzi, ake sibone ukuthi kwenzekani uma siguqula ikheli 🙂 esikhundleni sokuya endaweni ye-opcode elandela leyo ebesinayo umzuzwana edlule, ucabangani uma sibuyela emuva return_input
? Kepha ngalokhu, kuyadingeka ukubhala ikheli esilifunayo kanambambili, sizokwenza nomsebenzi printf
kusuka ku-bash 🙂
Manje sesithole imininingwane kabili 😀 impela uhlelo belungakhelwanga lokho, kepha sikwazile ukwephula ikhodi futhi sayenza yaphinda into obekungafanele yenziwe.
Ukucabanga
Lolu shintsho olulula lungabhekwa njenge- sebenzisa eyisisekelo very ukwazile ukwephula uhlelo futhi wenza okuthile esifuna akwenze.
Lesi yisinyathelo sokuqala sohlu lwezinto ongaziboni nokuzengeza, kunezindlela zokwengeza izinto eziningi kunokuphinda i-oda, kepha kulokhu ngibhale okuningi nakho konke okuphathelene ukufaka i-shellcoding kuyisihloko sokubhala ngaphezu kwezindatshana, ngingasho ukuthi izincwadi eziphelele. Uxolo uma ngingakwazanga ukucwaninga kakhudlwana ezihlokweni ebengizothanda, kodwa impela kuzoba nethuba 🙂 Ukubingelela nokubonga ngokufika lapha.
Qondisisa kakhudlwana. Bhala okuncane bese ugxila kokusemqoka
Sawubona, ngiyabonga ngokuphawula.
Ukukhuluma iqiniso, nginqume ingxenye enhle yemibono, kepha noma kunjalo kubonakala kimi ukuthi ngishiye ubuncane ukuze umuntu ongenalo ulwazi lohlelo athole umbono.
Phendula ngokucaphuna
Inkinga ukuthi labo abangenalo ulwazi lwezinhlelo ngeke bathole lutho ngoba kuyinkimbinkimbi kakhulu ukuqala ngakho, kepha labo abakwaziyo ukwenza uhlelo bayakwazisa ukuqondisisa.
Ngicabanga ukuthi awukwazi ukufinyelela kuwo wonke umuntu, kufanele ukhethe, kulokhu-ke wonile ngokufuna ukumboza okuningi.
Ngale ndlela, ngikutshela njengokugxeka okwakhayo, ngiyazithanda lezi zihloko futhi ngithanda ukuthi uqhubeke ubhale izindatshana, siyakuhalalisela!
Ngicabanga okufanayo.
Ngiyabonga kakhulu kubo bobabili !! Kunzima impela ukuqonda ukuthi ungazifinyelela kanjani izethameli ezihlosiwe lapho iqiniso ukuthi inani labantu abanezinga eliphakeme lohlelo abafunda lezi zihloko lincane (okungenani lokho kungabhekiswa ngokususelwa kumazwana)
Ngempela ngonile ngokufuna ukwenza lula okuthile okudinga isisekelo esibanzi solwazi ukuze siqondwe. Ngiyethemba uyaqonda ukuthi njengoba ngisaqala ukubhuloga, angikalitholi iphuzu eliqondile lapho abafundi bami bazi futhi baqonde engikushoyo. Lokho kuzokwenza kube lula ukukhuluma iqiniso 🙂
Ngizozama ukuba mfushane lapho kufanele ngaphandle kokulingisa ifomethi, ngoba ukwahlukanisa indlela yokubhala kokuqukethwe kuyinkimbinkimbi kakhulu kunalokho umuntu angakucabanga, okungenani ngibaxhumanise impela, kepha ngicabanga ukuthi ekugcineni ngizokwazi ukwengeza imigqa ku esikhundleni sokusika okuqukethwe.
Phendula ngokucaphuna
Kukuphi lapho ungazi khona kabanzi ngale ndaba? Ingabe ikhona incwadi enconyiwe?
Isibonelo sithathwe ku-The Shellcoder's Handbook nguChris Anley, John Heasman, Felix Linder noGerardo Richarte, kepha ukuze ngenze ukuhumusha okungama-64 bekufanele ngifunde ngobuciko bami, incwajana yonjiniyela yonjiniyela, amavolumu 2 no-3 Umthombo othembekile walokho. Kuhle futhi ukufunda imibhalo ye-GDB, eza nomyalo we-'info gdb ', Ukufunda i-Assembly ne-C kunezincwadi eziningi ezinhle kakhulu, ngaphandle kokuthi izincwadi ze-Assembly zindala kancane ngakho-ke kukhona igebe lokugcwaliswa ngolunye uhlobo imibhalo.
I-shellcode uqobo ayisasebenzi kulezi zinsuku ngezizathu ezahlukahlukene, kepha kusathakazelisa ukufunda amasu amasha.
Ngiyethemba kuyasiza kancane 🙂 Sanibonani
Buen artículo, el viejo blog desdelinux ha vuelto a renacer =)
Uma uthi igobolondo elikude alisebenzi kangako, usho izindlela zokulwa ezenzelwe ukunciphisa ukuhlaselwa, bakubiza ngokuthi ukuphepha okuhlaselayo.
Sanibonani niqhubeke njalo
Ngiyabonga kakhulu uFranz words amagama anomusa kakhulu, empeleni bengisho ukuthi uShellcoding namuhla unzima kakhulu kunalokhu esikubona lapha. Sine-ASLR (okungahleliwe indawo yokukhumbula imemori) isivikeli sesitaki, izinyathelo ezahlukahlukene nezinyathelo zokunqanda ezinciphisa inani lama-opcode angajojelwa ohlelweni, futhi kusisiqalo nje.
Ukulawula,
Sawubona, ingabe uzokwenza enye ingxenye ukwandisa isihloko? Kuyathakazelisa
Sawubona, isihloko sithakazelisa impela, kepha izinga lokuxakeka ebesingalithatha lizoba likhulu kakhulu, mhlawumbe lifake inani elikhulu lokuthunyelwe ukuze kuchazwe izidingo ezahlukahlukene zokuqonda okunye. Ngizobhala ngakho, kepha ngeke kube okuthunyelwe okulandelayo, ngifuna ukubhala izihloko ezimbalwa ngaphambi kokuqhubeka nalokhu.
Ukubingelela, futhi ngiyabonga ngokwabelana
Kuhle kakhulu che! Unikela ngokuthunyelwe okuhle! Umbuzo owodwa, ngiqala le nto ye-IT Security ngokufunda incwadi ebizwa ngokuthi "Ukuqinisekisa ukuphepha ngokuhlola ipeni." Ingabe le ncwadi inconyiwe? Usikisela kanjani ukuthi ngiqale ukubuza ngalezi zinkinga?
Sawubona cactus, kungumhlaba wonke mayelana nokuba sengcupheni, nokunye, ukukhuluma iqiniso kuncike kakhulu ekutheni yini ekuthakaselayo, kanye nezidingo onazo, umphathi we-IT akudingeki azi ngokufana nomhloli wepeni, Noma umcwaningi osengozini, noma umhlaziyi we-forensic, iqembu lokuthola izinhlekelele linamakhono ahlukile kakhulu. Ngokusobala ngayinye yazo idinga izinga elihlukile lolwazi lobuchwepheshe, ngincoma ukuthi uqale ukuthola lokho okuthandayo, bese uqala ukushwabadela izincwadi, izindatshana, nokunye, futhi okubaluleke kakhulu, yenza konke okufundayo, noma ngabe kuphelelwe yisikhathi , lokho kuzokwenza umehluko ekugcineni.
Ukulawula,
Sawubona!
Ngiyabonga kakhulu ngokuchaza lesi sihloko, kanye nokuphawula lokho ukuthola eminye imininingwane sine "The Shellcoder's Handbook". Sengivele nginokufunda okulindile 😉