# NCtfU - 3/15 (Reverse, PWN) (A205) ###### tags: `新手場` `nctfu2021` ## 會參加 - Onebone - ppodds - idisused - yenchia - Lalalalalex醬油(I will be late) - Wilson_Liang - 石頭 - maple3142 - m5063232325 (線上) <!---------------------> ## 講者 - Onebone ## demo 筆記 - angr - ida_pro ## 會後問卷 - https://forms.gle/3SRqszUDGqfeTqie6 ## 下週報告 ## 直播存檔 [Youtube](https://youtu.be/K0iaf5XBrzE) ## 講者筆記 - 事前準備 - 沿用上次的環境，加上以下 - hexadecimal editor (ghex) - [pwntools](https://github.com/Gallopsled/pwntools) ### 工具使用介紹 - ghidra - [安裝教學參考](https://www.ylmzcmlttn.com/2019/03/26/ghidra-installation-on-ubuntu-18-04-16-04-14-04/) - gdb - attach - `echo 0 > /proc/sys/kernel/yama/ptrace_scope` - pwntools - recv - recvline() - recvuntil() - send - p32 / p64 - u32 / u64 - context - arch - os - endian - terminal - asm - shellcraft - gdb attach - interactive - [上課教材](https://github.com/onebone1/NCtfU_2021_spring/tree/master/2021-03-15) ## nop - common nop - single byte - 0x90 - 0x41 - 0x43 - etc - two byte - 0x89C0 (`mov eax, eax`，不過在 x64 它會把 `rax` 的上半清掉) - Multiple bytes - 0x0D0D0D0D ## Fork - [參考1](https://wenyuangg.github.io/posts/linux/fork-use.html) - [參考2](https://www.geeksforgeeks.org/fork-system-call/) -  ## 共筆 - handle SIGALRM ignore - ps -a (看程序) ``` python3= from pwn import * ``` - eval(<str>) - s = '\_\_import\_\_("os").system("ls")' - show follow-fork-mode 顯示程序是父or子 - set show follow-fork-mode parent 手動設置程序 https://godbolt.org/