Linux提权篇

Linux Crontab定时任务改脚本提权 https://www.freebuf.com/column/181413.html

Linux 提权从入门到放弃 https://www.freebuf.com/articles/system/129549.html

Linux SUID提权 https://www.freebuf.com/column/188852.html

Linux 利用sudo token提权技巧 https://www.freebuf.com/articles/system/201559.html

Linux、Windows权限维持常用后门学习总结 https://www.secpulse.com/archives/103301.html

缓冲区溢出漏洞

缓冲区溢出入门介绍(什么是缓冲区溢出) https://www.freebuf.com/column/196316.html

缓冲区溢出漏洞实战(一) 缓冲区溢出小程序 https://www.freebuf.com/articles/system/195614.html

缓冲区溢出漏洞攻击示例 https://www.cnblogs.com/elta/articles/4862924.html

CTF

Linux下pwn从入门到放弃 https://www.cnblogs.com/HacTF/p/8052175.html

CTF入门指南 | 内附教程分享 https://mp.weixin.qq.com/s?__biz=MzI5MDU1NDk2MA==&mid=2247486257&idx=1&sn=edcb8c52d7ffe72eb6d1ae77669d8653&chksm=ec1f5e0edb68d718ff9a56c9fa57766b9b6e96a203f33cd8bcf1327e70c903b4ba82d024daaa&mpshare=1&scene=23&srcid=0511PGfFDEhtmZo85go0JXbl#rd

CTF WIKI文库 https://ctf-wiki.github.io/ctf-wiki/

Exploit利器——Pwntools https://blog.csdn.net/loka/article/details/82025577

GOT表和PLT表知识详解 https://blog.csdn.net/qq_18661257/article/details/54694748

2019强网杯WriteUp(上) https://mp.weixin.qq.com/s/M_t-lZWgqMPdpd2IrY2fag

2019强网杯WriteUp(下) https://mp.weixin.qq.com/s/qc3FFQYIIGKeCH3N_yuQMw

PWN学习链接

Pwn整体学习路线&&相关知识点 https://ctf-wiki.github.io/ctf-wiki/

一步一步学ROP之linux_x86篇 – 蒸米 http://www.vuln.cn/6645

一步一步学ROP之linux_x64篇 – 蒸米 http://www.vuln.cn/6644

Heap Exploitation https://heap-exploitation.dhavalkapil.com/

用图形展示堆利用过程 https://veritas501.space/2017/07/25/%E5%9B%BE%E5%BD%A2%E5%8C%96%E5%B1%95%E7%A4%BA%E5%A0%86%E5%88%A9%E7%94%A8%E8%BF%87%E7%A8%8B/

GOT表和PLT表知识详解 https://blog.csdn.net/qq_18661257/article/details/54694748

checksec及其包含的保护机制 http://yunnigu.dropsec.xyz/2016/10/08/checksec%E5%8F%8A%E5%85%B6%E5%8C%85%E5%90%AB%E7%9A%84%E4%BF%9D%E6%8A%A4%E6%9C%BA%E5%88%B6/

CTFs(很多wp) https://github.com/ctfs/

ubuntu16.04安装最新版本的wine https://blog.csdn.net/daxiangqqcom/article/details/78465638

GDB使用方法总结 https://blog.csdn.net/lixungogogo/article/details/52154858#t0

gdb调试系列教程 https://blog.csdn.net/haoel/article/details/2879

IDA_Pro_7.0 绿色版 https://www.52pojie.cn/thread-675251-1-1.html

IDA_Pro_6.4 for Linux https://pan.baidu.com/s/1dDUi5J7?fid=522748291811429

CTF工具集合安装脚本操作姿势 http://www.freebuf.com/sectool/94235.html

杂项

ssf端口转发 https://mp.weixin.qq.com/s?__biz=MzU1Nzc4MTQwMA==&mid=2247484484&idx=1&sn=7859453fdc28844311d5171c9959ed0f&chksm=fc31dcb3cb4655a53fb7e06b1fd56ed229dea6e06ea0c741fcacbe6fcd7a3676ec7c7560a0df&mpshare=1&scene=23&srcid=#rd

CVE-2019-2725/CNVD-C-2019-48814第三弹——通杀 https://www.jianshu.com/p/b2d0f14c1867

PWN入门(从零开始学习PWN) https://www.jianshu.com/p/187b810e78d2

windows下shellcode编写入门 https://blog.csdn.net/x_nirvana/article/details/68921334

Web安全实战系列:文件包含漏洞 https://www.freebuf.com/articles/web/182280.html

中间件漏洞合集 https://mp.weixin.qq.com/s?__biz=MjM5MDkwNjA2Nw==&mid=2650374608&idx=1&sn=9dc025a8bbc372c0819a7f99f253ad1b&chksm=beb0826c89c70b7ab18819390d9d21bc1ce21ba6a0ab3bc80198d53f01d73802732a967c4289&mpshare=1&scene=23&srcid=#rd

GDB工具使用

在linux下面调试程序必然会用到gdb,当然还有gdb的一个插件也是必须,那就是peda

peda增强了gdb的功能,在调试过程中会显示反汇编的代码、寄存器、内存信息等

aslr – 显示和设置GDB的aslr

checksec – 显示多种安全机制的开关

dumpargs – 当停到一个call 指令的时候,显示传递给函数的参数

dumpprop – dump所有ROP gadgets 在一定的内存范围内

elfheader – 获取被调试的ELF文件的头信息

lefsymbol –获取非调试状态下的 符号信息

lookup – 在一定地址范围内查找所有的地址以及引用

patch – Patch memory start at an address with string/hexstring/int

pattern – Generate, search, or write a cyclic pattern to memory

procinfo – 从/proc/pid/显示不同的信息

pshow – 显示peda的选项以及其它的设置

pset – 设置peda的选项以及其它的设置

readelf 获取ELF文件的头部信息

ropgadget – Get common ROP gadgets of binary or library

ropsearch – Search for ROP gadgets in memory

searchmem|find – Search for a pattern in memory; support regex search

shellcode – Generate or download common shellcodes.

skeleton – Generate python exploit code template

vmmap – Get virtual mapping address ranges of section(s) in debugged process

xormem – XOR a memory region with a key

在gdb中,常用的就是如下的命令

attach 附加某个进程进行调试

run 运行程序 ,会在断点处停下来

break或者b xxx ,下断点

next 类似于od中的单步步过

step 类似于od中的单步步入