Naupjjin/My-Course-Binary-exploitation-challenge

# 二进制漏洞利用练习 ## 环境设置 - Pwn 模板：https://github.com/Naupjjin/MyCTFLib/blob/main/MyPwnLib/smp_exploit2.py - DockerBox：https://github.com/Naupjjin/Pwn-Docker-Box - LinuxKernelChallengeBox：https://github.com/Naupjjin/LinuxKernelChallengeBox ## 幻灯片 二进制漏洞利用 1 - https://docs.google.com/presentation/d/1KnQ3uEoz3wdYkYKn4ysllUBioCQWmT1vVljJ8-JbXhw/edit?usp=sharing 二进制漏洞利用 2 - https://docs.google.com/presentation/d/1R_PwTL5VtOcG4UFDAZpjMmO0iWxSgkCKPz15s7x3-7c/edit?usp=sharing ## 栈 Pwn | 名称 | 描述 | 链接 | |-|-|-| | fmt aar | 格式化字符串读 | [链接](https://github.com/Naupjjin/My-Course-Binary-exploitation-challenge/tree/main/stack-pwn/fmt/challenge_aar) | | fmt aaw | 格式化字符串写 | [链接](https://github.com/Naupjjin/My-Course-Binary-exploitation-challenge/tree/main/stack-pwn/fmt/challenge_aaw) | | fmt argv chain | 格式化字符串 argv 链 | [链接](https://github.com/Naupjjin/My-Course-Binary-exploitation-challenge/tree/main/stack-pwn/fmt/challenge_argvchain) | | GOThijack | GOT 劫持攻击 | [链接](https://github.com/Naupjjin/My-Course-Binary-exploitation-challenge/tree/main/stack-pwn/GOThijack) | | Onegadget | 使用单个 gadget 的 ROP | [链接](https://github.com/Naupjjin/My-Course-Binary-exploitation-challenge/tree/main/stack-pwn/Onegadget) | | OOB | 越界漏洞 | [链接](https://github.com/Naupjjin/My-Course-Binary-exploitation-challenge/tree/main/stack-pwn/OOB) | | ret2func | BOF+ret2win | [链接](https://github.com/Naupjjin/My-Course-Binary-exploitation-challenge/tree/main/stack-pwn/ret2func) | | ret2libc | BOF+ret2libc | [链接](https://github.com/Naupjjin/My-Course-Binary-exploitation-challenge/tree/main/stack-pwn/ret2libc) | | ret2plt | BOF+ret2plt | [链接](https://github.com/Naupjjin/My-Course-Binary-exploitation-challenge/tree/main/stack-pwn/ret2plt) | | ROP | 简单 ROP | [链接](https://github.com/Naupjjin/My-Course-Binary-exploitation-challenge/tree/main/stack-pwn/ROP) | | ret2shellcode | BOF+ret2shellcode | [链接](https://github.com/Naupjjin/My-Course-Binary-exploitation-challenge/tree/main/stack-pwn/ret2shellcode) | | stack_migration | 栈迁移技术 | [链接](https://github.com/Naupjjin/My-Course-Binary-exploitation-challenge/tree/main/stack-pwn/stack_migration) | ## 堆 Pwn | 名称 | 描述 | 链接 | |-|-|-| | Heap overflow | 堆溢出 | | | slime machine revenge | UAF + tcache 投毒 | [链接](https://github.com/Naupjjin/My-Course-Binary-exploitation-challenge/tree/main/heap-pwn/slime_machine_revenge) | ## 内核 Pwn | 名称 | 描述 | 链接 | |-|-|-| | No549 | modprobe_path | [链接](https://github.com/Naupjjin/My-Course-Binary-exploitation-challenge/tree/main/kernel-pwn/No549) | | kernel story I | 内核 ROP + 无保护 | [链接](https://github.com/Naupjjin/My-Course-Binary-exploitation-challenge/tree/main/kernel-pwn/kernel-rop/kernel-story-1) | | kernel story II | 内核 ROP + SMAP/SMEP | [链接](https://github.com/Naupjjin/My-Course-Binary-exploitation-challenge/tree/main/kernel-pwn/kernel-rop/kernel-story-2) | | kernel story III | 内核 ROP + SMAP/SMEP/KPTI/KASLR | [链接](https://github.com/Naupjjin/My-Course-Binary-exploitation-challenge/tree/main/kernel-pwn/kernel-rop/kernel-story-3) |

标签：CTF竞赛, Docker环境, GOT劫持, Linux内核挑战, Pwn学习, ret2libc, ret2plt, ROP攻击, 二进制漏洞利用, 代码执行利用, 安全练习, 教学挑战, 栈溢出, 格式化字符串漏洞, 漏洞利用技术, 缓冲区溢出, 网络安全, 请求拦截, 逆向工具, 隐私保护