Skip to content

new post #3

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Mar 17, 2017
Merged

new post #3

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
cb76da1
Update: 经高人指点英文readme
Nov 20, 2016
2764f91
update: 切换一下项目的组织方式,latex 太难写了
Mar 17, 2017
88bb2cb
new: update new post
Mar 17, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 0 additions & 18 deletions Makefile
View file
Open in desktop

This file was deleted.

56 changes: 0 additions & 56 deletions README-zh.md
View file
Open in desktop

This file was deleted.

68 changes: 40 additions & 28 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,54 +1,66 @@
# linux exploit development tutorial
# linux exploit 开发入门

## What's this ?
## 这是什么?

A series tutorial for linux exploit development to newbie.
这是面向新手的 linux exploit 开发指南.

The test machine is ubuntu 14.04 which was default install.
发现 Linux 下二进制学习曲线陡峭,而套路零散,于是整理编著这篇文章,来帮助感兴趣的人学习,还想结识更多对 Linux 二进制感兴趣的人.

*Read this in other languages: [English](README.md), [简体中文](README-zh.md).*
万事开头难,首先要感谢本文原来的的作者 sploitfun,他开始做了这件事并写出了思路,我在他的基础上进行了补充和翻译.

## How to organize ?
还要要感谢 phrack,乌云知识库,各种 wiki 上面文章的作者,这些作者和安全研究人员讲解了很多关于 exploit 相关技术,是大家的无私分享使很多东西变的可能,我也想把这样的分享精神学习来.

### chapter 1: Basic knowledge

base knowledge like : what's stack and heap ? how convert c language to assembly language ? what's elf and memroy layout? etc..
为了防止文档过于臃肿,我们讲分享讨论的话题尽量限制在 Linux,x86,ipv4 范围内,我们假设读者能正常使用 Linux,熟悉 C 语言,了解汇编语言,认识计算机专业词汇,基本体系结构知识(栈,堆,内存之类的).如果不能因为知识储备不够,推荐 0day 安全以补充背景知识.

base vulnerability problems like : what's is overflow and memory corruption ? how heap working ? etc...

### chapter 2: Stack security

this chapter focus userspace stack security mechanism and bypass.
测试机器是 ubuntu 14.04 的默认安装.

### chapter 3: Heap security

this chapter focus the security mechanism of heap in modern linux.
## 目录

### chapter 4: Kernel security
### 第一章节: [基础知识](./chapter1)

this chapter focus the mechanism security of modern linux kernel (2.6.32) and later
基础部分知识比如: 栈与堆分别是什么? c 语言如何转换成汇编? 内存布局是什么样的? ...

### chapter 5: Vulnerability discovery
基础的安全知识如: 什么是堆栈溢出? 堆分配器是如何工作的?...

(WIP)
这个阶段还要介绍基本的漏洞类型和安全机制,然后关闭全部的安全保护机制,学习如何在 Linux 下面编写最基本的 exp.

### 第二章节: [栈的安全](./chapter2)

主要关注在现代 linux 上栈的安全防护机制及其绕过的常规套路.

分为两大类:编译相关(elf 加固),部分编译选项控制着生成更安全的代码(损失部分性能或者空间),还有就说运行时的安全(ASLR),都是为增加了漏洞利用的难度,不能从本质上去除软件的漏洞.

### 第三章节: [堆的安全](./chapter3)

主要关注在现代 linux 上 glibc 下堆的安全防护机制及其绕过的常规套路.

### 第四章节: [内核的安全](./chapter4)

这个阶段学习现代 linux (2.6.32)及其以后版本 kernel 安全相关的文档(安全保护,利用).

在早期 kernel 可以随意访问用户态代码,ret2usr 技术可以让内核执行用户态的代码,不过随着 Linux 的发展 SMAP(禁止 kernel 随意访问用户态,RFLAGE.AC 标志位置位可以),SMEP 禁止 kernel 态直接执行用户态代码,kaslr 也提升了漏洞利用的难度。

### 第五章节: [漏洞发现](./chapter5)

漏洞挖掘的重要性不言而喻,打个比喻上面写的如何吃肉,漏洞挖掘就是肉在哪里.

this chapter is a new filed to me.
这个章节对我来说目前也是一个新领域,在这个章节里面主要关注 fuzz 与 代码审计。

## How to modify and update ?
## 如何修改和更新 ?

```shell
sudo dnf install texlive-\* -y
git clone git@github.com:hardenedlinux/linux_exploit_development_tutorial.git
cd linux_exploit_development_tutorial
make # preview
```

## How to hand on ?
## 如何实践文档代码 ?

(WIP)

some source code in `lab-code`.
源代码会陆续放到`lab-code`目录中,其实更倾向于提供一个虚拟机镜像供下载.
...

## copyleft
## 版权

This work is licensed under the <a href="http://creativecommons.org/licenses/by-sa/3.0/" target="_blank">Creative Commons Attribution-ShareAlike 3.0 Unported License</a>
这个项目是以 <a href="http://creativecommons.org/licenses/by-sa/3.0/" target="_blank">知识共享署名-相同方式共享 3.0</a> 许可协议授权.
Binary file added .../Automatic Generation of Control Flow Hijacking Exploits for Software Vulnerabilities.pdf
View file
Open in desktop
Binary file not shown.
5 changes: 5 additions & 0 deletions chapter1/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
# 基础知识

[MSc Computer Science Dissertation Automatic Generation of Control Flow Hijacking Exploits for Software Vulnerabilities](./Automatic\ Generation\ of\ Control\ Flow\ Hijacking\ Exploits\ for\ Software\ Vulnerabilities.pdf)


91 changes: 0 additions & 91 deletions chapter1/chapter_preparation.tex
View file
Open in desktop

This file was deleted.

1 change: 1 addition & 0 deletions chapter2/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
# 栈的安全
31 changes: 0 additions & 31 deletions chapter2/chapter_stack.tex
View file
Open in desktop

This file was deleted.

Loading