1. Remove the symbol table
gcc -s:
Remove all symbol table and relocation information from the executable.
strip:
Discard symbols from object files which already compiled.
They do similar things, but strip allows finer grained control over what gets removed from the file.
Continue Reading
ARM
1. (Advanced RISC Machine)進階精簡指令集機器(補充1)
2. 32 bit arm cpu架構, 2004開始推出64架構
3. 適用於行動通訊領域,低成本、高效能、低耗電
4. iso, wp, android的共通特性都採用arm架構
windows8也推出arm的拉基版本RT!
補充1 RISC
CPU指令即可以分為兩種CISC(complex instruction set computer)
與RISC(reduced instruction set computer)
Continue Reading
利用sys_sigreturn的特性
會先將所有的register都push進stack
最後結束了時候再把所有值pop回去register
所以利用先行偽裝stack上面的register value
設定好eax 119直接呼叫int 0x80
vdso直接有mov eax, 119; int 0x80的gadget
貌似x86 aslr vdso只有rand 256,可以暴力破解
結束之後,你所有在stack上的值都寫進register value了
如果register都寫好了,直接利用同一個gadgets的int 0x80就可以exploit了
sudo apt-get install openssl-server
service ssh restart
port forwarding
http://www.virten.net/2013/03/how-to-setup-port-forwarding-in-vmware-workstation-9/
