CTF-Solve

• radare2 reverse engineering framework
• cutter GUI for radare2

pwn

# check file type (ex: 32bit, 64bit
file binary

# check sec 
checksec --file=a.out 

ROP tools

• ropshell
• ROPgadget find gadget
• Ropper find gadget and semantic
• ROPGenerator semantic

# install ropper
pacman -S ropper
pacaur -S python-z3 python-pyvex-git  python-archinfo-git # if need semantic

Q&A

• ropper semantic not found gadgets using --clear-cache

pwntools

debug

# show log
context.log_level ='debug'

# gdb
context.terminal = ['alacritty', '-e', 'sh', '-c']
gdb.attach(c)

GOT

• find plt/got objdump -R binfile

Reference

• linux常见漏洞利用技术实践
• pwntools的一些简单入门总结
• Exploit利器——Pwntools
• Binary exploitatio

web

• SSRF

sqlmap

sqlmap -u "https://hackme.inndy.tw/gb/?mod=post" --method POST -p "content,title" --data "title=a&content=b"  
sqlmap -u "https://hackme.inndy.tw/gb/?mod=post" --method POST -p "content,title" --data "title=a&content=b" --level=3 --risk=3 # if above not working

XSStrike

• XSStrike

other

hashcat insall

sudo pacman -S hashcat, opencl-mesa # or opencl-nvidia