-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathindex.html
161 lines (154 loc) · 32.1 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
<!DOCTYPE html><html lang="zh-CN"><head><meta charset="UTF-8"/><meta name="viewport" content="width=device-width,initial-scale=1,maximum-scale=2"/><meta name="theme-color" content="#222"/><meta http-equiv="X-UA-COMPATIBLE" content="IE=edge,chrome=1"/><meta name="renderer" content="webkit"/><link rel="icon" type="image/ico" sizes="32x32" href="/assets/favicon.ico"/><link rel="apple-touch-icon" sizes="180x180" href="/assets/apple-touch-icon.png"/><link rel="alternate" href="/rss.xml" title="此时相望不相闻,愿逐月华流照君" type="application/rss+xml"><link rel="alternate" href="/atom.xml" title="此时相望不相闻,愿逐月华流照君" type="application/atom+xml"><link rel="alternate" type="application/json" title="此时相望不相闻,愿逐月华流照君" href="https://vvwwvv.cn/feed.json"/><link rel="preconnect" href="https://lf9-cdn-tos.bytecdntp.com"/><link rel="dns-prefetch" href="https://cdn.jsdelivr.net"/><link rel="dns-prefetch" href="https://unpkg.com"/><link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Mulish:300,300italic,400,400italic,700,700italic%7CFredericka%20the%20Great:300,300italic,400,400italic,700,700italic%7CNoto%20Serif%20JP:300,300italic,400,400italic,700,700italic%7CNoto%20Serif%20SC:300,300italic,400,400italic,700,700italic%7CInconsolata:300,300italic,400,400italic,700,700italic&display=swap&subset=latin,latin-ext"><link rel="stylesheet" href="/css/app.css?v=0.3.5"><script src="https://cdn.staticfile.org/vue/3.2.45/vue.global.prod.js"></script><link rel="stylesheet" href="https://unpkg.com/@waline/client@v2/dist/waline.css"/><link rel="canonical" href="https://vvwwvv.cn/"><title>vvwwv'Blog = 此时相望不相闻,愿逐月华流照君</title><meta name="generator" content="Hexo 6.3.0"></head><body itemscope itemtype="http://schema.org/WebPage"><div id="loading"><div class="cat"><div class="body"></div><div class="head"><div class="face"></div></div><div class="foot"><div class="tummy-end"></div><div class="bottom"></div><div class="legs left"></div><div class="legs right"></div></div><div class="paw"><div class="hands left"></div><div class="hands right"></div></div></div></div><div id="container"><header id="header" itemscope itemtype="http://schema.org/WPHeader"><div class="inner"><div id="brand"><div class="pjax"><a class="logo" href="/" rel="start"><p class="artboard">vvwwv'Blog</p><h1 class="title" itemprop="name headline">此时相望不相闻,愿逐月华流照君</h1></a></div></div><nav id="nav"><div class="inner"><div class="toggle"><div class="lines" aria-label="切换导航栏"><span class="line"></span><span class="line"></span><span class="line"></span></div></div><ul class="menu"><li class="item title"><a href="/" rel="start">vvwwv'Blog</a></li></ul><ul class="right" id="rightNav"><li class="item theme" @click="changeThemeByBtn"><i class="ic" :class="{'i-sun': !themeStatus,'i-moon': themeStatus}"></i></li><li class="item search"><i class="ic i-search"></i></li></ul></div></nav></div><div class="pjax" id="imgs"><img src="https://ooo.0x0.ooo/2023/03/09/Y0xvg.jpg"></div></header><div id="waves"><svg class="waves" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 24 150 28" preserveAspectRatio="none" shape-rendering="auto"><defs><path id="gentle-wave" d="M-160 44c30 0 58-18 88-18s 58 18 88 18 58-18 88-18 58 18 88 18 v44h-352z"></path></defs><g class="parallax"><use xlink:href="#gentle-wave" x="48" y="0"></use><use xlink:href="#gentle-wave" x="48" y="3"></use><use xlink:href="#gentle-wave" x="48" y="5"></use><use xlink:href="#gentle-wave" x="48" y="7"></use></g></svg></div><main><div class="inner"><div class="pjax" id="main"><div class="index wrap"><h2 class="divider">置顶文章</h2><div class="segments sticky"><article class="item"><div class="cover"><a href="/2023/10/19/pwn/%E4%B8%93%E6%A0%8F/how2heap%202.23(2)/" itemprop="url" title="how2heap(glibc2.23(2))"><img data-src="https://ooo.0x0.ooo/2023/09/09/OnrB9F.jpg" alt="article cover"></a></div><div class="info"><div class="meta"><span class="item" title="创建时间:2023-10-19 19:23:15"><span class="icon"><i class="ic i-calendar"></i></span><time itemprop="dateCreated datePublished" datetime="2023-10-19T19:23:15+08:00">2023-10-19</time></span><span class="item" title="本文字数"><span class="icon"><i class="ic i-pen"></i></span><span>14k</span><span class="text">字</span></span><span class="item" title="阅读时长"><span class="icon"><i class="ic i-clock"></i></span><span>13 分钟</span></span></div><h3><a href="/2023/10/19/pwn/%E4%B8%93%E6%A0%8F/how2heap%202.23(2)/" itemprop="url" title="how2heap(glibc2.23(2))">how2heap(glibc2.23(2))</a></h3><div class="excerpt">本来想着一篇文章写完 glibc2.23how2heap 系列,但是太长了,还是分开写吧
# 6. house_of_gods 【还没搞明白,先挖个坑】
# 7. house_of_lore
这个漏洞就是利用了申请 samll bin 后会将 bk 指到下个 chunk 上,如果这个 chunk 是我们想要控制的那么我们就可以申请回来然后利用,在要控制处伪造 chunk,使他的 fd 指向 small bin 的 chunk 即可绕过检测(一开始在想既然能直接该想要修改处的值,还伪造干嘛;后面发现这里能改写但是无法 getshell,伪造后能利用其返回的 ret 来 getshell)
# 1</div><div class="meta footer"><span><a href="/categories/how2heap2-23/PWN%E4%B8%93%E6%A0%8F/" itemprop="url" title="PWN专栏"><i class="ic i-flag"></i>PWN专栏</a></span></div><a href="/2023/10/19/pwn/%E4%B8%93%E6%A0%8F/how2heap%202.23(2)/" class="btn" itemprop="url" title="how2heap(glibc2.23(2))">more...</a></div></article><article class="item"><div class="cover"><a href="/2023/10/19/pwn/%E4%B8%93%E6%A0%8F/how2heap%202.23/" itemprop="url" title="how2heap(glibc2.23(1))"><img data-src="https://ooo.0x0.ooo/2023/03/09/Y0iNK.jpg" alt="article cover"></a></div><div class="info"><div class="meta"><span class="item" title="创建时间:2023-10-19 19:23:15"><span class="icon"><i class="ic i-calendar"></i></span><time itemprop="dateCreated datePublished" datetime="2023-10-19T19:23:15+08:00">2023-10-19</time></span><span class="item" title="本文字数"><span class="icon"><i class="ic i-pen"></i></span><span>44k</span><span class="text">字</span></span><span class="item" title="阅读时长"><span class="icon"><i class="ic i-clock"></i></span><span>40 分钟</span></span></div><h3><a href="/2023/10/19/pwn/%E4%B8%93%E6%A0%8F/how2heap%202.23/" itemprop="url" title="how2heap(glibc2.23(1))">how2heap(glibc2.23(1))</a></h3><div class="excerpt"># 编译及链接
# 首先安装对应 glibc 版本
./download 2.23-0ubuntu3_amd64
# 编译程序
gcc -g -no-pie fastbin_dup.c -o fastbin_dup
【这里 - g 是可以根据代码对应的行数来下断点】
# 链接对应版本的 glibc 库
22.04
lsudo patchelf --set-rpath /home/pwn/pwn/glibc-all-in-one/libs/2.23-0ubuntu3_amd64/ fastbin_dup sudo </div><div class="meta footer"><span><a href="/categories/how2heap2-23/PWN%E4%B8%93%E6%A0%8F/" itemprop="url" title="PWN专栏"><i class="ic i-flag"></i>PWN专栏</a></span></div><a href="/2023/10/19/pwn/%E4%B8%93%E6%A0%8F/how2heap%202.23/" class="btn" itemprop="url" title="how2heap(glibc2.23(1))">more...</a></div></article></div><h2 class="divider">文章列表</h2><div class="segments posts"><article class="item"><div class="cover"><a href="/2025/01/11/web/ctfshow_web(SQL%E6%B3%A8%E5%85%A5)/" itemprop="url" title="ctfshow_web_()"><img data-src="https://ooo.0x0.ooo/2023/09/10/OnAzVv.jpg" alt="article cover"></a></div><div class="info"><div class="meta"><span class="item" title="创建时间:2025-01-11 17:08:15"><span class="icon"><i class="ic i-calendar"></i></span><time itemprop="dateCreated datePublished" datetime="2025-01-11T17:08:15+08:00">2025-01-11</time></span><span class="item" title="本文字数"><span class="icon"><i class="ic i-pen"></i></span><span>25k</span><span class="text">字</span></span><span class="item" title="阅读时长"><span class="icon"><i class="ic i-clock"></i></span><span>22 分钟</span></span></div><h3><a href="/2025/01/11/web/ctfshow_web(SQL%E6%B3%A8%E5%85%A5)/" itemprop="url" title="ctfshow_web_()">ctfshow_web_()</a></h3><div class="excerpt"># SQL 注入
# web171
<img src="https://vvwwv.oss-cn-nanjing.aliyuncs.com/img/image-20250111193218826.png" alt="image-20250111193218826" style="zoom:67%;" />
这里有引号判断是 字符型注入 ,and 优先级高于 or,所以先 username !='flag' and id</div><div class="meta footer"><span><a href="/categories/ctfshow/CTF/SQL%E6%B3%A8%E5%85%A5/" itemprop="url" title="SQL注入"><i class="ic i-flag"></i>SQL注入</a></span></div><a href="/2025/01/11/web/ctfshow_web(SQL%E6%B3%A8%E5%85%A5)/" class="btn" itemprop="url" title="ctfshow_web_()">more...</a></div></article><article class="item"><div class="cover"><a href="/2025/01/06/pwn/pwn%E6%A8%A1%E6%9D%BF/" itemprop="url" title="未命名"><img data-src="https://s1.ax1x.com/2023/09/08/pP6k0KJ.md.jpg" alt="article cover"></a></div><div class="info"><div class="meta"><span class="item" title="创建时间:2025-01-06 20:03:10"><span class="icon"><i class="ic i-calendar"></i></span><time itemprop="dateCreated datePublished" datetime="2025-01-06T20:03:10+08:00">2025-01-06</time></span><span class="item" title="本文字数"><span class="icon"><i class="ic i-pen"></i></span><span>15k</span><span class="text">字</span></span><span class="item" title="阅读时长"><span class="icon"><i class="ic i-clock"></i></span><span>13 分钟</span></span></div><h3><a href="/2025/01/06/pwn/pwn%E6%A8%A1%E6%9D%BF/" itemprop="url" title="未命名">未命名</a></h3><div class="excerpt">title: PWN 模板
date: 2025-01-06 19:23:15
categories:
- CTF
- PWN专栏
tags:
- pwn
# 1. 有后门函数
# 32 位
from pwn import *from LibcSearcher import *context(os='linux', arch='i386', log_level='debug')#p=remote('node4.buuoj.cn',28249)p=remot</div><a href="/2025/01/06/pwn/pwn%E6%A8%A1%E6%9D%BF/" class="btn" itemprop="url" title="未命名">more...</a></div></article><article class="item"><div class="cover"><a href="/2025/01/02/web/PHP%E7%9B%B8%E5%85%B3%E5%86%85%E5%AE%B9/" itemprop="url" title="未命名"><img data-src="https://ooo.0x0.ooo/2023/09/09/OnrnFK.md.jpg" alt="article cover"></a></div><div class="info"><div class="meta"><span class="item" title="创建时间:2025-01-02 17:52:22"><span class="icon"><i class="ic i-calendar"></i></span><time itemprop="dateCreated datePublished" datetime="2025-01-02T17:52:22+08:00">2025-01-02</time></span><span class="item" title="本文字数"><span class="icon"><i class="ic i-pen"></i></span><span>47k</span><span class="text">字</span></span><span class="item" title="阅读时长"><span class="icon"><i class="ic i-clock"></i></span><span>42 分钟</span></span></div><h3><a href="/2025/01/02/web/PHP%E7%9B%B8%E5%85%B3%E5%86%85%E5%AE%B9/" itemprop="url" title="未命名">未命名</a></h3><div class="excerpt">---
title: PHP
date: 2023-09-24 17:08:15
categories:
- CTF
- ctfshow
tags:
- web
---
# 1. 函数:
# 1.isset () 函数
isset() 函数用于检测变量是否已设置并且非 NULL。
如果已经使用 unset () 释放了一个变量之后,再通过 isset () 判断将返回 FALSE。
若使用 isset () 测试一个被设置成 NULL 的变量,将返回 FALSE。
同时要注意的是 null 字符("\0")并不等同于 PHP 的 NULL 常量。
# 2.substr ()</div><a href="/2025/01/02/web/PHP%E7%9B%B8%E5%85%B3%E5%86%85%E5%AE%B9/" class="btn" itemprop="url" title="未命名">more...</a></div></article><article class="item"><div class="cover"><a href="/2024/12/30/web/web%E7%9F%A5%E8%AF%86/" itemprop="url" title="未命名"><img data-src="https://s1.ax1x.com/2023/09/08/pP6k0KJ.md.jpg" alt="article cover"></a></div><div class="info"><div class="meta"><span class="item" title="创建时间:2024-12-30 23:35:01"><span class="icon"><i class="ic i-calendar"></i></span><time itemprop="dateCreated datePublished" datetime="2024-12-30T23:35:01+08:00">2024-12-30</time></span><span class="item" title="本文字数"><span class="icon"><i class="ic i-pen"></i></span><span>65k</span><span class="text">字</span></span><span class="item" title="阅读时长"><span class="icon"><i class="ic i-clock"></i></span><span>1:01</span></span></div><h3><a href="/2024/12/30/web/web%E7%9F%A5%E8%AF%86/" itemprop="url" title="未命名">未命名</a></h3><div class="excerpt">---
title: ctfshow_web 常用方法
date: 2023-09-24 17:08:15
categories:
- CTF
- ctfshow
tags:
- web
---
# 1. 抓包
web 抓包:火狐浏览器 <img src="https://vvwwv.oss-cn-nanjing.aliyuncs.com/img/image-20241230215103736.png" alt="image-20241230215103736" style=&</div><a href="/2024/12/30/web/web%E7%9F%A5%E8%AF%86/" class="btn" itemprop="url" title="未命名">more...</a></div></article><article class="item"><div class="cover"><a href="/2024/12/27/web/ctfshow_web(1~77%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C)/" itemprop="url" title="ctfshow_web_(1~77)"><img data-src="https://s1.ax1x.com/2023/09/08/pP6k0KJ.md.jpg" alt="article cover"></a></div><div class="info"><div class="meta"><span class="item" title="创建时间:2024-12-27 17:08:15"><span class="icon"><i class="ic i-calendar"></i></span><time itemprop="dateCreated datePublished" datetime="2024-12-27T17:08:15+08:00">2024-12-27</time></span><span class="item" title="本文字数"><span class="icon"><i class="ic i-pen"></i></span><span>58k</span><span class="text">字</span></span><span class="item" title="阅读时长"><span class="icon"><i class="ic i-clock"></i></span><span>53 分钟</span></span></div><h3><a href="/2024/12/27/web/ctfshow_web(1~77%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C)/" itemprop="url" title="ctfshow_web_(1~77)">ctfshow_web_(1~77)</a></h3><div class="excerpt"># 1. 信息搜集
# web1、2
查看网页源代码:ctrl+u
# web3
bp 抓包后,Action 中发送到 Repeater,看见 response 中有 flag
<img src="C:\Users\vvww\AppData\Roaming\Typora\typora-user-images\image-20241230214008662.png" alt="image-20241230214008662" style="zoom:80%;" />
# web4
ro</div><div class="meta footer"><span><a href="/categories/ctfshow/CTF/%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C/" itemprop="url" title="命令执行"><i class="ic i-flag"></i>命令执行</a></span></div><a href="/2024/12/27/web/ctfshow_web(1~77%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C)/" class="btn" itemprop="url" title="ctfshow_web_(1~77)">more...</a></div></article><article class="item"><div class="cover"><a href="/2024/01/13/pwn/test/" itemprop="url" title="未命名"><img data-src="https://s1.ax1x.com/2023/09/08/pP6k0KJ.md.jpg" alt="article cover"></a></div><div class="info"><div class="meta"><span class="item" title="创建时间:2024-01-13 10:49:54"><span class="icon"><i class="ic i-calendar"></i></span><time itemprop="dateCreated datePublished" datetime="2024-01-13T10:49:54+08:00">2024-01-13</time></span><span class="item" title="本文字数"><span class="icon"><i class="ic i-pen"></i></span><span>1.1k</span><span class="text">字</span></span><span class="item" title="阅读时长"><span class="icon"><i class="ic i-clock"></i></span><span>1 分钟</span></span></div><h3><a href="/2024/01/13/pwn/test/" itemprop="url" title="未命名">未命名</a></h3><div class="excerpt">###<center>jarvisOJ_level3(ret2libc)</center>
1. 下载源文后查看文件保护和位数
发现是 32 位程序,开启了 NX (栈不可执行)
利用 ida 反编译查看程序 C 语言代码
发现有 vul 函数进入查看
发现有 write 和 read 函数,其中 read 函数可以进行栈溢出,可以对此利用
因为没有发现后门函数,所以利用 write 泄露 libc 的地址来执行 system (/bin/sh)
exp:
from pwn import * from LibcSearcher3</div><a href="/2024/01/13/pwn/test/" class="btn" itemprop="url" title="未命名">more...</a></div></article><article class="item"><div class="cover"><a href="/2023/12/12/pwn/%E5%88%B7%E9%A2%98/%E5%8F%A4%E5%89%91%E5%B1%B1%E3%80%81%E4%BF%A1%E6%81%AF%E5%AE%89%E5%85%A8%E6%B5%8B%E8%AF%95%E5%91%98/choice%E3%80%81liftoff/" itemprop="url" title="未命名"><img data-src="https://ooo.0x0.ooo/2023/03/09/Y0hOs.jpg" alt="article cover"></a></div><div class="info"><div class="meta"><span class="item" title="创建时间:2023-12-12 15:03:10"><span class="icon"><i class="ic i-calendar"></i></span><time itemprop="dateCreated datePublished" datetime="2023-12-12T15:03:10+08:00">2023-12-12</time></span><span class="item" title="本文字数"><span class="icon"><i class="ic i-pen"></i></span><span>264</span><span class="text">字</span></span><span class="item" title="阅读时长"><span class="icon"><i class="ic i-clock"></i></span><span>1 分钟</span></span></div><h3><a href="/2023/12/12/pwn/%E5%88%B7%E9%A2%98/%E5%8F%A4%E5%89%91%E5%B1%B1%E3%80%81%E4%BF%A1%E6%81%AF%E5%AE%89%E5%85%A8%E6%B5%8B%E8%AF%95%E5%91%98/choice%E3%80%81liftoff/" itemprop="url" title="未命名">未命名</a></h3><div class="excerpt"># 古剑山
#choice
泄露地址
得到 flag
# 江苏省信息安全测试员
</div><a href="/2023/12/12/pwn/%E5%88%B7%E9%A2%98/%E5%8F%A4%E5%89%91%E5%B1%B1%E3%80%81%E4%BF%A1%E6%81%AF%E5%AE%89%E5%85%A8%E6%B5%8B%E8%AF%95%E5%91%98/choice%E3%80%81liftoff/" class="btn" itemprop="url" title="未命名">more...</a></div></article><article class="item"><div class="cover"><a href="/2023/11/22/pwn/%E6%94%BB%E9%98%B2%E4%BD%9C%E4%B8%9A/" itemprop="url" title="攻防作业4(缓冲区溢出)"><img data-src="https://ooo.0x0.ooo/2023/09/09/OnrnFK.md.jpg" alt="article cover"></a></div><div class="info"><div class="meta"><span class="item" title="创建时间:2023-11-22 11:01:15"><span class="icon"><i class="ic i-calendar"></i></span><time itemprop="dateCreated datePublished" datetime="2023-11-22T11:01:15+08:00">2023-11-22</time></span><span class="item" title="本文字数"><span class="icon"><i class="ic i-pen"></i></span><span>9.4k</span><span class="text">字</span></span><span class="item" title="阅读时长"><span class="icon"><i class="ic i-clock"></i></span><span>9 分钟</span></span></div><h3><a href="/2023/11/22/pwn/%E6%94%BB%E9%98%B2%E4%BD%9C%E4%B8%9A/" itemprop="url" title="攻防作业4(缓冲区溢出)">攻防作业4(缓冲区溢出)</a></h3><div class="excerpt"># 1.crackme
源码:
c#include <stdio.h>#define PASSWORD "1234567"int verify_password(char *password)&#123; int authenticated; authenticated=strcmp(password,PASSWORD); strcpy(password,PASSWORD); return authenticated;&#125;#include <stdio.h>#d</div><div class="meta footer"><span><a href="/categories/CTF/" itemprop="url" title="CTF"><i class="ic i-flag"></i>CTF</a></span></div><a href="/2023/11/22/pwn/%E6%94%BB%E9%98%B2%E4%BD%9C%E4%B8%9A/" class="btn" itemprop="url" title="攻防作业4(缓冲区溢出)">more...</a></div></article><article class="item"><div class="cover"><a href="/2023/11/14/web/DVWA/" itemprop="url" title="web安全初探()"><img data-src="https://s1.ax1x.com/2023/09/08/pP6k0KJ.md.jpg" alt="article cover"></a></div><div class="info"><div class="meta"><span class="item" title="创建时间:2023-11-14 19:23:15"><span class="icon"><i class="ic i-calendar"></i></span><time itemprop="dateCreated datePublished" datetime="2023-11-14T19:23:15+08:00">2023-11-14</time></span><span class="item" title="本文字数"><span class="icon"><i class="ic i-pen"></i></span><span>30k</span><span class="text">字</span></span><span class="item" title="阅读时长"><span class="icon"><i class="ic i-clock"></i></span><span>27 分钟</span></span></div><h3><a href="/2023/11/14/web/DVWA/" itemprop="url" title="web安全初探()">web安全初探()</a></h3><div class="excerpt"># 环境搭建:
# 1.DVWA 漏洞系统搭建
DVWA(Damn Vulnerable Web Application) 是一个用来进行安全脆弱性鉴定的 PHP/MySQL Web 应用,旨在为安全专业人员测试自己的专业技能和工具提供合法的环境,帮助 web 开发者更好的理解 web 应用安全防范的过程
DVWA 共有十个模块,分别是:
Brute Force(暴力(破解)
Command Injection(命令行注入)
CSRF(跨站请求伪造)
File Inclusion(文件包含)
File Upload(文件上传)
Insecure CAPTCHA (不安全的验</div><div class="meta footer"><span><a href="/categories/web/" itemprop="url" title="web"><i class="ic i-flag"></i>web</a></span></div><a href="/2023/11/14/web/DVWA/" class="btn" itemprop="url" title="web安全初探()">more...</a></div></article><article class="item"><div class="cover"><a href="/2023/11/06/pwn/%E8%B7%AF%E7%94%B1%E5%99%A8%E6%BC%8F%E6%B4%9E/%E7%8E%AF%E5%A2%83%E6%90%AD%E5%BB%BA/" itemprop="url" title="IOT漏洞环境搭建"><img data-src="https://s1.ax1x.com/2023/09/08/pP6kGEq.md.jpg" alt="article cover"></a></div><div class="info"><div class="meta"><span class="item" title="创建时间:2023-11-06 19:23:15"><span class="icon"><i class="ic i-calendar"></i></span><time itemprop="dateCreated datePublished" datetime="2023-11-06T19:23:15+08:00">2023-11-06</time></span><span class="item" title="本文字数"><span class="icon"><i class="ic i-pen"></i></span><span>1.4k</span><span class="text">字</span></span><span class="item" title="阅读时长"><span class="icon"><i class="ic i-clock"></i></span><span>1 分钟</span></span></div><h3><a href="/2023/11/06/pwn/%E8%B7%AF%E7%94%B1%E5%99%A8%E6%BC%8F%E6%B4%9E/%E7%8E%AF%E5%A2%83%E6%90%AD%E5%BB%BA/" itemprop="url" title="IOT漏洞环境搭建">IOT漏洞环境搭建</a></h3><div class="excerpt"># 前言
最近想开始尝试物联网设备的漏洞,所以就先搭建一个环境,在自己 pwn (ubuntu22.04) 的环境下搭建的
# 1.binwalk (固件解包工具)
binwalk 是一个固件解包的工具,当我们用编程器 dump 出一个固件用,需要用 binwalk 来解压
这工具一般 kali 上会自带,可以自行编译:https://github.com/ReFirmLabs/binwalk
用下面的这个把我 pwndbg 给干没了。。。
hsudo apt install binwalk改换这样安装:
hsudo apt-get update$ su</div><div class="meta footer"><span><a href="/categories/iot%E6%BC%8F%E6%B4%9E/" itemprop="url" title="iot漏洞"><i class="ic i-flag"></i>iot漏洞</a></span></div><a href="/2023/11/06/pwn/%E8%B7%AF%E7%94%B1%E5%99%A8%E6%BC%8F%E6%B4%9E/%E7%8E%AF%E5%A2%83%E6%90%AD%E5%BB%BA/" class="btn" itemprop="url" title="IOT漏洞环境搭建">more...</a></div></article></div></div><nav class="pagination"><div class="inner"><span class="page-number current">1</span><a class="page-number" href="/page/2/">2</a><span class="space">…</span><a class="page-number" href="/page/9/">9</a><a class="extend next" rel="next" href="/page/2/"><i class="ic i-angle-right" aria-label="下一页"></i></a></div></nav></div><div id="sidebar"><div class="inner"><div class="panels"><div class="inner"><div class="contents panel pjax" data-title="文章目录"></div><div class="related panel pjax" data-title="系列文章"></div><div class="overview panel" data-title="站点概览"><div class="author" itemprop="author" itemscope="itemscope" itemtype="http://schema.org/Person"><img class="image" itemprop="image" alt="vvwwv" data-src="/assets/avatar.jpg"/><p class="name" itemprop="name">vvwwv</p><div class="description" itemprop="description"></div></div><nav class="state"><div class="item posts"><a href="/archives/"><span class="count">86</span><span class="name">文章</span></a></div><div class="item categories"><a href="/categories/"><span class="count">61</span><span class="name">分类</span></a></div><div class="item tags"><a href="/tags/"><span class="count">22</span><span class="name">标签</span></a></div></nav><div class="social"><a href="https://github.com/cyb141520" class="item github" rel="noopener" title="https://github.com/cyb141520" target="_blank"><i class="ic i-github"></i></a><a href="/[email protected]" class="item email" title="[email protected]"><i class="ic i-envelope"></i></a></div><div class="menu"><li class="item"><a href="/" rel="section"><i class="ic i-home"></i>首页</a></li><li class="item dropdown"><a href="javascript:void(0);"><i class="ic i-user"></i>关于</a><ul class="submenu"><li class="item"><a href="/about/" rel="section"><i class="ic i-user"></i>关于本站</a></li><li class="item"><a href="/admiration/" rel="section"><i class="ic i-coffee"></i>赞赏博主</a></li></ul></li><li class="item dropdown"><a href="javascript:void(0);"><i class="ic i-feather"></i>文章</a><ul class="submenu"><li class="item"><a href="/archives/" rel="section"><i class="ic i-list-alt"></i>归档</a></li><li class="item"><a href="/categories/" rel="section"><i class="ic i-th"></i>分类</a></li><li class="item"><a href="/tags/" rel="section"><i class="ic i-tags"></i>标签</a></li></ul></li><li class="item"><a href="/friends/" rel="section"><i class="ic i-heart"></i>友链</a></li></div></div></div></div><ul id="quick"><li class="prev pjax"></li><li class="up"><i class="ic i-arrow-up"></i></li><li class="down"><i class="ic i-arrow-down"></i></li><li class="next pjax"><a href="/page/2/" rel="next" title="下一篇"><i class="ic i-chevron-right"></i></a></li><li class="percent"></li></ul></div></div><div class="dimmer"></div></div></main><footer id="footer"><div class="inner"><div class="widgets"><div class="rpost pjax"><h2>随机文章</h2><ul><li class="item"><div class="breadcrumb"><a href="/categories/CTF/" title="分类于CTF">CTF</a><i class="ic i-angle-right"></i><a href="/categories/CTF/BUUCTF/" title="分类于BUUCTF">BUUCTF</a></div><span><a href="/2023/10/27/pwn/%E5%88%B7%E9%A2%98/BUUCTF/wustctf2020_getshell_2/">wustctf2020_getshell_2(栈溢出)</a></span></li><li class="item"><div class="breadcrumb"><a href="/categories/CTF/" title="分类于CTF">CTF</a><i class="ic i-angle-right"></i><a href="/categories/CTF/BUUCTF/" title="分类于BUUCTF">BUUCTF</a></div><span><a href="/2023/09/17/pwn/%E5%88%B7%E9%A2%98/BUUCTF/ez_pz_hackover_2016/">ez_pz_hackover_2016(shellcode)</a></span></li><li class="item"><div class="breadcrumb"></div><span><a href="/2025/01/06/pwn/pwn%E6%A8%A1%E6%9D%BF/">未命名</a></span></li><li class="item"><div class="breadcrumb"><a href="/categories/CTF/" title="分类于CTF">CTF</a></div><span><a href="/2023/10/21/pwn/%E7%BB%86%E8%8A%82/">pwn忽略的细节</a></span></li><li class="item"><div class="breadcrumb"><a href="/categories/CTF/" title="分类于CTF">CTF</a><i class="ic i-angle-right"></i><a href="/categories/CTF/CTFshow/" title="分类于CTFshow">CTFshow</a><i class="ic i-angle-right"></i><a href="/categories/CTF/CTFshow/%E6%A0%88%E6%BA%A2%E5%87%BA/" title="分类于栈溢出">栈溢出</a></div><span><a href="/2023/10/21/pwn/%E5%88%B7%E9%A2%98/ctfshow/58-68/">CTFshow(栈溢出部分,58~68)</a></span></li><li class="item"><div class="breadcrumb"></div><span><a href="/2023/12/12/pwn/%E5%88%B7%E9%A2%98/%E5%8F%A4%E5%89%91%E5%B1%B1%E3%80%81%E4%BF%A1%E6%81%AF%E5%AE%89%E5%85%A8%E6%B5%8B%E8%AF%95%E5%91%98/choice%E3%80%81liftoff/">未命名</a></span></li><li class="item"><div class="breadcrumb"><a href="/categories/Linux/" title="分类于Linux">Linux</a></div><span><a href="/2023/10/16/Linux/Linux%E8%80%83%E6%A0%B8%E5%91%BD%E4%BB%A4%E4%B8%8Eshell/">Linux命令与shell脚本(Linux课程考核)</a></span></li><li class="item"><div class="breadcrumb"><a href="/categories/CTF/" title="分类于CTF">CTF</a><i class="ic i-angle-right"></i><a href="/categories/CTF/BUUCTF/" title="分类于BUUCTF">BUUCTF</a></div><span><a href="/2023/10/27/pwn/%E5%88%B7%E9%A2%98/BUUCTF/bbys_tu_2016/">bbys_tu_2016(栈溢出)</a></span></li><li class="item"><div class="breadcrumb"><a href="/categories/CTF/" title="分类于CTF">CTF</a><i class="ic i-angle-right"></i><a href="/categories/CTF/BUUCTF/" title="分类于BUUCTF">BUUCTF</a></div><span><a href="/2023/10/27/pwn/%E5%88%B7%E9%A2%98/BUUCTF/ciscn_2019_s_4/">ciscn_2019_s_4(栈溢出)</a></span></li><li class="item"><div class="breadcrumb"><a href="/categories/CTF/" title="分类于CTF">CTF</a><i class="ic i-angle-right"></i><a href="/categories/CTF/BUUCTF/" title="分类于BUUCTF">BUUCTF</a></div><span><a href="/2023/09/10/pwn/%E5%88%B7%E9%A2%98/BUUCTF/PicoCTF_2018_rop_chain1/">PicoCTF_2018_rop_chain</a></span></li></ul></div><div class="rpost pjax"><h2>最新评论</h2><ul class="leancloud-recent-comment" id="new-comment"><li class="item" v-for="com in coms"><a v-bind:href="root + com.href" data-pjax-state="data-pjax-state"><span class="breadcrumb">{{com.nick}} @ {{com.time}}</span><span>{{com.text}}<br/></span></a></li></ul></div></div><div class="status"><div class="copyright">© 2022 -<span itemprop="copyrightYear">2025</span><span class="with-love"><i class="ic i-sakura rotate"></i></span><span class="author" itemprop="copyrightHolder">vvwwv @ vvwwv'Blog</span></div><div class="count"><span class="post-meta-item-icon"><i class="ic i-chart-area"></i></span><span title="站点总字数">669k 字</span><span class="post-meta-divider">|</span><span class="post-meta-item-icon"><i class="ic i-coffee"></i></span><span title="站点阅读时长">10:08</span></div><div class="powered-by">基于 <a href="https://hexo.io/" rel="noopener" target="_blank">Hexo</a> & Theme.<a href="https://github.com/theme-shoka-x/hexo-theme-shokaX/" rel="noopener" target="_blank">ShokaX</a></div></div></div></footer></div><script data-config type="text/javascript">var LOCAL = {
path: ``,
favicon: {
show: `不负韶华`,
hide: `以梦为马!`
},
search: {
placeholder: "文章搜索",
empty: "关于 「 ${query} 」,什么也没搜到",
stats: "${time} ms 内找到 ${hits} 条结果"
},
valine: true,
chart: false,
copy_tex: false,
katex: false,
mermaid: false,
audio: undefined,
fancybox: true,
nocopy: false,
outime: true,
template: `<div class="note warning"><p><span class="label warning">文章时效性提示</span><br>这是一篇发布于 {{publish}} 天前,最后一次更新在 {{updated}} 天前的文章,部分信息可能已经发生改变,请注意甄别。</p></div>`,
quiz: {
choice: `单选题`,
multiple: `多选题`,
true_false: `判断题`,
essay: `问答题`,
gap_fill: `填空题`,
mistake: `错题备注`
},
ignores: [
(uri) => uri.includes('#'),
(uri) => new RegExp(LOCAL.path + '$').test(uri),
[]
]
};
</script><script src="https://polyfill.io/v3/polyfill.min.js?features=default,fetch"></script><script src="https://lf9-cdn-tos.bytecdntp.com/cdn/expire-6-M/pace/1.0.2/pace.min.js"></script><script src="https://lf9-cdn-tos.bytecdntp.com/cdn/expire-6-M/algoliasearch/4.12.1/algoliasearch-lite.umd.min.js"></script><script src="https://lf9-cdn-tos.bytecdntp.com/cdn/expire-6-M/instantsearch.js/4.39.0/instantsearch.production.min.js"></script><script src="https://lf9-cdn-tos.bytecdntp.com/cdn/expire-6-M/quicklink/2.2.0/quicklink.umd.min.js"></script><script src="https://lf9-cdn-tos.bytecdntp.com/cdn/expire-6-M/??jquery/3.5.1/jquery.min.js,fancybox/3.5.7/jquery.fancybox.min.js,justifiedGallery/3.8.1/js/jquery.justifiedGallery.min.js" async></script><script src="https://lf9-cdn-tos.bytecdntp.com/cdn/expire-6-M/KaTeX/0.15.2/contrib/copy-tex.min.js" async></script><script src="/js/app.js?v=0.3.5"></script>
<script type="module" data-pjax>
let items = []
import { RecentComments } from 'https://unpkg.com/@waline/client@v2/dist/waline.mjs'
RecentComments({
serverURL: 'https://vvwwvv.zeabur.app',
count: 10,
}).then(({ comments }) => {
comments.forEach(function (item) {
let cText = (item.orig.length > 50) ? item.orig.substring(0,50)+'...' : item.orig
item.url = item.url !== '/' ? '/' + item.url : item.url;
const siteLink = item.url + "#" + item.objectId
items.push({
href: siteLink,
nick: item.nick,
time: item.insertedAt.split('T').shift(),
text: cText
})
})
Vue.createApp({
data() {
return {
coms: items,
root: ''
}
}
}).mount('#new-comment')
}).catch(function (err) {
console.error(err)
})
</script>
</body></html>