文章目录
- 安装pip2
- 安装pwntools
- 安装pwndbg
- 安装checksec
- 安装ROPGadget
- one_gadget
安装pip2
sudo wget https://bootstrap.pypa.io/pip/2.7/get-pip.py
sudo python2 get-pip.py
pip install --upgrade setuptools安装pwntools
pip2/pip3 install pwntools安装pwndbg
git clone https://github.com/pwndbg/pwndbg
cd pwndbg
sudo ./setup.sh
cd ..
sudo echo "source ~/pwndbg/gdbinit.py" > ~/.gdbinit安装checksec
sudo apt install checksec安装ROPGadget
sudo pip install capstone
git clone https://github.com/JonathanSalwan/ROPgadget.git
cd ROPgadget
sudo python3 setup.py install
sudo cp -r scripts (+爆错路径)gdb常用命令
打断点 b main
运行 r
跳到下一条语句 n
进入本条语句 s
查看栈中24个字节的值 stack 24
b *base(0x11)偏移pwntools生成shellcode
默认生成32位shellcode
获取shellcode:shellcraft.sh()
生成机器码:asm(shellcraft.sh())
生成64位shellcode
context.arch="amd64"(加到第一行)
asm(shellcraft.amd64.sh())one_gadget
sudo gem install one_gadget
