Skip to content

ZiYinHong/2023-Advanced-UNIX-Programming-NCTU

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits
hw1
hw1
 
 
hw2
hw2
 
 
lab1
lab1
 
 
lab2
lab2
 
 
lab3
lab3
 
 
lab4
lab4
 
 
lab5
lab5
 
 
lab6
lab6
 
 
lab7
lab7
 
 
lab8
lab8
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
docker-compose.yml
docker-compose.yml
 
 

Repository files navigation

2023-Advanced-UNIX-Programming-NCTU

Environment

docker container environment (use docker-compose.yml and Dockerfile provided by lab course)

實驗 the skills practiced/involved
lab1 Docker, use pwntools upload code to server and solve POW challenge.
lab2 directory traversal, stdio, symbolic link.
lab3 share libraries, functions hijacking, mprotect.
lab4 leak stack frame info(return address, rbp, canary).
stack overflow.
lab5 kernel module.
lab6 simple assembly practice, implement a sort algorithm in assembly language.
lab7 return-oriented programming (ROP), fill the stack with wanted assembly instructions.
lab8 use ptrace to control program executing flow.
hw1 整合 lab1~4
share libraries, library injection, GOT rewriting,and API hijacking
(hijack __libc_start_main, open, read, write, connect, getaddrinfo, system)
hw2 implement a simple instruction-level debugger.

========================================================================

How to run

first setup the environmrnt

  • lab1
    python3 ./solver.py
  • lab2
    upload to lab server: 
    python3 ./submit.py
    run in local: [執行檔] [directory_name] [magic-number] 
    ./lab2 . 455
或
./lab2_cplusplus . 455
  • lab3
    gcc -o ./libsolver.so -shared -fPIC ./solver.c -ldl
    upload to lab server: 
    ./submit.py ./libsolver.so
    run in local: 
    LD_LIBRARY_PATH=. LD_PRELOAD=./libsolver.so ./chals 
或
LD_LIBRARY_PATH=`pwd` LD_PRELOAD=./libsolver.so ./chals
  • lab4
    gcc -o solver_sample solver_sample.c -g
    upload to lab server: 
    ./submit.py
  • lab5
    upload to lab server: 
    python3 submit.py ./kshram/kshram.ko
  • lab6
    編譯: gcc -o ./lab6 ./lab6.c -fno-stack-protector -g
組譯: gcc -S -masm=intel ./lab6.s ./lab6.c -fno-stack-protector
    upload to lab server: 
    ./submit.py lab6.s [scoreboard-token]
  • lab7
    upload to lab server: 
    ./submit_lab7_shellcraftConnect.py  

./submit_lab7_asmConnect.py 
在第四題的部分有差而已
  • lab8
    編譯
gcc -o ./lab8_solver ./lab8_solver.c -static-pie -g
gcc -o ./test ./test.c   這個檔是為了要測試如何生成 0~511 共 512種不同的 magic值
    upload to lab server: 
    ./submit.py ./lab8_solver
遠端magic每次執行不同, oracle_* function 跟本地端實作不同
    run in local: 
    ./lab8_solver ./sample1
./lab8_solver ./sample2
./lab8_solver ./sample3
  • hw1
    gcc -o ./sandbox.so -shared -fPIC ./sandbox.c -ldl
    run in local: 
    # usage: ./launcher sandbox.so config.txt command arg1 arg2 ...
ex: ./launcher ./sandbox.so config.txt cat /etc/passwd
  • hw2
    (in ./hw2/sdb)
make sdb
    run in local: 
    # usage: ./sdb [program]
./sdb ../hello
./sdb ../hello64
./sdb ../guess

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages