command line

https://github.com/jlevy/the-art-of-command-line/blob/master/README-zh-Hant.md

Ctrl-R 找尋歷史命令
Ctrl-U 刪除一行
Ctrl-a 到命令的最前端
Ctrl-e 到命令的最後端

List loaded shared library

$ ldd /bin/ls
   linux-vdso.so.1 =>  (0x00007ffff7ffb000)
   libselinux.so.1 => /lib/x86_64-linux-gnu/libselinux.so.1 (0x00007ffff7dcb000)
   libacl.so.1 => /lib/x86_64-linux-gnu/libacl.so.1 (0x00007ffff7bc3000)
   libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007ffff77fd000)
   libpcre.so.3 => /lib/x86_64-linux-gnu/libpcre.so.3 (0x00007ffff75bf000)
   libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007ffff73bb000)
   /lib64/ld-linux-x86-64.so.2 (0x0000555555554000)
   libattr.so.1 => /lib/x86_64-linux-gnu/libattr.so.1 (0x00007ffff71b5000)

handle stdio with cat

cat payload - | ./bin
(echo xxxxxx; cat) | ./bin

objdump

觀察plt表
ida 顯示.plt段

objdump -d -M intel ./cfy |grep "printf" -A2

觀察got表
ida 顯示.got.plt段
```
objdump -R ./bf
```
顯示 section 內容
```
objdump -j .got.plt -s ./a
```

readelf

查看程式的入口點

readelf -a ./tiny_easy
  Entry point address:               0x8048054

查看symbols

readelf -s /lib32/libc.so.6 | grep system@

查看程式區段
```
readelf  -S ./simplerop | grep .data
```

AUXV

$ LD_SHOW_AUXV=1 ./shellcode
AT_BASE:         0xf7797000      
AT_RANDOM:       0x7ffc1909ee99  stack canary

tail

當log不斷增加時來追蹤log

tail -f log.txt

Updated at over 6 years ago