Hacker之路技能树（1）

第一个任务，了解buffer overflow.

我是64位的，

64-bit, what you need to know

For the purpose of this tutorial, you should be aware of the following points:

General purpose registers have been expanded to 64-bit. So we now have RAX, RBX, RCX, RDX, RSI, and RDI.

Instruction pointer, base pointer, and stack pointer have also been expanded to 64-bit as RIP, RBP, and RSP respectively.

Additional registers have been provided: R8 to R15.

Pointers are 8-bytes wide.

Push/pop on the stack are 8-bytes wide.

Maximum canonical address size of 0x00007FFFFFFFFFFF.

Parameters to functions are passed through registers.

用到的工具:

Python
Exploit Development Assistance for GDB

getenvaddr.c

我的 requirements：http://www.cis.syr.edu/~wedu/seed/Labs_12.04/Software/Buffer_Overflow/Buffer_Overflow.pdf：
但实际上我觉得这是一个非常渣的教程，问题设置的不错但是过程太笨了，所以找到另一个： http://blog.techorganic.com/2015/04/10/64-bit-linux-stack-smashing-tutorial-part-1/
总结下：
先大胆overflow掉return address，然后用pattern检查具体是那一组把rip overwrite掉了($rsp)，然后 再次overflow
此时用shellcode覆盖，就ok啦.说起来很简单，但其中道理却很多哈哈哈。

note:
Address Randomization: 这个会报Segmentation fault (core dumped)，我觉得如果循环时间长总会碰到对的。

Stack Guard: *** stack smashing detected ***: ./classic terminated 直接杀死

Non-executable Stack: Segmentation fault (core dumped) only makes it impossible to run shellcode on the stack