本文主要是介绍pwn - 零基础ROP之Android ARM 32位篇(新修订),希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
一、环境搭建
安装ndk r10e,必须得这个版本,其他版本可能导致 -fno-stack-protector 不生效!
r10e
- Darwin: https://dl.google.com/android/repository/android-ndk-r10e-darwin-x86_64.zip
- Linux: https://dl.google.com/android/repository/android-ndk-r10e-linux-x86_64.zip
- Windows: https://dl.google.com/android/repository/android-ndk-r10e-windows-x86_64.zip
二、Pwn代码编译
VSCode 新建个main.cpp文件,代码如下
#include<stdio.h>
#include<stdlib.h>
#include<unistd.h>
#include<string.h>void callsystem()
{write(STDOUT_FILENO, "Flag:XY2024\n", 13); write(STDOUT_FILENO, "call shell...\n", 13); system("/system/bin/sh");
}void vulnerable_function() {int i = 128;char buf[i];read(STDIN_FILENO, buf, 256);
}int main(int argc, char** argv) {char buf[128] = {0};if (argc==2&&strcmp("passwd",argv[1])==0)callsystem();snprintf(buf, 128, "vulnerable_function=%p\n", vulnerable_function); write(STDOUT_FILENO, buf, strlen(buf)); write(STDOUT_FILENO, "Hello, World\n", 13); vulnerable_function();
}
新建Android.mk,内容如下:
LOCAL_PATH := $(call my-dir)include $(CLEAR_VARS)LOCAL_MODULE := level6
LOCAL_SRC_FILES := main.cpp
LOCAL_LDLIBS := -llog
LOCAL_CFLAGS += -fno-stack-protector
include $(BUILD_EXECUTABLE)
新建Application.mk,内容如下:
APP_ABI := armeabi-v7a
APP_STL := c++_static
APP_CFLAGS += -fno-stack-protector
APP_PLATFORM := android-21
cd到项目所在目录,执行编译:
d:\android-ndk-r10e\ndk-build NDK_PROJECT_PATH=. NDK_APPLICATION_MK=Application.mk APP_BUIL
这篇关于pwn - 零基础ROP之Android ARM 32位篇(新修订)的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!