Naup...

Home

Archives

About
2025 TRX CTF - /dev/mem

2025 TRX CTF - /dev/mem

Contents

  1. 1. 2025 TRX CTF - /dev/mem
    1. 1.1. 前置
    2. 1.2. analyze code
      1. 1.2.1. modprobe not be use
    3. 1.3. broken KASLR
      1. 1.3.1. physical base address
      2. 1.3.2. Kernel physical and Virtual base relation
      3. 1.3.3. KASLR physical address
      4. 1.3.4. virtual address base
    4. 1.4. Control RIP
      1. 1.4.1. What is TTY device
      2. 1.4.2. pty (虛擬終端)
      3. 1.4.3. /dev/ptmx
      4. 1.4.4. source code about ptmx
      5. 1.4.5. n_tty_ops
    5. 1.5. 任意讀
      1. 1.5.1. kernel memory 任意讀
      2. 1.5.2. 小坑點的 kernel panic
      3. 1.5.3. exploit 任意讀
    6. 1.6. EoP
      1. 1.6.1. init process
      2. 1.6.2. task_struct
      3. 1.6.3. 找 offset 問題
      4. 1.6.4. EoP success
    7. 1.7. demo
    8. 1.8. exploit
    9. 1.9. after all
Naup堇姬
Naup堇姬
Posts
66
Categories
0
Tags
21

Home

Archives

About
2025-04-11 2025-04-11
Linux Kernel - Traversal of CPU and physical memory management
Newer

Linux Kernel - Traversal of CPU and physical memory management

Linux Kernel - EoP by modprobe & 2021 3kCTF echo nerf
Older

Linux Kernel - EoP by modprobe & 2021 3kCTF echo nerf

2020-2025 Naup堇姬
Powered by Hexo  Theme.Reimu
163.4k  |  14:21
Number of visits   |  Number of visitors 

Contents

  1. 1. 2025 TRX CTF - /dev/mem
    1. 1.1. 前置
    2. 1.2. analyze code
      1. 1.2.1. modprobe not be use
    3. 1.3. broken KASLR
      1. 1.3.1. physical base address
      2. 1.3.2. Kernel physical and Virtual base relation
      3. 1.3.3. KASLR physical address
      4. 1.3.4. virtual address base
    4. 1.4. Control RIP
      1. 1.4.1. What is TTY device
      2. 1.4.2. pty (虛擬終端)
      3. 1.4.3. /dev/ptmx
      4. 1.4.4. source code about ptmx
      5. 1.4.5. n_tty_ops
    5. 1.5. 任意讀
      1. 1.5.1. kernel memory 任意讀
      2. 1.5.2. 小坑點的 kernel panic
      3. 1.5.3. exploit 任意讀
    6. 1.6. EoP
      1. 1.6.1. init process
      2. 1.6.2. task_struct
      3. 1.6.3. 找 offset 問題
      4. 1.6.4. EoP success
    7. 1.7. demo
    8. 1.8. exploit
    9. 1.9. after all
Naup堇姬
Naup堇姬
Posts
66
Categories
0
Tags
21

Home

Archives

About