linux ctf pwn

指定glibc

Posted by nop on 2020-04-14
Words 589 In Total

原文链接

下载对应版本并编译 glibc

下载并解压

1
2
3
wget https://ftp.gnu.org/gnu/glibc/glibc-2.25.tar.gz
tar xvf glibc-2.25.tar.gz
cd glibc-2.25

选择带 debug symbol 以及配置安装位置

此处操作时,我是切换到安装目录操作的,并不是在解压的目录下

1
CFLAGS="-g -g3 -ggdb -gdwarf-4 -Og -w" CXXFLAGS="-g -g3 -ggdb -gdwarf-4 -Og -w" ../../Desktop/glibc-2.25/configure --prefix=/home/nop/libs/2.25/glibc-2.25/64

其中,

  • CFLAGS、CXXFLAGS 与 debug symobl 有关
  • --prefix 是安装目录

报错:

1
2
3
configure: error:
*** These critical programs are missing or too old: gawk
*** Check the INSTALL file for required versions.

解决:

1
sudo apt-get install gawk

编译和安装

1
make && make install

查看安装结果

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
nop@nop-pwn:~/libs/2.25$ ./libc.so.6
GNU C Library (GNU libc) stable release version 2.25, by Roland McGrath et al.
Copyright (C) 2017 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
Compiled by GNU CC version 5.4.0 20160609.
Available extensions:
    crypt add-on version 2.1 by Michael Glad and others
    GNU Libidn by Simon Josefsson
    Native POSIX Threads Library by Ulrich Drepper et al
    BIND-8.2.3-T5B
libc ABIs: UNIQUE IFUNC
For bug reporting instructions, please see:
<http://www.gnu.org/software/libc/bugs.html>.

使用相应版本

安装 patchelf

1
2
3
4
5
6
git clone https://github.com/NixOS/patchelf.git
cd patchelf
./bootstrap.sh
./configure
make
sudo make install
  • 改变dl位置:
1
patchelf --set-interpreter /home/nop/lib/glibc-2.25/64/lib/ld-2.25.so test
  • 查看结果:
1
2
3
4
nop@nop-pwn:~/Desktop$ ldd test
    linux-vdso.so.1 =>  (0x00007ffceb7c0000)
    libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fd2f0a21000)
    /home/nop/lib/glibc-2.25/64/lib/ld-2.25.so => /lib64/ld-linux-x86-64.so.2 (0x00007fd2f0deb000)
  • 改变libc的搜索路径:
1
patchelf --set-rpath /home/nop/libs/2.27/glibc-2.27/64/lib/ test
  • 查看结果:
1
2
3
4
5
6
7
8
9
10
11
nop@nop-pwn:~/Desktop$ readelf -d test

Dynamic section at offset 0x270 contains 25 entries:
  Tag        Type                         Name/Value
 0x000000000000001d (RUNPATH)            Library runpath: [/home/nop/libs/2.27]
 0x0000000000000001 (NEEDED)             Shared library: [libc.so.6]

nop@nop-pwn:~/Desktop$ ldd test
    linux-vdso.so.1 =>  (0x00007ffc98911000)
    libc.so.6 => /home/nop/libs/2.27/glibc-2.27/64/lib/libc.so.6 (0x00007ff55ab4a000)
    /lib64/ld-linux-x86-64.so.2 (0x00007ff55aeed000)

注意:修改了libc搜索路径的同时也需要修改ld加载路径,否则会出现段错误的情况

You are welcome to share this blog, so that more people can participate in it. If the images used in the blog infringe your copyright, please contact the author to delete them.

FEATURED TAGS
linux ctf pwn
FRIENDS
ESC