Skip to content

Commit

Permalink
add dateset
Browse files Browse the repository at this point in the history
  • Loading branch information
@smile0304
smile0304 committed Aug 5, 2021
1 parent 6d18cf9 commit f8ab658
Showing 1 changed file with 11 additions and 5 deletions.
16 changes: 11 additions & 5 deletions README_CN.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -137,15 +137,21 @@ share2sink: 此脚本与`ref2share`功能类似。需要与`ref2share`来配合

#### 使用案例
1.分析D-Link 878中命令注入、缓冲区溢出类型的漏洞
> python satc.py -d /home/satc/dlink_878 -o /home/satc/res --ghidra_script=ref2sink_cmdi --ghidra_script=ref2sink_bof --taint_check
```shell script
python satc.py -d /home/satc/dlink_878 -o /home/satc/res --ghidra_script=ref2sink_cmdi --ghidra_script=ref2sink_bof --taint_check
```

2.分析D-Link 878中`prog.cgi`命令注入类型的漏洞
> python satc.py -d /home/satc/dlink_878 -o /home/satc/res --ghidra_script=ref2sink_cmdi -b prog.cgi --taint_check
```shell script
python satc.py -d /home/satc/dlink_878 -o /home/satc/res --ghidra_script=ref2sink_cmdi -b prog.cgi --taint_check
```

3.分析D-Link 878中`rc`的命令注入类型漏洞;在这个案例中`prog.cgi`中使用nvram_set设置变量,`rc`中使用nvram_get提取
> python satc.py -d /home/satc/dlink_878 -o /home/satc/res --ghidra_script=ref2share -b prog.cgi
>
> python satc.py -d /home/satc/dlink_878 -o /home/satc/res --ghidra_script=share2sink --ref2share_result=/home/satc/res/ghidra_extract_result/prog.cgi/prog.cgi_ref2share.result -b rc --taint_check
```shell script
python satc.py -d /home/satc/dlink_878 -o /home/satc/res --ghidra_script=ref2share -b prog.cgi

python satc.py -d /home/satc/dlink_878 -o /home/satc/res --ghidra_script=share2sink --ref2share_result=/home/satc/res/ghidra_extract_result/prog.cgi/prog.cgi_ref2share.result -b rc --taint_check
```

#### 数据集合
[SaTC_dateset.zip](https://drive.google.com/file/d/1rOhjBlmv3jYmkKhTBJcqJ-G56HoHBpVX/view?usp=sharing)

0 comments on commit f8ab658

Please sign in to comment.