From fdeb38f61cf46566f4f0f32a474132eed4c0b070 Mon Sep 17 00:00:00 2001 From: tt Date: Thu, 5 Aug 2021 19:31:48 +0800 Subject: [PATCH] update readme --- README.md | 14 ++++++++++---- README_CN.md | 7 ++++--- 2 files changed, 14 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index bc7fd30..ed99dc7 100644 --- a/README.md +++ b/README.md @@ -138,15 +138,21 @@ You should download dataset from. #### Case Study 1.To discover command injection and buffer overflow bugs in D-Link 878 -> python satc.py -d /home/satc/dlink_878 -o /home/satc/res --ghidra_script=ref2sink_cmdi --ghidra_script=ref2sink_bof --taint_check +```shell script +python satc.py -d /home/satc/dlink_878 -o /home/satc/res --ghidra_script=ref2sink_cmdi --ghidra_script=ref2sink_bof --taint_check +``` 2.To discover command injection bugs in specific target `prog.cgi` of D-Link 878 -> python satc.py -d /home/satc/dlink_878 -o /home/satc/res --ghidra_script=ref2sink_cmdi -b prog.cgi --taint_check +```shell script +python satc.py -d /home/satc/dlink_878 -o /home/satc/res --ghidra_script=ref2sink_cmdi -b prog.cgi --taint_check +``` 3.To discover command injection bugs in multi-bin of D-Link 878, setting input data in `prog.cgi` and sink functions in `rc` -> python satc.py -d /home/satc/dlink_878 -o /home/satc/res --ghidra_script=ref2share -b prog.cgi -> python satc.py -d /home/satc/dlink_878 -o /home/satc/res --ghidra_script=share2sink --ref2share_result=/home/satc/res/ghidra_extract_result/prog.cgi/prog.cgi_ref2share.result -b rc --taint_check +```shell script +python satc.py -d /home/satc/dlink_878 -o /home/satc/res --ghidra_script=ref2share -b prog.cgi +python satc.py -d /home/satc/dlink_878 -o /home/satc/res --ghidra_script=share2sink --ref2share_result=/home/satc/res/ghidra_extract_result/prog.cgi/prog.cgi_ref2share.result -b rc --taint_check +``` #### Date set diff --git a/README_CN.md b/README_CN.md index 688509b..a6bc98b 100644 --- a/README_CN.md +++ b/README_CN.md @@ -136,17 +136,18 @@ share2sink: 此脚本与`ref2share`功能类似。需要与`ref2share`来配合 ``` #### 使用案例 -1.分析D-Link 878中命令注入、缓冲区溢出类型的漏洞 + +- 分析D-Link 878中命令注入、缓冲区溢出类型的漏洞 ```shell script python satc.py -d /home/satc/dlink_878 -o /home/satc/res --ghidra_script=ref2sink_cmdi --ghidra_script=ref2sink_bof --taint_check ``` -2.分析D-Link 878中`prog.cgi`命令注入类型的漏洞 +- 分析D-Link 878中`prog.cgi`命令注入类型的漏洞 ```shell script python satc.py -d /home/satc/dlink_878 -o /home/satc/res --ghidra_script=ref2sink_cmdi -b prog.cgi --taint_check ``` -3.分析D-Link 878中`rc`的命令注入类型漏洞;在这个案例中`prog.cgi`中使用nvram_set设置变量,`rc`中使用nvram_get提取 +- 分析D-Link 878中`rc`的命令注入类型漏洞;在这个案例中`prog.cgi`中使用nvram_set设置变量,`rc`中使用nvram_get提取 ```shell script python satc.py -d /home/satc/dlink_878 -o /home/satc/res --ghidra_script=ref2share -b prog.cgi