AgentSkillsCN

binary-reconnaissance

对二进制文件的初步侦察,包括checksec、文件分析、字符串和符号。任何新目标的第一步。

SKILL.md
--- frontmatter
name: binary-reconnaissance
description: Initial reconnaissance on binaries including checksec, file analysis, strings, and symbols. First step for any new target.

Binary Reconnaissance

First-look analysis of any new binary target. Run these checks before deeper analysis.

Checklist

  1. File type: file target
  2. Security mitigations: checksec target
  3. Symbols: nm target or readelf -s target
  4. Strings: strings target | grep -i flag\|win\|shell
  5. Disassembly: objdump -M intel -d target > target.asm

Checksec Interpretation

ProtectionEnabledDisabledBypass
NXCan't execute shellcode on stackShellcode worksROP, ret2libc
CanaryStack smash detectedNo protectionLeak canary, brute force
PIEAddresses randomizedFixed addressesLeak code address
RELROGOT protectedGOT writableCan't use GOT overwrite

Quick Wins to Look For

  • Functions named win, get_flag, shell, backdoor
  • Strings containing flag, /bin/sh, cat flag
  • system() or execve() in PLT
  • No canary + no PIE = likely simple overflow

Output

Produce context/binary-info.md using the template.