AgentSkillsCN

vulnerability-analysis

识别漏洞类别,分析根本原因,规划利用策略。

SKILL.md
--- frontmatter
name: vulnerability-analysis
description: Identify vulnerability class, analyze root cause, and plan exploitation strategy.

Vulnerability Analysis

Systematic identification and analysis of vulnerabilities in binary targets.

Vulnerability Classes

ClassSignalsTypical Cause
Stack BOFNo bounds check on inputgets(), strcpy(), sprintf()
Format StringUser input as format argprintf(buf) instead of printf("%s", buf)
Heap CorruptionDynamic allocation + freeUAF, double-free, heap overflow
Integer OverflowArithmetic on user inputSize calculations, array indexing
Race ConditionMulti-threaded or file opsTOCTOU, signal handlers
Logic BugUnexpected program stateAuth bypass, incorrect checks

Analysis Process

  1. Trace user input - Where does it enter? Where does it go?
  2. Find sinks - Dangerous functions that consume input
  3. Check bounds - Are there size limits? Are they enforced?
  4. Check protections - What mitigations affect exploitation?

Dangerous Function Patterns

c
// Stack BOF
gets(buf);                    // No bounds
strcpy(dst, src);             // No bounds
sprintf(buf, fmt, ...);       // No bounds
scanf("%s", buf);             // No bounds

// Format String
printf(user_input);           // User controls format

// Command Injection
system(user_input);           // Direct command exec
popen(user_input, "r");       // Command exec

Mitigation Bypass Planning

HaveNeedStrategy
BOF + NXCode execROP chain, ret2libc
BOF + CanaryBypassLeak canary first
BOF + PIEFixed addrLeak code address
Format + No writeWrite primitiveUse %n specifier
Heap + no leakInfo leakHeap feng shui

Output

Produce context/vulnerability-analysis.md using the template.