获取中...

-

Just a minute...

简单记录一下pwn环境配置

安装vim

1
sudo apt-get install vim

pip换源

1
2
3
4
5
cd ~
mkdir .pip
cd .pip/
touch pip.conf
sudo vim pip.conf

pip.conf.

1
2
3
[global]
trusted-host = mirrors.aliyun.com
index-url = https://mirrors.aliyun.com/pypi/simple

安装git和pip

1
2
3
sudo apt‐get install git
sudo apt install python‐pip
python2 ‐m pip install ‐‐upgrade pip

安装Capstone(反编译框架)

1
2
3
4
git clone https://github.com/aquynh/capstone
cd capstone
make
sudo make install

安装Binutils(二进制工具集)

1
2
3
4
5
git clone https://github.com/Gallopsled/pwntools-binutils
sudo apt-get install software-properties-common
sudo apt-add-repository ppa:pwntools/binutils
sudo apt-get update
sudo apt-get install binutils-arm-linux-gnu

安装第三方库

1
2
3
sudo pip install pwntools
sudo pip install zio
sudo pip install pwn

安装pwntools

1
2
3
4
apt-get update
apt-get install python-dev libssl-dev libffi-dev build-essential
pip install --upgrade pip
pip install --upgrade pwntool

安装peda

1
2
git clone https://github.com/longld/peda.git ~/peda
echo “source ~/peda/peda.py” >> ~/.gdbinit

安装Pwndbg

1
2
3
4
apt-get install git
git clone https://github.com/pwndbg/pwndbg
cd pwndbg
./setup.sh

安装gef

1
2
3
4
5
wget -q -O- https://github.com/hugsy/gef/raw/master/gef.sh | sh

wget -q -O ~/.gdbinit-gef.py https://github.com/hugsy/gef/raw/master/gef.py

echo source ~/.gdbinit-gef.py >> ~/.gdbinit

安装one_gadget

1
2
3
apt-get install ruby
apt-get install gem
sudo gem install one_gadget

LibcSearcher

1
2
3
4
git clone https://github.com/lieanu/libc.git
cd libc
git submodule update --init --recursive
sudo python setup.py develop

32位库安装

1
2
sudo apt install libc6‐dev‐i386 
sudo apt‐get install lib32z1

安装libcdatabase

1
2
3
4
git clone https://github.com/niklasb/
libc-database.git
cd libc-database
./get

pwndbg,def,peda切换

更改~/.gdbinit文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
define init-peda
source ~/peda/peda.py
end
document init-peda
Initializes the PEDA (Python Exploit Development Assistant for GDB) framework
end

define init-pwndbg
# 此处为pwndbg的gdbinit.py的目录
source /home/Thriumph/pwndbg/gdbinit.py
end
document init-pwndbg
Initializes the PwnDBG
end

define init-gef
source /home/Thriumph/.gdbinit-gef.py
end
document init-gef
Initializes the Gef
end
~

创建/bin/gdb-peda和/bin/pwndbg和/bin/gef

1
2
3
4
5
6
7
8
9
10
11
cat  /bin/gdb-peda
#!/bin/sh
exec gdb -q -ex init-peda "$@"

cat /bin/pwndbg
#!/bin/sh
exec gdb -q -ex init-pwndbg "$@"

cat /bin/gef
#!/bin/sh
exec gdb -q -ex init-gef "$@"

相关文章
评论
分享
  • Alloc to Stack&Arbitary Alloc

    Alloc to Stack和Arbitary Alloc都利用了fastbin链表的特性。 Alloc To Stack利用了fastbin链表的特性。当前的chunk的fd指向下一个chunk。Alloc To Stack核心...

    Alloc to Stack&Arbitary Alloc
  • House of Spirit

    House of Spirit针对fastbin,也是fastbin attach的一种。核心在于在目标位置处伪造 fastbin chunk,并将其释放,从而达到分配指定地址的 chunk 的目的。 原理House of Spi...

    House of Spirit
  • Fastbin Double Free

    double free 是任意地址写的一种技巧,指堆上的某块内存被释放后,并没有将指向该堆块的指针清零,那么,我们就可以利用程序的其他部分对该内存进行再次的free, 利用条件Fastbin Double Free 能够成功利用主...

    Fastbin Double Free
Please check the parameter of comment in config.yml of hexo-theme-Annie!