pwn入门之环境搭建

发表于 2021-10-04 更新于 2021-11-25 分类于 pwn

¶工具

VMware15

unbuntu20.0镜像下载地址：

http://mirrors.163.com/ubuntu-releases/20.04/

详情请见https://blog.csdn.net/weixin_44169941/article/details/109263134

¶pwn环境搭建

¶安装vscode

直接在Ubuntu software 安装就行

¶安装gcc

sudo apt install gcc
gcc --version

¶配置32位环境

sudo dpkg --add-architecture i386
sudo apt-get update
sudo apt install build-essential
sudo apt install gcc-multilib

¶安装vim

sudo apt install vim

¶安装git

sudo apt install git

¶安装pwntools

sudo apt-get install python3 python3-pip python3-dev git libssl-dev libffi-dev build-essential
sudo python3 -m pip install --upgrade pip
sudo python3 -m pip install --upgrade pwntools

¶安装pwndbg + pwngdb 联合调试环境

pwngdb

cd ~/
git clone https://github.com/scwuaptx/Pwngdb.git 
cp ~/Pwngdb/.gdbinit ~/

pwndbg

git clone https://github.com/pwndbg/pwndbg
cd pwndbg
./setup.sh

联合使用

vim ~/.gdbinit
注释掉第一行 然后在第二行写入
source ~/pwndbg/gdbinit.py

食用方法汇总（持续）

1.带源码调试: gdb -q [file] -d [path]（默认为.）
2.下断点: b address
3.运行: r
4.继续: c
5.运行下一步: ni
6.打印链接库: vmmap
7.输出libc_base: libc
8.查看堆: heap，parseheap
9.查看bins: bin
10.查看address处的内存 x /nxg adress
11.打印地址/指针：p address
12.查看栈：stack length
13.查看地址：telescoope address
14.查看hex: hex address
15.格式化字符串偏移地址: fmtarg

¶安装docker

sudo apt install docker.io

¶安装seccomp-tools

sudo apt install gcc ruby-dev
gem install seccomp-tools

¶安装one_gadget

sudo gem install one_gadget

¶安装LibcSearcher

sudo pip3 install LibcSearcher
sudo pip3 install -U LibcSearcher

¶安装main_arena_offset

git clone https://github.com/dev2ero/py_main_arena_offset.git
cd py_main_arena_offset
sudo python3 setup.py develop

食用方法

from pymao import *

libc = "./libc.so.6"
main_arena_offset = gmao( libc )
print(hex(main_arena_offset))

¶安装本地调试不同版本的libc环境

glibc-all-in-one

git clone https://github.com/matrix1001/glibc-all-in-one.git
cd glibc-all-in-one
python3 update_list
cat list
 ./download [libc-version]

patchelf

git clone https://github.com/NixOS/patchelf.git
cd patchelf
sudo apt-get install autoconf automake libtool
./bootstrap.sh
./configure
make
sudo make install

食用方法

patchelf --replace-needed libc.so.6 [your-libc-path] [yourelf]
patchelf --set-interpreter [libc-ld-path] [elf]
cp -r ~/Desktop/glibc-all-in-one/libs/[libcfolderpath]/.debug/ ./debug
gdb [elf]
# set debug-file-directory ./debug/
如果要debug不同版本的libc的程序具体可以看这篇博客：https://bbs.pediy.com/thread-254868.htm
如果上述博客中方法不可行，则可以修改~/pwndbg/pwndbg/symbol.py 最后两行为set_directory('./debug/')

¶安装并配置python2

#安装
sudo apt install python2 
#设置优先级
sudo update-alternatives --install /usr/bin/python python /usr/bin/python2.7 1 
sudo update-alternatives --install /usr/bin/python python /usr/bin/python3.8 2
#手动切换
sudo update-alternatives --config python
#安装pip及依赖
sudo apt install  python-dev git libssl-dev libffi-dev build-essential
sudo apt-get install curl
sudo curl https://bootstrap.pypa.io/pip/2.7/get-pip.py -o get-pip.py
sudo python get-pip.py
pip install pwntoola

¶安装alpha3

git clone https://github.com/TaQini/alpha3.git
cd alpha3
python ./ALPHA3.py x64 ascii mixedcase rax --input="sc.bin" > out.bin

¶搭建docker用的镜像

https://github.com/DASCTF-Base