After going through the SANS SEC660 course, I wanted to keep on learning and cementing what I learned. While there are many different sources to learn reverse engineering (e.g. OpenSecurityTraining Exploits1, Exploits2, Over the Wire, Smash the Stack), I heard about Gera's Insecure Programming by example site and wanted to dive back into Linux. There will be instructions that should produce the same results that I provide in the post as these exercises are covered.
To do this series of posts, there are some basic assumptions about where we start. The assumptions are:
1. You already have x86 knowledge
2. You have virtualization software installed on your machine as well as know how to set up a VM
3. Know how to use Linux
These exercises are going to use Ubuntu x86 14.04 LTS. To get started:
1. Go to http://www.ubuntu.com/download
2. Click "Ubuntu Desktop"
3. Change the dropdown to 32-bit and click "Download"
4. Choose to donate or not and proceed to download the ISO of the OS
5. Set up a VM with network access to the Internet. My VM for reference has 40GB HD, 2 CPU cores and 2GB of RAM. You mileage may vary depending on what you give it, but it "shouldn't" need more for these exercises. At this point, it is assumed that the VM has already been started, gone through the process to install the OS to the VM and we are at the point of a first real logon. If not, this should help you get through as a similar process.
6. Log onto the system with the user you created in the install process
Once the VM is up and running, let's get the OS updated so we can get our environment for reverse engineering set up.
1. Click on the Ubuntu symbol at the top left of the screen to bring up the search function
2. Type in "Terminal"
3. This should give you a bunch of options, but we want "Terminal" which should be the first option. Click on that.
4. You should see the command prompt/terminal type window show up on the left bar. Right click on it and dock it to the launch bar. We're going to use this a lot. You can drag it to the top if you'd like so it's more readily seen.
5. In Terminal, type in:
sudo apt-get update
6. Enter in your password to the prompt
7. If you have successfully given your VM Internet access, it should be accessing update mirrors to pull down a list of things to update.
8. Now let's actually do some updating. In Terminal, type in:
sudo apt-get upgrade
9. Press the Enter key to accept the updates and let it do it's update
10. Reboot if necessary
11. Log back into the VM and install the VMware or your virtualization software's VM tools. Reboot if necessary.
12. In the not too distant future, we will use Capstone. We won't really cover that right now, but let's install PIP and then get Capstone. In Terminal, type:
sudo apt-get install python3-pip
13. Now let's get Capstone, in Terminal type:
sudo pip3 install capstone
14. For reverse engineering of Linux examples, we will use the venerable GDB. But, we're going to make it better to work with for our purposes. We're going to use Zach Riggle's PEDA to help us in our analysis. Maybe this series will convert over to his pwndbg toolset in the future, but for now, we will use PEDA. First, we need to make sure we have a Git client so we can pull down the latest version. In Terminal, type:
sudo apt-get install git
15. Let's get PEDA. In Terminal, type:
git clone https://github.com/zachriggle/peda.git ~/peda
16. Now type in:
echo "source ~/peda/peda.py" >> ~/.gdbinit
17. We should now have PEDA configured to run and work for us. Let's try it out! In Terminal, type:
gdb
18. This should launch the colorful and more helpful PEDA version of GDB. We may have some warnings, but that's fine for now. Let's exit the app as this should be good to go. In gdb, type:
q
GDB has many commands, cheatsheets (print this out) and features for us to use. For example, in the above, we typed in "q" which is short for "quit". While Mavis Beacon would be proud that we can fully type out "info breakpoint 3" without looking at the keyboard, we can shorthand that to "i b 3". In many examples, the full name of the command will be typed out, but then shortened in later sections.
This wraps it up for this preparatory post, but it'll set us up for future posts as we dig deep into these challenges!
This wraps it up for this preparatory post, but it'll set us up for future posts as we dig deep into these challenges!
No comments:
Post a Comment