In this write-up, we quickly install a bunch of tools to get some basics set up for debugging binaries. All credit for the tools and techniques go to the excellent John Hammond video listed below.
The commands and tools selected here are based on the first 8 minutes (the setup) of:
#Binary Exploitation Deep Dive: Return to LIBC (with Matt)
https://youtu.be/tMN5N5oid2c
Optionally, you can search for any interesting kali
tools at the following link.
https://www.kali.org/tools/
One of the requirements is gdb
which is a popular open source debugger. You can optionally visit the official project page at https://www.sourceware.org/gdb/
to learn more about the history, etc.
To install on kali
we can use apt install
as follows:
#typical
sudo apt install gdb
#optional - support more operating systems
sudo apt install gdb-multiarch
Note: For more detail at about the kali
versions shown above, see the kali
tools page at https://www.kali.org/tools/gdb/`.
#Optional - show what what you have or need
sudo apt list libc6 openjdk-11-jdk-headless libgcc-s1 libstdc++6
#install the requirements
sudo apt install -y libc6 openjdk-11-jdk-headless libgcc-s1 libstdc++6
#install java
sudo apt install openjdk-11-jdk-headless -y
#test java
java -version
sudo apt install ghidra
Note: The dependencies for ghidra
should be part of kali
by default, but for reference, the requirements are:
libc6
libgcc-s1
libstdc++6
openjdk-11-jdk-headless
https://www.sublimetext.com/docs/linux_repositories.html
https://code.visualstudio.com/docs/setup/linux
You can optionally install Eclipse
which is an integrated development environment (IDE) for Java, C, etc.
https://www.eclipse.org/
Some things we have by default in kali
are python3
and pip
, which we can confirm with --version
. We will use these tools later.
python3 --version
pip --version
sudo apt install bpython
pip install pwn
Note: Not to be confused with pwninit
which we install later.
If you download the entire repo then you can just point to this file with pip
to install all of them with pip install -r requirements.txt
as shown in the steps later.
The following is the content of the file in case of interest.
## example "requirements.txt" for `gef`.
cat ┌──(tech1㉿kali001)-[~]
└─$ cat ~/Downloads/.gef/requirements.txt
capstone
keystone-engine
pylint
ropper
unicorn
pytest
pytest-xdist
coverage
So before we install, gef
be sure to launch your regular gdb
at least once so you know what it looks like. Once you install gef
it enhances your experience with gdb
next time you launch it.
#optional - launch `gdb`
gdb
#quit gdb
press q
#install gef (pick an option)
#option 1 - entire repo
#this is good because you can look at required packages
#change directory
cd Downloads
#download the repo
git clone https://github.com/hugsy/gef
#change directory
cd gef
#copy the script to your home directory
cp gef.py ~/.gef.py
#list required packages
cat ~/Downloads/.gef/requirements.txt
#install required packages with pip
pip install -r requirements.txt
#option 2 - download just the script
#this is good if you have all the pre-reqs or will do them later
wget -q "https://github.com/hugsy/gef/raw/master/gef.py" -O "${HOME}/.gef.py"
#create a .gdbinit file, if needed
touch ~/.gdbinit
vi ~/.gdbinit
#contents of .gdbinit should be the following one line:
source ~/.gef.py
#use gef
gdb
#get help
help
#quit
q
Review the help information and best practices for this tool.
This install may take some time, so be patient.
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
Note: After the rust
installation completes, close and relaunch your terminal
We can use the cargo
command to confirm that rust
is ready.
cargo --version
Note: cargo
is the package manager for rust
.
First, we install a long list of pre-requisites using apt
, and then finally we use cargo
to download and build the pwninit
package.
Note: You can optionally install multiple packages with apt
on a single line (just add a space between), but here we show one at time.
#install patchelf
sudo apt install patchelf
#install elfutils
sudo apt install elfutils
#install pkg-config
sudo apt install pkg-config
#install lzma
sudo apt install lzma
#install liblzma-dev
sudo apt install liblzma-dev
#install libssl-dev #note: we already have `openssl` by default but we also need this.
sudo apt install libssl-dev
#install pwninit
cargo install pwninit
Tip: If your build fails, try to resolve any dependencies mentioned in the error and then run the cargo install pwninit
command again. All previous downloads and progress are remembered automatically, so once you have all of the requirements, the compile should be fast and all green..
#optional - show location of binary you just built
which pwninit
#usage (note: only run from the directory to analyze / setup)
#warning: this will make some bits exectuable in this directory
cd <folder-of-some-bits-to-hack>
/path/to/pwninit #this generates a "solve.py"
#optional - Review `solve.py`
less ./solve.py
Note: The solve.py
would be used by the leaders of a capture the flag challenge to setup a scenario.
In this write-up, we got you up and running with some some binary debugging tools for kali
Linux.