-
-
[原创]从0开始的pwn题环境配置
-
2022-5-25 18:02
16506
-
设置root权限密码
后面用的sudo指令需要输入的密码就是这里设定的
遇到所有的“Permission denied”的问题都是没有在root模式下
换源
换国内的源能够提高我们的下载速度也能避免翻墙(如果能够翻墙的话最好),目前主要有“阿里”、“清华”和”中科大“三个源
1.阿里:
1 2 3 4 5 6 7 8 9 10 | deb http: / / mirrors.aliyun.com / ubuntu / bionic main restricted universe multiverse
deb http: / / mirrors.aliyun.com / ubuntu / bionic - security main restricted universe multiverse
deb http: / / mirrors.aliyun.com / ubuntu / bionic - updates main restricted universe multiverse
deb http: / / mirrors.aliyun.com / ubuntu / bionic - proposed main restricted universe multiverse
deb http: / / mirrors.aliyun.com / ubuntu / bionic - backports main restricted universe multiverse
deb - src http: / / mirrors.aliyun.com / ubuntu / bionic main restricted universe multiverse
deb - src http: / / mirrors.aliyun.com / ubuntu / bionic - security main restricted universe multiverse
deb - src http: / / mirrors.aliyun.com / ubuntu / bionic - updates main restricted universe multiverse
deb - src http: / / mirrors.aliyun.com / ubuntu / bionic - proposed main restricted universe multiverse
deb - src http: / / mirrors.aliyun.com / ubuntu / bionic - backports main restricted universe multiverse
|
2.清华:
1 2 3 4 5 6 7 8 9 10 | deb https: / / mirrors.tuna.tsinghua.edu.cn / ubuntu / bionic main restricted universe multiverse
deb https: / / mirrors.tuna.tsinghua.edu.cn / ubuntu / bionic - updates main restricted universe multiverse
deb https: / / mirrors.tuna.tsinghua.edu.cn / ubuntu / bionic - backports main restricted universe multiverse
deb https: / / mirrors.tuna.tsinghua.edu.cn / ubuntu / bionic - security main restricted universe multiverse
deb https: / / mirrors.tuna.tsinghua.edu.cn / ubuntu / bionic - proposed main restricted universe multiverse
deb - src https: / / mirrors.tuna.tsinghua.edu.cn / ubuntu / bionic main restricted universe multiverse
deb - src https: / / mirrors.tuna.tsinghua.edu.cn / ubuntu / bionic - updates main restricted universe multiverse
deb - src https: / / mirrors.tuna.tsinghua.edu.cn / ubuntu / bionic - backports main restricted universe multiverse
deb - src https: / / mirrors.tuna.tsinghua.edu.cn / ubuntu / bionic - security main restricted universe multiverse
deb - src https: / / mirrors.tuna.tsinghua.edu.cn / ubuntu / bionic - proposed main restricted universe multiverse
|
3.中科大:
1 2 3 4 5 6 7 8 9 10 | deb https: / / mirrors.ustc.edu.cn / ubuntu / bionic main restricted universe multiverse
deb https: / / mirrors.ustc.edu.cn / ubuntu / bionic - updates main restricted universe multiverse
deb https: / / mirrors.ustc.edu.cn / ubuntu / bionic - backports main restricted universe multiverse
deb https: / / mirrors.ustc.edu.cn / ubuntu / bionic - security main restricted universe multiverse
deb https: / / mirrors.ustc.edu.cn / ubuntu / bionic - proposed main restricted universe multiverse
deb - src https: / / mirrors.ustc.edu.cn / ubuntu / bionic main restricted universe multiverse
deb - src https: / / mirrors.ustc.edu.cn / ubuntu / bionic - updates main restricted universe multiverse
deb - src https: / / mirrors.ustc.edu.cn / ubuntu / bionic - backports main restricted universe multiverse
deb - src https: / / mirrors.ustc.edu.cn / ubuntu / bionic - security main restricted universe multiverse
deb - src https: / / mirrors.ustc.edu.cn / ubuntu / bionic - proposed main restricted universe multiverse
|
对于u18使用阿里源,u20使用清华源,kali使用中科大源,试试是否还能用
首先备份原来的源:
1 2 | su
mv / etc / apt / sources. list / etc / apt / sourses. list .backup
|
新建源(注意这个操作也需要在root模式下进行):
进入vim编辑器后按下键盘上的‘esc’,然后顺序按下“:”+“i”+回车进入编辑模式,调节光标到开头然后用ctrl+shift+v将复制的源粘贴好后,esc+:wq+回车保存并退出
换好后更新和升级
安装python
u18下无python,需要手动安装
对于pwn手来说python2绝对比python3香,因为在远程交互的时候不用考虑字节类型和字符串类型的差异,而且python3不支持一些比较老的工具包(如libcsearch)
出现这个表示python已经安装好了
安装pip
出现这个就说明安装好了
安装pwntools
可以用这个检测一下是否安装成功
安装git
出现这个就说明安装好了
安装pwndbg
先装四个库不然会报错(主要是linux下64位和32位的环境)
1 2 3 4 | sudo apt - get install libffi - dev
sudo apt - get install libssl - dev
sudo apt install libc6 - dev - i386
sudo apt - get install lib32z1
|
git指令会把github上的目标文件安装到当前所在的路径
1 2 3 4 5 | cd Desktop
git clone https: / / github.com / pwndbg / pwndbg
cd pwndbg
. / setup.sh
cd ..
|
(ps:安装过程中会下载所需的依赖,比较吃网络环境,如果不成功可以多试几次)
装好后的效果:
安装ROPgadget
1 2 3 4 | sudo apt - get install python - capstone
git clone https: / / github.com / JonathanSalwan / ROPgadget.git
cd ROPgadget
sudo - H python3 setup.py install
|
对于使用kali的师傅,装capstone这步可能有问题:
那么先用git下载下来然后make安装
1 2 3 4 | git clone https: / / github.com / aquynh / capstone
cd capstone
make
make install
|
安装完成后直接使用貌似会报错(如果没有请跳过)
需要用如下命令:
1 | sudo cp - r scripts / usr / local / lib / python3. 6 / dist - packages / ROPGadget - 6.7 .dist - info
|
注意,后面的地址不一定,是上面那张图"at"后面的地址
然后成功:
安装one_gadget
1 2 | sudo apt - get install ruby ruby - dev
sudo gem install one_gadget
|
安装成功:
安装patchelf
1 2 3 4 5 6 7 8 9 | sudo apt - get install autoconf automake libtool
git clone https: / / github.com / NixOS / patchelf.git
cd patchelf
. / bootstrap.sh
. / configure
make
make check
sudo make install
|
安装成功:
安装ropper
先进ropper · PyPI 官网下载压缩包
拖到虚拟机中,然后用:
解压完成后:
1 2 3 4 | su
cd ropper - 1.11 . 2
python setup.py install
cd ..
|
安装成功:
用法简介
pwntools:针对pwn题的python模块,crypto手也喜欢用来连远程环境
pwndbg:二进制文件调试工具
ROPgadget:寻找所需的汇编代码段的偏移或地址(在不开pie的情况下)
one_gadget:execve('/bin/sh',,)在libc中的偏移
patchelf:配制和远程靶机环境一样的本地环境的工具
ropper:比ROPgadget更强的查找工具
参考文章
Linux如何进入root权限-linux运维-PHP中文网
Ubuntu18.04更换国内源(阿里,网易,中科大,清华等源) - unionline - 博客园 (cnblogs.com)
Ubuntu pwn环境安装 - X1ng's Blog
[培训]二进制漏洞攻防(第3期);满10人开班;模糊测试与工具使用二次开发;网络协议漏洞挖掘;Linux内核漏洞挖掘与利用;AOSP漏洞挖掘与利用;代码审计。