-
-
[原创]从0开始的pwn题环境配置
-
2022-5-25 18:02
-
设置root权限密码
1 | sudo passwd root |
后面用的sudo指令需要输入的密码就是这里设定的
遇到所有的“Permission denied”的问题都是没有在root模式下
换源
换国内的源能够提高我们的下载速度也能避免翻墙(如果能够翻墙的话最好),目前主要有“阿里”、“清华”和”中科大“三个源
1.阿里:
1 2 3 4 5 6 7 8 9 10 | deb http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiversedeb http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiversedeb http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiversedeb http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiversedeb http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiversedeb-src http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiversedeb-src http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiversedeb-src http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiversedeb-src http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiversedeb-src http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse |
2.清华:
1 2 3 4 5 6 7 8 9 10 | deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic main restricted universe multiversedeb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-updates main restricted universe multiversedeb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-backports main restricted universe multiversedeb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-security main restricted universe multiversedeb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-proposed main restricted universe multiversedeb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic main restricted universe multiversedeb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-updates main restricted universe multiversedeb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-backports main restricted universe multiversedeb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-security main restricted universe multiversedeb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-proposed main restricted universe multiverse |
3.中科大:
1 2 3 4 5 6 7 8 9 10 | deb https://mirrors.ustc.edu.cn/ubuntu/ bionic main restricted universe multiversedeb https://mirrors.ustc.edu.cn/ubuntu/ bionic-updates main restricted universe multiversedeb https://mirrors.ustc.edu.cn/ubuntu/ bionic-backports main restricted universe multiversedeb https://mirrors.ustc.edu.cn/ubuntu/ bionic-security main restricted universe multiversedeb https://mirrors.ustc.edu.cn/ubuntu/ bionic-proposed main restricted universe multiversedeb-src https://mirrors.ustc.edu.cn/ubuntu/ bionic main restricted universe multiversedeb-src https://mirrors.ustc.edu.cn/ubuntu/ bionic-updates main restricted universe multiversedeb-src https://mirrors.ustc.edu.cn/ubuntu/ bionic-backports main restricted universe multiversedeb-src https://mirrors.ustc.edu.cn/ubuntu/ bionic-security main restricted universe multiversedeb-src https://mirrors.ustc.edu.cn/ubuntu/ bionic-proposed main restricted universe multiverse |
对于u18使用阿里源,u20使用清华源,kali使用中科大源,试试是否还能用
首先备份原来的源:
1 2 | su mv /etc/apt/sources.list /etc/apt/sourses.list.backup |
新建源(注意这个操作也需要在root模式下进行):
1 | vi /etc/apt/sources.list |
进入vim编辑器后按下键盘上的‘esc’,然后顺序按下“:”+“i”+回车进入编辑模式,调节光标到开头然后用ctrl+shift+v将复制的源粘贴好后,esc+:wq+回车保存并退出
换好后更新和升级
1 2 | apt updateapt upgrade |
安装python
u18下无python,需要手动安装
对于pwn手来说python2绝对比python3香,因为在远程交互的时候不用考虑字节类型和字符串类型的差异,而且python3不支持一些比较老的工具包(如libcsearch)
1 | sudo apt install python |
出现这个表示python已经安装好了
安装pip
1 | sudo apt install pip |
出现这个就说明安装好了
安装pwntools
1 | pip install pwntools |
可以用这个检测一下是否安装成功
安装git
1 | sudo apt install git |
出现这个就说明安装好了
安装pwndbg
先装四个库不然会报错(主要是linux下64位和32位的环境)
1 2 3 4 | sudo apt-get install libffi-devsudo apt-get install libssl-devsudo apt install libc6-dev-i386sudo apt-get install lib32z1 |
git指令会把github上的目标文件安装到当前所在的路径
1 2 3 4 5 | cd Desktopgit clone https://github.com/pwndbg/pwndbgcd pwndbg./setup.shcd .. |
(ps:安装过程中会下载所需的依赖,比较吃网络环境,如果不成功可以多试几次)
装好后的效果:
安装ROPgadget
1 2 3 4 | sudo apt-get install python-capstonegit clone https://github.com/JonathanSalwan/ROPgadget.gitcd ROPgadgetsudo -H python3 setup.py install |
对于使用kali的师傅,装capstone这步可能有问题:
那么先用git下载下来然后make安装
1 2 3 4 | git clone https://github.com/aquynh/capstonecd capstonemakemake install |
安装完成后直接使用貌似会报错(如果没有请跳过)
需要用如下命令:
1 | sudo cp -r scripts /usr/local/lib/python3.6/dist-packages/ROPGadget-6.7.dist-info |
注意,后面的地址不一定,是上面那张图"at"后面的地址
然后成功:
安装one_gadget
1 2 | sudo apt-get install ruby ruby-devsudo gem install one_gadget |
安装成功:
安装patchelf
1 2 3 4 5 6 7 8 9 | sudo apt-get install autoconf automake libtoolgit clone https://github.com/NixOS/patchelf.gitcd patchelf./bootstrap.sh./configuremakemake checksudo make install |
安装成功:
安装ropper
拖到虚拟机中,然后用:
1 | tar -zxvf 压缩文件名.tar.gz |
解压完成后:
1 2 3 4 | sucd ropper-1.11.2python setup.py installcd .. |
安装成功:
用法简介
pwntools:针对pwn题的python模块,crypto手也喜欢用来连远程环境
pwndbg:二进制文件调试工具
ROPgadget:寻找所需的汇编代码段的偏移或地址(在不开pie的情况下)
one_gadget:execve('/bin/sh',,)在libc中的偏移
patchelf:配制和远程靶机环境一样的本地环境的工具
ropper:比ROPgadget更强的查找工具
参考文章
Linux如何进入root权限-linux运维-PHP中文网
Ubuntu18.04更换国内源(阿里,网易,中科大,清华等源) - unionline - 博客园 (cnblogs.com)
[培训]二进制漏洞攻防(第3期);满10人开班;模糊测试与工具使用二次开发;网络协议漏洞挖掘;Linux内核漏洞挖掘与利用;AOSP漏洞挖掘与利用;代码审计。
