Skip to main content

Exploit Development on Linux Platform Part - 1


Setting up the  Linux Environment


  Introduction
 
        Welcome to the workshop on Linux exploit development.In this workshop, we will explore how you can work on exploit development while being on Linux as an operating system. To complete this workshop, you are supposed to have prerequisite requirements in Linux as an operating system.
 
Prerequisite

• Knowledge of TCP/IP protocols
• Basic knowledge of Linux as an Operating System
• Prior hands-on experience with Linux
• Sound Knowledge of “C” programming on Linux
• Understand socket programming

Lab Requirements

     To complete this workshop, you basically need a Linux operating system and programming  skills.To entertain all levels of audience, we will still present how to setup Linux as an Operating System on Virtual Machine.

 We will be setting up Ubuntu Linux on VMware Fusion on Mac OS.
 
 Download Link: https://my.vmware.com/web/vmware/downloads.
 
   We will then be using GDB (GNU Debugger) for debugging the program and GCC  (GNU C Complier) for compiling the code. The programming language which we will be working with is “C”. 
   We will also present sample code for practicing exploit development on Linux platform. You are also free to use any Linux operating system,we recommended Kali Linux or Ubuntu.

 Download Ubuntu
 

 Download Link: http://www.ubuntu.com/download/desktop.
 
Setup VM for Ubuntu

     You should be able to install the virtual machine software on your own or use virtual box if you are not familiar with VMware fusion on Mac OX.

    Open VM Library and follow below steps in order to setup VM and install Ubuntu and prepare your Ubuntu BOX.


     
             Next, click new and continue to setup new virtual machine and you will see below screen as shown in figure.



 Next, select more options and continue and you will see below screen as shown below.


 
Select create a custom virtual machine to continue and you will see below screen.





Now select Linux and Ubuntu as shown in above figure, continue the setup.
 



    You can modify these setting as shown in coming steps, continue and do the need full as suggested.



Now, customize the settings as shown in below steps.



 Here you can choose any name you’d like and continue.

 
Now you can change the memory size as per your setting and availability of memory in your hardware machine.



 Setup NAT as shown in above figure.




     Connect the CD and select the Ubuntu Image, which you should have downloaded from the link presented above and shown below after selection of image.


Now run the machine and you should be able to see the below screen.





Shortly, Ubuntu will ask you for the following options; it is recommended that you should install Ubuntu.



 Click Install Ubuntu and continue as shown below.




 Continue if you are meeting the requirements as shown in above figure.



 Select erase disk and install Ubuntu and click install now.




 Select your geographical location and continue installing.


Select Keyboard layout and continue.
 


    Setup login details and continue.After this step, it will start installing Ubuntu and if all goes well, you will be able to see below screen.




          Now restart the machine and login to your fresh installation copy of Ubuntu Desktop.



             Ubuntu desktop comes with pre installation of GNU and GDB; just ensure that they are available. For this, run the terminal and check by typing the commands and hit tabs as shown in below figure.


You can see that GCC and GDB are installed already.

Some Basics
 
What is GCC?
 GCC is  basically a “C” programming language compiler and stands for GNU    Compiler  Collection and includes front ends for C, C++, Objective-C, Fortran, Java, Ada, and Go, as well as libraries for these languages (libstdc++, libgcj,...). GCC was originally written as the compiler for the GNU operating system. 

Vendor Website: https://gcc.gnu.org/.

What is GDB?
 
GDB is basically a debugger called GNU Debugger or project debugger, which allows you to see what is going on inside another program during its execution
GDB can perform certain tasks as of its main kind or types as claimed by the vendor. These are listed below.

• Start your program, specifying anything that might affect its behavior.
• Make your program stop on specified conditions.
• Examine what has happened, when your program has stopped. 
• Change things in your program so you can experiment with correcting the     effects of one bug and go on to learn about another.

Vendor Website: http://www.gnu.org/software/gdb/.

 
Key Note  These two software programs don’t depend on Ubuntu but are freely available for any Linux based operating system. Most of the well known Linux OSs come pre-installed with these software programs as they form the base of many key programs specially designed for programmers and development sides.


 It is well known in the industry of exploit development that you should be good at understanding Linux if you want to become an expert in exploit coding.

GDB Environment  

 To  make good  use  of  GDB,  you need to know a handful of its commands in  order to  perform required tasks. It’s worthwhile that you should memorize or  practice these commands to  be  familiar  with the GDB environment. For your reference, we have provided the list of commands available in the GDB environment so that you don’t need to search.














Popular posts from this blog

Bypassing Web Application Firewall Part - 2

WAF Bypassing with SQL Injection HTTP Parameter Pollution & Encoding Techniques HTTP Parameter Pollution is an attack where we have the ability to override or add HTTP GET/POST parameters by injecting string delimiters. HPP can be distinguished in two categories, client-side and server-side, and the exploitation of HPP can result in the following outcomes:  •Override existing hardcoded HTTP parameters  •Modify the application behaviors   •Access and potentially exploit uncontrollable variables  • Bypass input validation checkpoints and WAF rules HTTP Parameter Pollution – HPP   WAFs, which is the topic of interest, many times perform query string parsing before applying the filters to this string. This may result in the execution of a payload that an HTTP request can carry. Some WAFs analyze only one parameter from the string of the request, most of the times the first or the last, which may result in a bypass of the WAF filters, and execution of the pa...
Read more

Bypassing Web Application Firewall Part - 4

Securing WAF and Conclusion DOM Based XSS DOM based XSS is another type of XSS that is also used widely, and we didn’t discuss it in module 3. The DOM, or Document Object Model, is the structural format used to represent documents in a browser. The DOM enables dynamic scripts such as JavaScript to reference components of the document such as a form field or a session cookie, and it is also a security feature that limits scripts on different domains from obtaining cookies for other domains. Now, the XSS attacks based on this is when the payload that we inject is executed as a result of modifying the DOM environment in the victim’s browser, so that the code runs in an unexpected way. By this we mean that in contrast with the other two attacks, here the page that the victim sees does not change, but the injected code is executed differently because of the modifications that have been done in the DOM environment, that we said earlier. In the other XSS attacks, we saw the injected code was ...
Read more

Hacking - Best OF Reverse Engineering - Part7

How to Disassemble and Debug Executable Programs on Linux, Windows and Mac OS X? The Interactive Disassembler Professional (IDA Pro) is an extremely powerful disassembler distributed by Hex-Rays. Although IDA Pro is not the only disassembler, it is the disassembler of choice for many malware analysts, reverse engineers, and vulnerability analysts. The program is published by Hex-Rays (http://www.hex-rays.com), which provides a free version for noncommercial uses that is one version less than the current paid version. It is now version 5.0. IDA Pro will disassemble an entire program and perform tasks such as function discovery, stack analysis, local variable identification, and much more. IDA Pro includes extensive code signatures within its Fast Library Identification and Recognition Technology (FLIRT), which allows it to recognize and label a disassembled function, especially library code added by a compiler. IDA Pro is meant to be interactive, and all aspects of its disasse...
Read more