从零开始配置pwn环境

想法

刚装好新电脑,配置pwn环境的时候感觉很多细节很累人,所以有了这篇文章备忘。

目标

ubuntu18.04 配好了pwntools、pwndbg、能换几个常见libc

虚拟机本体

推荐VMware,版本自然是越新越好,找ubuntu18镜像也不必多说,然后就是自动的安装,由于要编译libc,最好给的磁盘空间比默认的20g大一点

换源

全部应用里找到Software & Updates打开
Ubuntu software->Download from里选成mirrors.aliyun.com

安装软件

安装python2
sudo apt install python
安装pip
sudo apt install python-pip
安装pwntools
sudo pip install pwntools --default-timeout=10000
安装git
sudo apt install git
克隆pwndbg
git clone https://gitee.com/d1gg12/pwndbg.git
修改一下安装里的超时时间
cd pwndbg
gedit setup.sh

1
2
3
4
5
6
7
8
# Upgrade pip itself
-${PYTHON} -m pip install ${INSTALLFLAGS} --upgrade pip
+${PYTHON} -m pip install ${INSTALLFLAGS} --upgrade pip --default-timeout=10000

# Install Python dependencies
-${PYTHON} -m pip install ${INSTALLFLAGS} -Ur requirements.tx
+${PYTHON} -m pip install ${INSTALLFLAGS} -Ur requirements.txt --default-timeout=10000

sudo ./setup.sh
安装one_gadget
sudo apt -y install ruby
sudo gem install one_gadget

安装seccomp-tools
sudo apt install gcc ruby-dev
sudo gem install seccomp-tools

改变ld脚本

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
#coding:utf-8
from pwn import *
import os
def change_ld(binary, ld):
if not os.access(ld, os.R_OK):
log.failure("Invalid path {} to ld".format(ld))
return None
if not os.access(binary, os.R_OK):
log.failure("Invalid path {} to binary".format(binary))
return None
binary = ELF(binary)
path = './{}_{}'.format(os.path.basename(binary.path), ld.split('.')[-2])
if os.access(path, os.F_OK):
os.remove(path)
print("remove exist file.....")
return ELF(path)
for segment in binary.segments:
if segment.header['p_type'] == 'PT_INTERP':
size = segment.header['p_memsz']
addr = segment.header['p_paddr']
data = segment.data()
if size <= len(ld):
log.failure("Failed to change PT_INTERP from {} to {}".
format(data, ld))
return None
binary.write(addr, ld.ljust(size, '\x00'))
break
binary.save(path)
os.chmod(path, 0b111000000) #rwx------
success("PT_INTERP has changed from {} to {}. Using temp file {}".format(data, ld, path))
return ELF(path)

编译libc

尽量别在共享目录下编译
安装gawk和bison
sudo apt install gawk
sudo apt install bison
下载libc
https://links.jianshu.com/go?to=https%3A%2F%2Fmirrors.tuna.tsinghua.edu.cn%2Fgnu%2Fglibc%2F
mkdir libc&&cd libc
wget https://mirrors.tuna.tsinghua.edu.cn/gnu/glibc/glibc-*.tar.gz
tar -xvf glibc-*.tar.gz
mkdir glibc-*_build
mkdir glibc-*_out
mkdir glibc-*out/etc
touch glibc-*_out/etc/ld.so.conf
cd glibc-*_build
../glibc-*/configure '--prefix=/home//libc/glibc-*_out'
libc.so在glibc-*_build/
ld.so在glibc-*_build/elf/
这方法编译glibc-2.29没问题
貌似在ubuntu18下,编译glibc-2.23有点问题
可以参考
https://n132.github.io/2018/04/30/2018-04-30-%E7%BC%96%E8%AF%91-Libc-2-23/

  • 版权声明: 本博客所有文章除特别声明外,著作权归作者所有。转载请注明出处!

请我喝杯咖啡吧~

支付宝
微信