Useful Tools
Also check out the COMP6447 Lab 0
Syscall Reference
A table of register parameters for Linux system calls.
Useful for crafting shellcode, and for when you are trying to find gadgets for ROP chaining
Binary Ninja
Binary Ninja is a disassembler (like IDA, Radare, Ghidra) that helps you visualise the machine code of executables and libraries.
The free version has a 25 minute time limit, so if you use this you'll just need to restart the app every 25 minutes, or purchase a license.
(Note: Students get 75% off the license - It's still like $80 but hey find a group and chip in or something idk)
There's a Cloud Version of Binary Ninja as well, but I've never tried it before so... let me know how it is if you try it out!
objdump
objdump
is a default Linux tool to inspect a binary
Note - By default instructions use the AT&T syntax, I prefer the Intel syntax.
You can use the Intel syntax with the -M intel
flag
pwndbg
pwndbg
is a plugin for GDB (yes that ugly thing), that makes it less ugly and even somewhat usable!
You get 🌈COLOURS🌈 and additional functions that make it much easier to revese engineer!
pwntools
pwntools
is a Python library that contains useful functions to analyse and interact with executables and libraries.
It's especially useful and is crucial (unless you use an alternative) to writing consistent automated exploits - both locally and remotely!
grep + ropper = gropper
A quick function I wrote up to perform grep
on the results of ropper
A past tutor made a tool called ropr
which is probably better, but I've never used it.
ASLR Disabler
When it comes to understanding the fundamentals of RE, Address Space Layout Randomisation can be a pain.
There are several ways to turn it off - both permanently and temporarily.
This alias is my preferred way to quickly launch a single program with ASLR turned off
alias aslr="setarch `uname -m` -R"
$> aslr ./myProgram
This program does not have ASLR on yay! 0x8000fa7
pwndocker
pwndocker
is a third-party Docker image that contains a bunch of tools that you'll probably want to use!
I personally used pwndocker
solely throughout the course, as I didn't want to install heaps of stuff on my main computer.
If you're interested, I've created a script that launches pwndocker
and binds the main directory to your current directory.
alias banana=/opt/startPwnDocker.sh
$> banana
Launching pwndocker
--------------------
/ctf/work 12:34:56 0
#
pwntools Template Script