add hacking blogposts as they are

2025-05-07 01:02:00 +02:00 · 2025-05-07 01:02:00 +02:00 · 325b9c3814
commit 325b9c3814
parent fa65088be1
1904 changed files with 91353 additions and 0 deletions
--- a/0/0.md
+++ b/0/0.md
@ -0,0 +1,38 @@
+# Binary Exploitation
+
+## Title 
+
+text 
+    
+    
+    
+
+` ![]()
+
+## Title 
+
+text 
+    
+    
+    
+
+` ![]()
+
+## Title 
+
+text 
+    
+    
+    
+
+` ![]()
+
+## Title 
+
+text 
+    
+    
+    
+
+` ![]()
+
--- a/0/1.png
+++ b/0/1.png
--- a/0/10.png
+++ b/0/10.png
--- a/0/11.png
+++ b/0/11.png
--- a/0/2.png
+++ b/0/2.png
--- a/0/3.png
+++ b/0/3.png
--- a/0/4.png
+++ b/0/4.png
--- a/0/5.png
+++ b/0/5.png
--- a/0/6.png
+++ b/0/6.png
--- a/0/7.png
+++ b/0/7.png
--- a/0/8.png
+++ b/0/8.png
--- a/0/9.png
+++ b/0/9.png
--- a/0/gdb.md
+++ b/0/gdb.md
@ -0,0 +1,140 @@
+# GDB + GEF
+
+GDB, the GNU project debugger, allows you to see what is going on inside another program while it executes, or what said program was doing at the moment it crashed. GDB supports Ada, Assembly, C, C++, D, Frotan, Go, Objective-C, OpenCL, Modula-2, Pascal and Rust. For more information, click [here](https://www.gnu.org/software/gdb/).
+
+However, GDB is very old school, so we will use GEF to enhance the usage of gdb, it is a set of commands for x86/64, ARM, MIPS,PowerPC and SPARC that provides additional features to GDB using the Python API to assist during the dynamic analysis and exploit development. For more information, click [here](https://github.com/hugsy/gef).
+
+## Installation 
+
+To install gdb you can find it in most repositories of popular linux distributions: 
+    
+    
+    #Arch Linux:
+    [ 192.168.0.18/24 ] [ /dev/pts/15 ] [~]
+    → pacman -Ss gdb
+    extra/gdb 10.1-4
+        The GNU Debugger
+    
+    [ 192.168.0.18/24 ] [ /dev/pts/15 ] [~]
+    → pacman -S gdb
+    
+    
+    #Kali / Debian:
+    [ 10.10.14.17/23 ] [ /dev/pts/3 ] [~]
+    → apt search gdb
+    gdb/kali-rolling,now 10.1-1.7 amd64 [installed]
+      GNU Debugger
+    
+    [ 10.10.14.17/23 ] [ /dev/pts/3 ] [~]
+    → apt install gdb -y
+    
+
+To install GEF we will follow the instructions from the main website:
+    
+    
+    
+    [ 10.10.14.17/23 ] [ /dev/pts/3 ] [~]
+    → sh -c "$(wget http://gef.blah.cat/sh -O -)"
+    --2021-02-21 16:20:00--  http://gef.blah.cat/sh
+    Resolving gef.blah.cat (gef.blah.cat)... 40.121.232.30
+    Connecting to gef.blah.cat (gef.blah.cat)|40.121.232.30|:80... connected.
+    HTTP request sent, awaiting response... 301 Moved Permanently
+    Location: https://github.com/hugsy/gef/raw/master/scripts/gef.sh [following]
+    --2021-02-21 16:20:01--  https://github.com/hugsy/gef/raw/master/scripts/gef.sh
+    Resolving github.com (github.com)... 140.82.121.4
+    Connecting to github.com (github.com)|140.82.121.4|:443... connected.
+    HTTP request sent, awaiting response... 302 Found
+    Location: https://raw.githubusercontent.com/hugsy/gef/master/scripts/gef.sh [following]
+    --2021-02-21 16:20:01--  https://raw.githubusercontent.com/hugsy/gef/master/scripts/gef.sh
+    Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 185.199.111.133, 185.199.109.133, 185.199.108.133, ...
+    Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|185.199.111.133|:443... connected.
+    HTTP request sent, awaiting response... 200 OK
+    Length: 565 [text/plain]
+    Saving to: ‘STDOUT’
+    
+    -                                                                   100%[=================================================================================================================================================================>]     565  --.-KB/s    in 0s
+    
+    2021-02-21 16:20:01 (49.8 MB/s) - written to stdout [565/565]
+    
+    sh: 6: test: unexpected operator
+    
+    [ 10.10.14.17/23 ] [ /dev/pts/3 ] [~]
+    → ls -lash ~/.gdbinit
+    4.0K -rw-r--r-- 1 nothing nothing 58 Feb 21 16:20 /home/nothing/.gdbinit
+    
+    
+
+Now when you try to launch gdb, you see that you are correctly launching gef:
+
+![](1.png)
+
+If you get any errors as you launch gdb - gef for the first time, just run the required pip install commands:
+
+![](2.png)
+    
+    
+    gef➤  q
+    
+    [ 10.10.14.17/23 ] [ /dev/pts/3 ] [~]
+    → sudo apt install python3-pip -y
+    
+    [ 10.10.14.17/23 ] [ /dev/pts/3 ] [~]
+    → pip3 install keystone-engine unicorn ropper
+    Collecting keystone-engine
+      Downloading keystone_engine-0.9.2-py2.py3-none-manylinux1_x86_64.whl (1.8 MB)
+         |████████████████████████████████| 1.8 MB 2.3 MB/s
+    Collecting unicorn
+      Downloading unicorn-1.0.2-py2.py3-none-manylinux1_x86_64.whl (8.1 MB)
+         |████████████████████████████████| 8.1 MB 6.3 MB/s
+    Collecting ropper
+      Downloading ropper-1.13.6.tar.gz (71 kB)
+         |████████████████████████████████| 71 kB 2.2 MB/s
+    Collecting filebytes>=0.10.0
+      Downloading filebytes-0.10.2.tar.gz (20 kB)
+    Building wheels for collected packages: ropper, filebytes
+      Building wheel for ropper (setup.py) ... done
+      Created wheel for ropper: filename=ropper-1.13.6-py3-none-any.whl size=99735 sha256=2f90a4e8a5b14f1c8c3abd0700b1e56ff8dbc7f3d165a5f69790c31cedd8948b
+      Stored in directory: /home/nothing/.cache/pip/wheels/77/a4/5d/a4bc1b653bdcce30a17b5cdda8f19da11444bb8640d03ab678
+      Building wheel for filebytes (setup.py) ... done
+      Created wheel for filebytes: filename=filebytes-0.10.2-py3-none-any.whl size=27853 sha256=17cf4812a6b16ee7c92a4ba259326c61fbfab4cf3c05ace2cb627a0de892d27f
+      Stored in directory: /home/nothing/.cache/pip/wheels/c2/51/58/98925d75705ee4df10da42a098d956183bb70661698fd07753
+    Successfully built ropper filebytes
+    Installing collected packages: keystone-engine, unicorn, filebytes, ropper
+      WARNING: The script ropper is installed in '/home/nothing/.local/bin' which is not on PATH.
+      Consider adding this directory to PATH or, if you prefer to suppress this warning, use --no-warn-script-location.
+    Successfully installed filebytes-0.10.2 keystone-engine-0.9.2 ropper-1.13.6 unicorn-1.0.2
+    
+    
+    
+
+Once you're here, you're good to go
+
+![](3.png)
+
+## Title 
+
+text 
+    
+    
+    
+
+` ![]()
+
+## Title 
+
+text 
+    
+    
+    
+
+` ![]()
+
+## Title 
+
+text 
+    
+    
+    
+
+` ![]()
+
--- a/0/ghidra.md
+++ b/0/ghidra.md
@ -0,0 +1,164 @@
+# Ghidra 
+
+Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including Windows, macOS, and Linux. Capabilities include disassembly, assembly, decompilation, graphing, and scripting, along with hundreds of other features. Ghidra supports a wide variety of processor instruction sets and executable formats and can be run in both user-interactive and automated modes.
+
+## Installation
+
+To install Ghidra, we will follow the instructions listed [here](https://www.ghidra-sre.org/InstallationGuide.html)
+
+First install java: 
+    
+    
+    [ 10.10.14.17/23 ] [ /dev/pts/3 ] [~]
+    → sudo apt update -y ; sudo apt upgrade -y ; sudo apt install default-jdk -y
+    
+    
+    [ 192.168.100.126/24 ] [ /dev/pts/1 ] [~]
+    → java -version
+    openjdk version "11.0.10" 2021-01-19
+    OpenJDK Runtime Environment (build 11.0.10+9-post-Debian-1)
+    OpenJDK 64-Bit Server VM (build 11.0.10+9-post-Debian-1, mixed mode, sharing)
+    
+    
+
+From here, just go to ghidra's main website to download the zip file: 
+
+![](4.png)
+    
+    
+    [ 192.168.100.126/24 ] [ /dev/pts/1 ] [~/Tools/ghidra]
+    → wget https://www.ghidra-sre.org/ghidra_9.2.2_PUBLIC_20201229.zip
+    --2021-02-21 23:10:29--  https://www.ghidra-sre.org/ghidra_9.2.2_PUBLIC_20201229.zip
+    Resolving www.ghidra-sre.org (www.ghidra-sre.org)... 13.249.9.44, 13.249.9.83, 13.249.9.20, ...
+    Connecting to www.ghidra-sre.org (www.ghidra-sre.org)|13.249.9.44|:443... connected.
+    HTTP request sent, awaiting response... 200 OK
+    Length: 317805407 (303M) [application/zip]
+    Saving to: ‘ghidra_9.2.2_PUBLIC_20201229.zip’
+    
+    ghidra_9.2.2_PUBLIC_20201229.zip                                                100%[=======================================================================================================================================================================================================>] 303.08M  10.9MB/s    in 29s
+    
+    2021-02-21 23:10:58 (10.5 MB/s) - ‘ghidra_9.2.2_PUBLIC_20201229.zip’ saved [317805407/317805407]
+    
+    
+    [ 192.168.100.126/24 ] [ /dev/pts/1 ] [~/Tools/ghidra]
+    → unzip ghidra_9.2.2_PUBLIC_20201229.zip
+    
+
+Now from here, we need the ghidraRun binary to launch ghidra:
+    
+    
+    [ 192.168.100.126/24 ] [ /dev/pts/1 ] [~/Tools/ghidra]
+    → ls -l
+    total 310368
+    drwxr-xr-x 9 nothing nothing      4096 Dec 29 17:22 ghidra_9.2.2_PUBLIC
+    -rw-r--r-- 1 nothing nothing 317805407 Jan 19 17:53 ghidra_9.2.2_PUBLIC_20201229.zip
+    
+    [ 192.168.100.126/24 ] [ /dev/pts/1 ] [~/Tools/ghidra]
+    → cd ghidra_9.2.2_PUBLIC
+    
+    [ 192.168.100.126/24 ] [ /dev/pts/1 ] [Tools/ghidra/ghidra_9.2.2_PUBLIC]
+    → ls
+    docs  Extensions  Ghidra  ghidraRun  ghidraRun.bat  GPL  LICENSE  licenses  server  support
+    
+    [ 192.168.100.126/24 ] [ /dev/pts/1 ] [Tools/ghidra/ghidra_9.2.2_PUBLIC]
+    → file ghidraRun
+    ghidraRun: Bourne-Again shell script, ASCII text executable
+    
+    [ 192.168.100.126/24 ] [ /dev/pts/1 ] [Tools/ghidra/ghidra_9.2.2_PUBLIC]
+    → cat ghidraRun
+    #!/usr/bin/env bash
+    
+    #----------------------------------------
+    # Ghidra launch
+    #----------------------------------------
+    
+    # Maximum heap memory may be changed if default is inadequate. This will generally be up to 1/4 of
+    # the physical memory available to the OS. Uncomment MAXMEM setting if non-default value is needed.
+    #MAXMEM=2G
+    
+    # Resolve symbolic link if present and get the directory this script lives in.
+    # NOTE: "readlink -f" is best but works on Linux only, "readlink" will only work if your PWD
+    # contains the link you are calling (which is the best we can do on macOS), and the "echo" is the
+    # fallback, which doesn't attempt to do anything with links.
+    SCRIPT_FILE="$(readlink -f "$0" 2>/dev/null || readlink "$0" 2>/dev/null || echo "$0")"
+    SCRIPT_DIR="${SCRIPT_FILE%/*}"
+    
+    # Launch Ghidra
+    "${SCRIPT_DIR}"/support/launch.sh bg Ghidra "${MAXMEM}" "" ghidra.GhidraRun "$@"
+    
+
+To make it more convenient, i make a symlink to a folder in PATH:
+    
+    
+    [ 192.168.100.126/24 ] [ /dev/pts/1 ] [Tools/ghidra/ghidra_9.2.2_PUBLIC]
+    → echo $PATH
+    /usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+    
+    [ 192.168.100.126/24 ] [ /dev/pts/1 ] [Tools/ghidra/ghidra_9.2.2_PUBLIC]
+    → sudo ln -s $(pwd)/ghidraRun /usr/bin/ghidra
+    
+    [ 192.168.100.126/24 ] [ /dev/pts/1 ] [Tools/ghidra/ghidra_9.2.2_PUBLIC]
+    → ls -lash /usr/bin/ghidra
+    0 lrwxrwxrwx 1 root root 56 Feb 21 23:19 /usr/bin/ghidra -> /home/nothing/Tools/ghidra/ghidra_9.2.2_PUBLIC/ghidraRun
+    
+    [ 192.168.100.126/24 ] [ /dev/pts/1 ] [Tools/ghidra/ghidra_9.2.2_PUBLIC]
+    → which ghidra
+    /usr/bin/ghidra
+    
+    
+
+From here you can just type ghidra in your terminal or in dmenu or rofi or whatever you want, it will open up ghidra for you:
+
+![](5.png)
+
+Here you get a nice tutorial to let you know about ghidra's functionnalities, but you will want to create a new project and giving it a directory location:
+
+![](6.png)
+
+Just to test, we're going to copy a random binary locally and import it
+
+![](7.png)
+    
+    
+    [ 192.168.100.126/24 ] [ /dev/pts/3 ] [~/binexp]
+    → cp /bin/lspci .
+    
+    [ 192.168.100.126/24 ] [ /dev/pts/3 ] [~/binexp]
+    → ls -lash lspci
+    92K -rwxr-xr-x 1 nothing nothing 92K Feb 21 23:27 lspci
+    
+    
+
+` ![](8.png) ![](9.png) ![](10.png)
+
+And there you have it! You now have an imported a binary file to disassemble.
+
+![](11.png) ![]()
+
+## Title 
+
+text 
+    
+    
+    
+
+` ![]()
+
+## Title 
+
+text 
+    
+    
+    
+
+` ![]()
+
+## Title 
+
+text 
+    
+    
+    
+
+` ![]()
+
--- a/0/pwntools.md
+++ b/0/pwntools.md
@ -0,0 +1,86 @@
+# Python Pwntools
+
+Pwntools is a python ctf library designed for rapid exploit development. It helps us write exploits quickly, thanks to the functionnalities behind it. Pwntools has python2 and python3 versions, In this course we will use the python3 version since it is the most up to date.
+
+## Installation 
+
+The installation is fairly simple. Make sure you have python3 and python3-pip installed on your system, then run the following: 
+    
+    
+    
+    [ 10.10.14.17/23 ] [ /dev/pts/3 ] [~]
+    → which python3 pip3
+    /usr/bin/python3
+    /usr/bin/pip3
+    
+    
+    [ 10.10.14.17/23 ] [ /dev/pts/3 ] [~]
+    → sudo pip3 install pwn
+    [sudo] password for nothing:
+    
+    Collecting pwn
+      Downloading pwn-1.0.tar.gz (1.1 kB)
+    Collecting pwntools
+      Downloading pwntools-4.3.1-py2.py3-none-any.whl (10.0 MB)
+         |████████████████████████████████| 10.0 MB 12.3 MB/s
+    Requirement already satisfied: six>=1.12.0 in /usr/lib/python3/dist-packages (from pwntools->pwn) (1.15.0)
+    Requirement already satisfied: pyserial>=2.7 in /usr/lib/python3/dist-packages (from pwntools->pwn) (3.5b0)
+    Requirement already satisfied: requests>=2.0 in /usr/lib/python3/dist-packages (from pwntools->pwn) (2.25.1)
+    Requirement already satisfied: pygments>=2.0 in /usr/lib/python3/dist-packages (from pwntools->pwn) (2.7.1)
+    Requirement already satisfied: intervaltree>=3.0 in /usr/lib/python3/dist-packages (from pwntools->pwn) (3.0.2)
+    Requirement already satisfied: paramiko>=1.15.2 in /usr/lib/python3/dist-packages (from pwntools->pwn) (2.7.2)
+    Requirement already satisfied: sortedcontainers in /usr/lib/python3/dist-packages (from pwntools->pwn) (2.1.0)
+    Requirement already satisfied: python-dateutil in /usr/lib/python3/dist-packages (from pwntools->pwn) (2.8.1)
+    Requirement already satisfied: packaging in /usr/lib/python3/dist-packages (from pwntools->pwn) (20.8)
+    Requirement already satisfied: pysocks in /usr/lib/python3/dist-packages (from pwntools->pwn) (1.7.1)
+    Collecting unicorn<1.0.2rc4,>=1.0.2rc1
+      Downloading unicorn-1.0.2rc3-py2.py3-none-manylinux1_x86_64.whl (8.1 MB)
+         |████████████████████████████████| 8.1 MB 4.2 MB/s
+    Requirement already satisfied: mako>=1.0.0 in /usr/lib/python3/dist-packages (from pwntools->pwn) (1.1.3)
+    Requirement already satisfied: pip>=6.0.8 in /usr/lib/python3/dist-packages (from pwntools->pwn) (20.1.1)
+    Collecting ropgadget>=5.3
+      Downloading ROPGadget-6.5-py3-none-any.whl (31 kB)
+    Requirement already satisfied: capstone>=3.0.5rc2 in /usr/lib/python3/dist-packages (from pwntools->pwn) (4.0.2)
+    Requirement already satisfied: pyelftools>=0.2.4 in /usr/lib/python3/dist-packages (from pwntools->pwn) (0.27)
+    Requirement already satisfied: psutil>=3.3.0 in /usr/lib/python3/dist-packages (from pwntools->pwn) (5.7.3)
+    Building wheels for collected packages: pwn
+      Building wheel for pwn (setup.py) ... done
+      Created wheel for pwn: filename=pwn-1.0-py3-none-any.whl size=1220 sha256=35c1e3da705801680c0b2d0b440b1da8836bc2b32b4343d4aa751ffcf26abf78
+      Stored in directory: /root/.cache/pip/wheels/34/a6/82/682ac94b58ae2e949908f11392d778574372a6cedc78b4b0a5
+    Successfully built pwn
+    Installing collected packages: unicorn, ropgadget, pwntools, pwn
+    Successfully installed pwn-1.0 pwntools-4.3.1 ropgadget-6.5 unicorn-1.0.2rc3
+    
+    
+
+If you want the full documentation on pwntools, click [here](https://docs.pwntools.com/en/stable/).
+
+![]()
+
+## Title 
+
+text 
+    
+    
+    
+
+` ![]()
+
+## Title 
+
+text 
+    
+    
+    
+
+` ![]()
+
+## Title 
+
+text 
+    
+    
+    
+
+` ![]()
+