Differences
This shows you the differences between two versions of the page.
|
cns:labs:lab-01 [2020/10/12 16:27] dennis.plosceanu [Introduction] |
cns:labs:lab-01 [2021/10/12 16:07] (current) razvan.deaconescu [Tasks] |
||
|---|---|---|---|
| Line 8: | Line 8: | ||
| In the introductory lab we'll spice things up a bit by providing some simple binaries (with no source code) for you to play with. In order to solve the lab, you'll have to perform both **static analysis** and **dynamic analysis** on said binaries. | In the introductory lab we'll spice things up a bit by providing some simple binaries (with no source code) for you to play with. In order to solve the lab, you'll have to perform both **static analysis** and **dynamic analysis** on said binaries. | ||
| - | For consistency we recommend you use the provided [[cns:resources:vm|Kali Virtuam Machine]] for all the labs from this point forward. | + | For consistency we recommend you use the provided [[cns:resources:vm|Kali Virtual Machine]] for all the labs from this point forward. |
| - | As a bonus the same tasks in this lab are compiled for the ARM architecture, you can use the [[cns:resources:vm|Debian ARM Virtuam Machine]] for these tasks. | + | As a bonus the same tasks in this lab are compiled for the ARM architecture, you can use the [[cns:resources:vm|Debian ARM Virtual Machine]] for these tasks. |
| ===== Tasks ===== | ===== Tasks ===== | ||
| - | All content necessary for the CNS laboratory tasks can be found in [[cns:resources:repo|the CNS public repository]]. | + | All content necessary for the CNS laboratory tasks can be found in [[cns:resources:repo|the CNS public repository]], in the ''labs/01-introduction/'' folder. |
| ==== 1. even-password ==== | ==== 1. even-password ==== | ||
| Line 72: | Line 72: | ||
| <code> | <code> | ||
| $ # python | $ # python | ||
| - | $ python -c 'print ("\x02"*20 + "\x03")' # output 0x02 20 times, followed by 0x03 and a newline | + | $ python -c 'import sys; sys.stdout.buffer.write(b"\x02"*20 + b"\x03")' # output 0x02 20 times, followed by 0x03 and a newline |
| $ # perl | $ # perl | ||
| Line 165: | Line 165: | ||
| Try the above tasks using the ARM binaries. For static analysis you can use Radare2 directly on the host machine. For the other tools (gdb, strace, objdump) you can use the QEMU setup described in the introduction. | Try the above tasks using the ARM binaries. For static analysis you can use Radare2 directly on the host machine. For the other tools (gdb, strace, objdump) you can use the QEMU setup described in the introduction. | ||
| - | - For scrolling in the QEMU VM you can use ''Shift PageUp'' and ''Shift PageDown''. | ||
| - | - In order to copy the lab binaries in the QEMU machine, you can temporary mount and update the RPI image. | ||
| - | <code> | ||
| - | $ file 2015-05-05-raspbian-wheezy.img | ||
| - | ;; From the output of the file command, take the partition 2 'startsector' | ||
| - | ;; value an multiply by 512, and use this figure as the offset value in the mount command below. | ||
| - | $ sudo mount 2015-05-05-raspbian-wheezy.img -o offset=62914560 /mnt | ||
| - | ;; Add the tasks in the filesystem mounted in /mnt. | ||
| - | $ sudo umount 2015-05-05-raspbian-wheezy.img /mnt | ||
| - | </code> | ||
| - | |||
| - | <note tip> | ||
| - | You can also run qemu in a non-graphical mode so you can access it directly in your terminal window (like with ssh). | ||
| - | Instead of the command in the tutorial from the introduction run: | ||
| - | <code> | ||
| - | qemu-system-arm -kernel kernel-qemu-3.10.25-wheezy -cpu arm1176 -m 256 -M versatilepb -no-reboot -append "root=/dev/sda2 panic=1 rootfstype=ext4 rw init=/bin/bash console=ttyAMA0" -hda 2015-05-05-raspbian-wheezy.img -nographic -serial mon:stdio | ||
| - | </code> | ||
| - | </note> | ||
| ===== Resources ===== | ===== Resources ===== | ||
