Vulnerability Check
Vulnerability check is to determine if the binary has some protection, such as ASLR, NX bit etc.
Some command lines in Linux allows us to check on this :
- checksec
- hardening-check
- rabin2 -I
- readelf -l [BINARY] | grep GNU_STACK : Read / Write / Execute
- file
- ldd : show the library that is linked dynamically to the binary
GDB commands
Some GDB commands are very useful for binary exploitation, it makes your life easier.
- info file
- info function
- print / p
- x/x 0x1337: print address
- x/s 0x1337: print string
- dissass : show the disassembly function
- x/15i $rip : show the next 15 instruction of the program
- set {int}0x1337 = 0x1234 : set value in an address
it is useful to automate some commands in GDB, we want to print the stack, print the register, print the next 4 instructions after each break point
define hook-stop
info reg
x/24wx $rsp
x/3i $rip
end
GDB commands
To exploit binaries, it is useful to have some knowledge about x32 or x64 binary
- RDI : 1st argument
- RSI : 2nd argument
- RDX : 3rd argument
- RCX : 4th argument
Those registers are always placed before the instruction CALL.