Posted in debugger, Nasm - Netwide Assembler, Programming-Assembly, Programming-c on July 12, 2020| Leave a Comment »
You can set breakpoint with a condition. This is very useful if want to observe a certain location and stop it if the condition is reach.
In this tutorial I use:
-Xubuntu 18.04
-GNU gdb (Ubuntu 8.1-0ubuntu3.2) 8.1.0.20180409-git
-NASM version 2.13.02
-GNU ld (GNU Binutils for Ubuntu) 2.30
Use the simple assembly code below:
1 section .text 2 global _start 3 4 _start: 5 6 mov rax,3 7 mov rbx,2 8 add rax,rbx 9 sub rbx,1 10 11 ;Exit 12 mov eax,1 13 mov ebx,0 14 int 0x80
Posted in Hacking, Nasm - Netwide Assembler, Programming-Assembly, Programming-c on May 8, 2020| Leave a Comment »
What is shellcode?
Shellcode is a set of instruction written in machine code which is generally used as payload in the exploitation of software vunerability. Since it starts with command shell that’s why it is named as Shellcode.
It’s the sampel of shellcode:
“\x48\x65\x6c\x6c\x6f\x20\x57\x6f\x72\x6c\x64\x21\x0a”
It stands for ‘Hello World!’.
For writing shellcode, you must familiar with Assembly Language programming and target hardware architecture. You can’t write shellcode for 32bit architecture and run in it 64bit architecture because the instruction codes that are loaded into the memory layout is also different.
If you write a program with c language, run it in 32bit architecture, the instruction codes will be loaded above stack but in 64bit it will be loaded above the heap.
It depend also on Operating System used. That’s why shellcode is designed for specific target system that take advantages its vulnerability.
Efficiency is needed when you wrote shellcode because it related with the size of buffer.
In this tutorial, I run the shellcode under Linux Ubuntu 18.04.4 LTS 32 bit in docker container. My hardware architecture is AMD ryzen 64bit. For programming I use gcc (Ubuntu 7.5.0-3ubuntu1~18.04) 7.5.0 for compiling c code, NASM version 2.13.02 for compiling assembly code and GNU objdump (GNU Binutils for Ubuntu) 2.30 for display machine code.
Writing shellcode also a bit tricky.
I give you an example.
Below is the assembly code to display “hello word!”.
Assembly code 1 (hello1)
1 section .text 2 global _start 3 4 _start: 5 6 ;Display Message 7 mov eax,4 ;syswrite=4 8 mov ebx,1 ;stdout=1 9 mov ecx,msg 10 mov edx,lenmsg 11 int 0x80 ;System Call 12 13 ;Exit 14 mov eax,1 15 mov ebx,0 16 int 0x80 17 18 section .data 19 msg db 'Hello World!',0xa 20 lenmsg equ $ - msg
I compile and run this code. root@fc9fca692021:/home/darklinux# nasm -f elf32 hello1.asm -o hello1.o root@fc9fca692021:/home/darklinux# ld hello1.o -o hello1 root@fc9fca692021:/home/darklinux# ./hello1 Hello World! root@fc9fca692021:/home/darklinux#
It runs perfect.
Posted in debugger, Programming-c on February 7, 2019| Leave a Comment »
When you frequently work with the same file and do repeating the same process after you load your program, gdb provide easier solution for you.
I will give you an example.
Type the code below and save it to ‘keypress.c’.
1 #include
2 main()
3 {
4 printf("Press any key to continue.\n");
5 getchar();
6 }
Compile the program with debugging function.
$ gcc keypress.c -g -o keypress $
I will show you if you do normal debugging. There few commands that I run here. One by one.
$ gdb keypress -silent Reading symbols from /home/darklinux/keypress...done.
(gdb) set disassembly-flavor intel
(gdb) break main Breakpoint 1 at 0x804841d: file keypress.c, line 4.
(gdb) run
Starting program: /home/darklinux/keypress
Breakpoint 1, main () at keypress.c:4
4 printf("Press any key to continue.\n");
(gdb) list 1,6
1 #include
2 main()
3 {
4 printf("Press any key to continue.\n");
5 getchar();
6 }
(gdb) disassemble /m main
Dump of assembler code for function main:
3 {
0x08048414 <+0>: push ebp
0x08048415 <+1>: mov ebp,esp
0x08048417 <+3>: and esp,0xfffffff0
0x0804841a <+6>: sub esp,0x10
4 printf("Press any key to continue.\n");
=> 0x0804841d <+9>: mov DWORD PTR [esp],0x8048500
0x08048424 <+16>: call 0x8048330 <puts@plt>
5 getchar();
0x08048429 <+21>: call 0x8048320 <getchar@plt>
6 }
0x0804842e <+26>: leave
0x0804842f <+27>: ret
End of assembler dump.
(gdb)
Posted in debugger, Programming-c on February 7, 2019| Leave a Comment »
Gnu Debugger not only can debug a program file but it can also do debugging with a running program.
Type the codes below and save it to ‘keypress.c’.
1 #include
2 main()
3 {
4 printf("Press any key to continue.\n");
5 getchar();
6 }
Compile and run the program
$ gcc keypress.c -g -o keypress $ ./keypress Press any key to continue.
Open another Linux Terminal and type: ps -aux | grep keypress to find the PID number.
$ ps -aux | grep keypress Warning: bad ps syntax, perhaps a bogus '-'? See http://procps.sf.net/faq.html 1000 3392 0.0 0.0 1820 244 pts/0 S+ 08:56 0:00 ./keypress 1000 3457 0.0 0.0 4188 788 pts/1 S+ 08:57 0:00 grep --color=auto keypress $
Debug the program with gdb. In order to do that, you have to be root otherwise you will get the error below.
$ gdb -pid 3392 -silent Attaching to process 3392 Could not attach to process. If your uid matches the uid of the target process, check the setting of /proc/sys/kernel/yama/ptrace_scope, or try again as the root user. For more details, see /etc/sysctl.d/10-ptrace.conf ptrace: Operation not permitted. (gdb)
Now, you can debug the program with gdb.
$ sudo gdb --pid 3392 -silent
[sudo] password for darklinux:
Attaching to process 3392
Reading symbols from /home/darklinux/keypress...done.
Reading symbols from /lib/i386-linux-gnu/libc.so.6...(no debugging symbols found)...done.
Loaded symbols for /lib/i386-linux-gnu/libc.so.6
Reading symbols from /lib/ld-linux.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib/ld-linux.so.2
0x00ba5416 in __kernel_vsyscall ()
(gdb) list
1 #include
2 main()
3 {
4 printf("Press any key to continue.\n");
5 getchar();
6 }
(gdb)
Posted in Programming in Linux, Programming-Assembly, Programming-c, Uncategorized on December 30, 2018| Leave a Comment »
In this tutorial I will show you how to generate assembly language code from c using gcc.
First, type the c code below, save it to ‘hello.c’.
1 #include
2 main()
3 {
4 printf("Hello World!\n");
5 return 0;
6 }
To generate assembly code use option -S.
$ gcc -S hello.c -o hello.s
Check the result
$ ls -l hello.s -rwxrwxr-x 1 darklinux darklinux 491 2018-12-29 18:10 hello.s $
Open with text editor.
1 .file "hello.c" 2 .section .rodata 3 .LC0: 4 .string "Hello World!" 5 .text 6 .globl main 7 .type main, @function 8 main: 9 .LFB0: 10 .cfi_startproc 11 pushl %ebp 12 .cfi_def_cfa_offset 8 13 .cfi_offset 5, -8 14 movl %esp, %ebp 15 .cfi_def_cfa_register 5 16 andl $-16, %esp 17 subl $16, %esp 18 movl $.LC0, (%esp) 19 call puts 20 movl $0, %eax 21 leave 22 .cfi_restore 5 23 .cfi_def_cfa 4, 4 24 ret 25 .cfi_endproc 26 .LFE0: 27 .size main, .-main 28 .ident "GCC: (Ubuntu/Linaro 4.6.1-9ubuntu3) 4.6.1" 29 .section .note.GNU-stack,"",@progbits 30
Posted in Nasm - Netwide Assembler, Programming in Linux, Programming-Assembly, Programming-c on December 15, 2018| Leave a Comment »
Assembly Language is the most difficult programming language to learn, to code and to maintain. It’s not portable because it depends on the type processors and operating system. Instruction code in Intel will be different with PowerPC, Motorola any other processors. Although AMD processor is Intel Compatible but not all codes in Intel can run on AMD.
Programming will take longer time because it will take more codes for just simple print ‘Hello word’. More codes mean more difficult to debug when there is a problem. I will show you later.
So, if it’s
-difficult to develop -difficult to maintain -not portable
Why do we still need programming in Assembly?
There are 2 main reasons:
-Assembly Language is Very efficient in term of space in Hard disk, space in Memory and Speed. -Direct access to hardware
Assembly is very efficient in time consumption when related with speed. It take less memory space and hard disk space compare to other programs which is written in high level language that perform the same task.
Then people will say, now, hard disk and memory are getting cheaper, so space of hard disk and memory are not the issue. And compilers are getting “smarter”. It can generate codes that much more efficient in space and time efficiency.
So, why still assembly.
(more…)
| M | T | W | T | F | S | S |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | 5 | ||
| 6 | 7 | 8 | 9 | 10 | 11 | 12 |
| 13 | 14 | 15 | 16 | 17 | 18 | 19 |
| 20 | 21 | 22 | 23 | 24 | 25 | 26 |
| 27 | 28 | 29 | 30 | 31 | ||
 | taufanlubis on Forex Trading in Ubuntu with… |
 | timmy on Linux game – konquest |
 | Mohanakrishnan on Virtual Box – How to Install C… |
| Fred Souza on Intel and AMD Processor Byte o… | |
 | rods on How to install bluesnarfer in… |
Taufan Lubis - Ubuntu Linux 