能帮到你的话,就给个赞吧 😘
环境:ubuntu16.04,默认python版本为2.7.12(python -V)
ROPGenerator:
···········条件:仅支持python2版本
···········安装:打开终端 输入如下
····················git clone https://gitee.com/ButterflyBro/ropgenerator.git ~/ROPGenerator(下载到 ~下),进入其目录打开终端输入$ python setup.py install --user
···········运行:$ ROPGenerator
peda:
···········条件:仅支持python2版本
···········安装:打开终端 输入如下
····················git clone https://github.com/longld/peda.git ~/peda
····················echo “source ~/peda/peda.py” >> ~/.gdbinit
···········如果第一条命令失败,则是因为无法访问GitHub造成,可将第一条换成git clone https://gitee.com/ButterflyBro/peda.git ~/peda
···········运行:成功的话输入gdb则显示为gdb-peda
radare2:
···········安装:打开终端输入sudo apt-get install radare2即可成功
ROPgadget:
···········安装:打开终端输入pip install ropgadget即可成功
···········运行:安装成功后它的命令为ROPgadget,而不是ropgadget,如ROPgadget --binary 文件名。(例:ROPgadget --binary write432 --only “mov|pop|ret”)
pwntools:
···········安装:打开终端输入
····················sudo apt-get install libffi-dev
····················sudo apt-get install libssl-dev
····················pip install pwntools -i https://pypi.tuna.tsinghua.edu.cn/simple/
···········注意:中间若有Failed building wheel for unknown,可不管。打开python,import pwn 即可查看是否成功
gef:
···········安装:wget -q -O ~/.gdbinit-gef.py
https://github.com/hugsy/gef/raw/master/gef.py
或wget -q -O ~/.gdbinit-gef.py
https://gitee.com/ButterflyBro/gef/raw/master/gef.py
····················echo source ~/.gdbinit-gef.py >> ~/.gdbinit
gdb插件选择功能:
···········由于gdb一次只能使用一个插件,不能来回切换,所以我们要写一个切换的脚本。
···········先打开.gdbinit文件,我的是在~目录下,sudo gedit ~/.gdbinit,可以看到source代码,这个便是gdb启动时执行插件的代码,我们将source注释掉(#即可注释),然后再输入#this place is controled by user's shell
即可
···········echo $PATH :显示环境变量 选择一个目录,例如我的是/usr/local/sbin
···········进入目录 创建脚本
·················cd /usr/local/sbin
·················sudo gedit gdb.sh
粘贴如下代码
#!/bin/bash
function Mode_change {
name=$1
gdbinitfile=~/.gdbinit #这个路径按照你的实际情况修改
# gdbinitfile=/root/Desktop/mode
peda="source ~/peda/peda.py" #这个路径按照你的实际情况修改
gef="source ~/.gdbinit-gef.py" #这个路径按照你的实际情况修改
# pwndbg="source /opt/pwndbg/gdbinit.py" #这个路径按照你的实际情况修改
sign=$(cat $gdbinitfile | grep -n "#this place is controled by user's shell")
#此处上面的查找内容要和你自己的保持一致
pattern=":#this place is controled by user's shell"
number=${sign%$pattern}
location=$[number+2]
parameter_add=${location}i
parameter_del=${location}d
message="TEST"
if [ $name -eq "1" ];then
sed -i "$parameter_del" $gdbinitfile
sed -i "$parameter_add $peda" $gdbinitfile
echo -e "Please enjoy the peda!\n"
elif [ $name -eq "2" ];then
sed -i "$parameter_del" $gdbinitfile
sed -i "$parameter_add $gef" $gdbinitfile
echo -e "Please enjoy the gef!\n"
# else
# sed -i "$parameter_del" $gdbinitfile
# sed -i "$parameter_add $pwndbg" $gdbinitfile
# echo -e "Please enjoy the pwndbg!\n"
fi
}
echo -e "Please choose one mode of GDB?\n1.peda 2.gef "
read -p "Input your choice:" num
if [ $num -eq "1" ];then
Mode_change $num
elif [ $num -eq "2" ];then
Mode_change $num
#elif [ $num -eq "3" ];then
# Mode_change $num
else
echo -e "Error!\nPleasse input right number!"
fi
gdb $1 $2 $3 $4 $5 $6 $7 $8 $9
然后再赋予其执行权限,chomd 777 gdb.sh即可
接着gdb.sh即可执行
参考:
https://blog.csdn.net/weixin_42390670/article/details/96450388
https://www.cnblogs.com/pcat/p/5451780.html
https://www.cnblogs.com/binlmmhc/p/6524441.html
https://blog.csdn.net/gatieme/article/details/63254211
https://www.jianshu.com/p/94a71af2022a