How to use GDB

To view next 50 instructions

x/50si $rip

Get register info

info registers

Binary to shellcode

objdump -d ./example2|grep '[0-9a-f]:'|grep -v 'file'|cut -f2 -d:|cut -f1-6 -d' '|tr -s ' '|tr '\t' ' '|sed 's/ $//g'|sed 's/ /\\x/g'|paste -d '' -s |sed 's/^/"/'|sed 's/$/"/g'

Peak Stack:

x/64xw $rsp

Unset Environment It’s very important to note that the location of the stack might differ in gdb since it places additional environment variables before the stack. To emulate a more realistic execution environment, you can unset these variables in gdb before executing the program:

unset env LINES
unset env COLUMNS

Process debugging with Python

https://hexed.it/


In [14]: p = pwn.gdb.debug("/challenge/toddlerone_level2.1",aslr=False)
[x] Starting local process '/usr/bin/gdbserver'
[+] Starting local process '/usr/bin/gdbserver': pid 137141
[*] running in new terminal: ['/usr/bin/gdb', '-q', '/challenge/toddlerone_level2.1', '-x', '/tmp/pwnnnt9sp_a.gdb']

In [15]: p.recvuntil(b"size: ")
Out[15]: b'###\n### Welcome to /challenge/toddlerone_level2.1!\n###\n\nPayload size: '

In [16]: p.sendline(b'3000')

In [17]: p.recvuntil(b"s)!")
Out[17]: b'Send your payload (up to 3000 bytes)!'

In [18]: p.write(pwn.cyclic(2000,n=8)+b"\n")

In [19]: pwn.cyclic_find(0x616161616161616a,n=8)
Out[19]: 72

In [20]: 

In [20]: