SlideShare a Scribd company logo

Debugging with EMUX - RIngzer0 BACK2WORKSHOPS

Saumil Shah
Saumil Shah

The EMUX IoT Firmware Emulation Framework currently provides near native userland emulation for ARM and MIPS IoT devices. EMUX is actively used Saumil's popular ARM IoT Exploit Laboratory training for over 5 years. The Debugging with EMUX workshop shall be in two parts: Part 1 (30 minutes) - Setting up EMUX in 7 minutes - A tour of EMUX internals - EMUX utilities - Tracing userland processes within EMUX Part 2 (90 minutes) - Debugging an ARM IoT target in EMUX - Debugging a MIPS IoT Target in EMUX - Crash dump analysis

Technology
1 of 23
@therealsaumil @_ringzer0 debugging WITH EMUX SAUMIL SHAH @therealsaumil 7 JULY 2022 < BACK2 workshops` ringzer¿
@therealsaumil @_ringzer0 # WHO AM I Saumil Shah @therealsaumil educating, entertaining and exasperating audiences since 1999
@therealsaumil @_ringzer0 WHAT IS ARM + MIPS IoT Emulation Framework emux.exploitlab.net
@therealsaumil @_ringzer0 What Is This Workshop About An Introduction to debugging binaries on emulated targets Using GDB + gdbserver for remote debugging Hands-on examples How EMUX makes the debugging process easy
@therealsaumil @_ringzer0 EMUX docker container HOST EMUX DOCKER launcher EMULATED TARGET ON QEMU emux-docker-shell workspace (shared directory) nweb (target binary) 192.168.100.2 192.168.100.1 socat 80 20080 RINGZER0 HACKME
@therealsaumil @_ringzer0 Concepts Covered Functions of a Debugger How does Remote Debugging work EMUX's debugger wrappers Advantages of using GEF Debugging a webserver binary Crash Dump Analysis
@therealsaumil @_ringzer0 Functions of a Debugger Inspect the target Inspect the CPU state Examine Memory Control Process Execution Analyse Crashes and Exceptions Luxuries: Plugins, Macros, Logging
@therealsaumil @_ringzer0 Remote Debugging - how it works GDB multiarch nweb (target binary) 192.168.100.1 gdbserver :5000 --attach <PID> (gdb) target remote 192.168.100.2:5000 (gdb) set sysroot target:/path/to/rootfs (gdb) continue REMOTE HOST 192.168.100.2
@therealsaumil @_ringzer0 Remote Debugging - emuxgdb emux-docker-shell nweb (target binary) REMOTE HOST 192.168.100.1 gdbserver $ emuxgdb nweb (gdb) " Automatically looks up the PID of the target " Launches gdbserver on the remote host " Launches gdb-multiarch locally " Connects to remote gdbserver " Sets sysroot " Ready to debug! 192.168.100.2
@therealsaumil @_ringzer0 Plain ol GDB -vs- new & shiny GEF
@therealsaumil @_ringzer0 A few GDB/GEF commands RECONNAISSANCE vmmap [GEF] Display the process' memory layout info target Information about the target being debugged (ELF binary) info sharedlibrary Shared Libraries that are loaded with the binary info functions List of functions that belong to the target binary PROCESS EXECUTION break Set a breakpoint continue Resume process execution rbreak Set multiple breakpoints using regular expressions stepi / nexti Step Into / Next Instruction CPU AND MEMORY context [GEF] Better view of registers, stack, code, call stack, etc. x Examine memory (many variations) hexdump [GEF] When you want characters and bytes side by side backtrace Display the call stack info frame Inspect stack frames disassemble Disassemble code printf Formatted printing LUXURIES set logging Enable / Disable logging and redirect log output to a file commands Execute multiple commands in sequence every time a breakpoint is reached
@therealsaumil @_ringzer0 EMUX utilities emuxps List processes running in the emulated device emuxkill Terminate a process inside the emulated device emuxmaps Remote process virtual memory layout emuxgdb Attach gdb to a remote process in the emulated device emuxnetstat Remote netstat emuxhalt Shut down the emulated device monitor Attach to QEMU monitor
@therealsaumil @_ringzer0 SETTING UP!
@therealsaumil @_ringzer0 Start EMUX ./run-emux-docker : : [+] Setting up forwarded ports 20080:80,20443:443,28080:8080,24433:4433,9999:9999 [+] mapping port 20080 -> 192.168.100.2:80 [+] mapping port 20443 -> 192.168.100.2:443 [+] mapping port 28080 -> 192.168.100.2:8080 [+] mapping port 24433 -> 192.168.100.2:4433 [+] mapping port 9999 -> 192.168.100.2:9999 ___ __ __ _ __ __ / __| / | | | / / by Saumil Shah | The Exploit Laboratory | __| |/| | |_| ) ( @therealsaumil | emux.exploitlab.net ___|_| |_____/_/_ [EMUX-DOCKER !] ~$ 1. Start the EMUX Docker Container
@therealsaumil @_ringzer0 Launch the target 2. Run launcher and boot into Damn Vulnerable ARM Router [EMUX-DOCKER !] ~$ launcher
@therealsaumil @_ringzer0 Start Userspace ./emux-docker-shell [emux-docker !] ~$ 3. Open a new terminal window and attach to emux-docker-shell [emux-docker !] ~$ userspace 4. Run userspace
@therealsaumil @_ringzer0 Enter the DVAR Console 5. Select "Enter the Damn Vulnerable ARM Router CONSOLE" option
@therealsaumil @_ringzer0 Start nweb (our target binary) Entering Damn Vulnerable ARM Router CONSOLE (/bin/sh) [+] Logging enabled [+] EMUX Debug log - /home/r0/workspace/logs/emuxdebug.log [+] QEMU Console log - qemuconsole.log [+] chroot /emux/DV-ARM/rootfs-arm /.emux/emuxshell Script started, output log file is '/home/r0/workspace/logs/emuxdebug.log'. BusyBox v1.23.2 (2021-10-14 18:26:48 IST) built-in shell (ash) / # nweb 80 /www/nweb/ 6. Manually start the nweb web server from the Busybox prompt ./emux-docker-shell [emux-docker !] ~$ curl http://192.168.100.2 <h1>Ringzer0 Hackme</h1> 7. Start another emux-docker-shell and test nweb
@therealsaumil @_ringzer0 Grab the attack scripts! [emux-docker !] ~$ cd workspace [emux-docker !] ~/workspace$ wget https://saumil.net/tmp/attack1.py --2022-07-07 14:12:48-- https://saumil.net/tmp/attack1.py Resolving saumil.net (saumil.net)... 208.113.163.5 Connecting to saumil.net (saumil.net)|208.113.163.5|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 535 [text/plain] Saving to: 'attack1.py' attack1.py 100%[=======================>] 535 --.-KB/s in 0s 2022-07-07 14:12:50 (58.9 MB/s) - 'attack1.py' saved [535/535] [emux-docker !] ~/workspace$ chmod +x attack1.py 8. From the emux-docker-shell grab the following attack scripts
@therealsaumil @_ringzer0 HANDS ON EMUXGDB
@therealsaumil @_ringzer0 HERE BE THE GOODS CODE: https://github.com/therealsaumil/emux !- ANNOUNCEMENTS: @therealsaumil DOCS: https://emux.exploitlab.net/
@therealsaumil @_ringzer0 ringzer¿ AUGUST 6-9 REGISTRATIONS OPEN www.ringzer¿.training THE ARM IoT EXPLOIT LABORATORY
@therealsaumil @_ringzer0 THANK YOU! SAUMIL SHAH @therealsaumil 7 JULY 2022 < BACK2 workshops` ringzer¿

Recommended

Introducing ARM-X
Introducing ARM-XIntroducing ARM-X
Introducing ARM-XSaumil Shah
 
Unveiling EMUX - ARM and MIPS IoT Emulation Framework
Unveiling EMUX - ARM and MIPS IoT Emulation FrameworkUnveiling EMUX - ARM and MIPS IoT Emulation Framework
Unveiling EMUX - ARM and MIPS IoT Emulation FrameworkSaumil Shah
 
Find your own iOS kernel bug
Find your own iOS kernel bugFind your own iOS kernel bug
Find your own iOS kernel bugGustavo Martinez
 
The Microkernel Mach Under NeXTSTEP
The Microkernel Mach Under NeXTSTEPThe Microkernel Mach Under NeXTSTEP
The Microkernel Mach Under NeXTSTEPGregor Schmidt
 
Not a Security Boundary: Bypassing User Account Control
Not a Security Boundary: Bypassing User Account ControlNot a Security Boundary: Bypassing User Account Control
Not a Security Boundary: Bypassing User Account Controlenigma0x3
 
Dockerを社内で使うために
Dockerを社内で使うためにDockerを社内で使うために
Dockerを社内で使うためにエンジニア勉強会 エスキュービズム
 
Ruxcon 2014 - Stefan Esser - iOS8 Containers, Sandboxes and Entitlements
Ruxcon 2014 - Stefan Esser - iOS8 Containers, Sandboxes and EntitlementsRuxcon 2014 - Stefan Esser - iOS8 Containers, Sandboxes and Entitlements
Ruxcon 2014 - Stefan Esser - iOS8 Containers, Sandboxes and EntitlementsStefan Esser
 
Hacking and securing ios applications
Hacking and securing ios applicationsHacking and securing ios applications
Hacking and securing ios applicationsSatish b
 

Recommended

Introducing ARM-X
Introducing ARM-XIntroducing ARM-X
Introducing ARM-XSaumil Shah
 
Unveiling EMUX - ARM and MIPS IoT Emulation Framework
Unveiling EMUX - ARM and MIPS IoT Emulation FrameworkUnveiling EMUX - ARM and MIPS IoT Emulation Framework
Unveiling EMUX - ARM and MIPS IoT Emulation FrameworkSaumil Shah
 
Find your own iOS kernel bug
Find your own iOS kernel bugFind your own iOS kernel bug
Find your own iOS kernel bugGustavo Martinez
 
The Microkernel Mach Under NeXTSTEP
The Microkernel Mach Under NeXTSTEPThe Microkernel Mach Under NeXTSTEP
The Microkernel Mach Under NeXTSTEPGregor Schmidt
 
Not a Security Boundary: Bypassing User Account Control
Not a Security Boundary: Bypassing User Account ControlNot a Security Boundary: Bypassing User Account Control
Not a Security Boundary: Bypassing User Account Controlenigma0x3
 
Dockerを社内で使うために
Dockerを社内で使うためにDockerを社内で使うために
Dockerを社内で使うためにエンジニア勉強会 エスキュービズム
 
Ruxcon 2014 - Stefan Esser - iOS8 Containers, Sandboxes and Entitlements
Ruxcon 2014 - Stefan Esser - iOS8 Containers, Sandboxes and EntitlementsRuxcon 2014 - Stefan Esser - iOS8 Containers, Sandboxes and Entitlements
Ruxcon 2014 - Stefan Esser - iOS8 Containers, Sandboxes and EntitlementsStefan Esser
 
Hacking and securing ios applications
Hacking and securing ios applicationsHacking and securing ios applications
Hacking and securing ios applicationsSatish b
 
Make ARM Shellcode Great Again
Make ARM Shellcode Great AgainMake ARM Shellcode Great Again
Make ARM Shellcode Great AgainSaumil Shah
 
ARM IoT Firmware Emulation Workshop
ARM IoT Firmware Emulation WorkshopARM IoT Firmware Emulation Workshop
ARM IoT Firmware Emulation WorkshopSaumil Shah
 
Building images efficiently and securely on Kubernetes with BuildKit
Building images efficiently and securely on Kubernetes with BuildKitBuilding images efficiently and securely on Kubernetes with BuildKit
Building images efficiently and securely on Kubernetes with BuildKitNTT Software Innovation Center
 
kubernetes practice
kubernetes practicekubernetes practice
kubernetes practicewonyong hwang
 
Feversocial系統操作說明
Feversocial系統操作說明Feversocial系統操作說明
Feversocial系統操作說明Feversocial 發燒互動
 
Quick and Easy Device Drivers for Embedded Linux Using UIO
Quick and Easy Device Drivers for Embedded Linux Using UIOQuick and Easy Device Drivers for Embedded Linux Using UIO
Quick and Easy Device Drivers for Embedded Linux Using UIOChris Simmonds
 
Something About Dynamic Linking
Something About Dynamic LinkingSomething About Dynamic Linking
Something About Dynamic LinkingWang Hsiangkai
 
Virtual Machine Constructions for Dummies
Virtual Machine Constructions for DummiesVirtual Machine Constructions for Dummies
Virtual Machine Constructions for DummiesNational Cheng Kung University
 
OS X Drivers Reverse Engineering
OS X Drivers Reverse EngineeringOS X Drivers Reverse Engineering
OS X Drivers Reverse EngineeringPositive Hack Days
 
Fun with Network Interfaces
Fun with Network InterfacesFun with Network Interfaces
Fun with Network InterfacesKernel TLV
 
DeathNote of Microsoft Windows Kernel
DeathNote of Microsoft Windows KernelDeathNote of Microsoft Windows Kernel
DeathNote of Microsoft Windows KernelPeter Hlavaty
 
WSL Reloaded
WSL ReloadedWSL Reloaded
WSL ReloadedAnthony LAOU-HINE TSUEI
 
Linux Booting Steps
Linux Booting StepsLinux Booting Steps
Linux Booting StepsAnando Kumar Paul
 
AndroidとSELinux
AndroidとSELinuxAndroidとSELinux
AndroidとSELinuxandroid sola
 
DockerCon参加報告 (`docker build`が30倍以上速くなる話など)
DockerCon参加報告 (`docker build`が30倍以上速くなる話など)DockerCon参加報告 (`docker build`が30倍以上速くなる話など)
DockerCon参加報告 (`docker build`が30倍以上速くなる話など)Akihiro Suda
 
RACE - Minimal Rights and ACE for Active Directory Dominance
RACE - Minimal Rights and ACE for Active Directory DominanceRACE - Minimal Rights and ACE for Active Directory Dominance
RACE - Minimal Rights and ACE for Active Directory DominanceNikhil Mittal
 
Clean Code
Clean CodeClean Code
Clean CodeVictor Rentea
 
Android Booting Scenarios
Android Booting ScenariosAndroid Booting Scenarios
Android Booting ScenariosAmr Ali (ISTQB CTAL Full, CSM, ITIL Foundation)
 
Android起動周りのノウハウ
Android起動周りのノウハウAndroid起動周りのノウハウ
Android起動周りのノウハウchancelab
 
Quickboot on i.MX6
Quickboot on i.MX6Quickboot on i.MX6
Quickboot on i.MX6Gary Bisson
 
Docker Introduction.pdf
Docker Introduction.pdfDocker Introduction.pdf
Docker Introduction.pdfOKLABS
 
Docker, c'est bonheur !
Docker, c'est bonheur !Docker, c'est bonheur !
Docker, c'est bonheur !Alexandre Salomé
 

More Related Content

What's hot

Make ARM Shellcode Great Again
Make ARM Shellcode Great AgainMake ARM Shellcode Great Again
Make ARM Shellcode Great AgainSaumil Shah
 
ARM IoT Firmware Emulation Workshop
ARM IoT Firmware Emulation WorkshopARM IoT Firmware Emulation Workshop
ARM IoT Firmware Emulation WorkshopSaumil Shah
 
Building images efficiently and securely on Kubernetes with BuildKit
Building images efficiently and securely on Kubernetes with BuildKitBuilding images efficiently and securely on Kubernetes with BuildKit
Building images efficiently and securely on Kubernetes with BuildKitNTT Software Innovation Center
 
Quick and Easy Device Drivers for Embedded Linux Using UIO
Quick and Easy Device Drivers for Embedded Linux Using UIOQuick and Easy Device Drivers for Embedded Linux Using UIO
Quick and Easy Device Drivers for Embedded Linux Using UIOChris Simmonds
 
Something About Dynamic Linking
Something About Dynamic LinkingSomething About Dynamic Linking
Something About Dynamic LinkingWang Hsiangkai
 
OS X Drivers Reverse Engineering
OS X Drivers Reverse EngineeringOS X Drivers Reverse Engineering
OS X Drivers Reverse EngineeringPositive Hack Days
 
Fun with Network Interfaces
Fun with Network InterfacesFun with Network Interfaces
Fun with Network InterfacesKernel TLV
 
DeathNote of Microsoft Windows Kernel
DeathNote of Microsoft Windows KernelDeathNote of Microsoft Windows Kernel
DeathNote of Microsoft Windows KernelPeter Hlavaty
 
DockerCon参加報告 (`docker build`が30倍以上速くなる話など)
DockerCon参加報告 (`docker build`が30倍以上速くなる話など)DockerCon参加報告 (`docker build`が30倍以上速くなる話など)
DockerCon参加報告 (`docker build`が30倍以上速くなる話など)Akihiro Suda
 
RACE - Minimal Rights and ACE for Active Directory Dominance
RACE - Minimal Rights and ACE for Active Directory DominanceRACE - Minimal Rights and ACE for Active Directory Dominance
RACE - Minimal Rights and ACE for Active Directory DominanceNikhil Mittal
 
Android起動周りのノウハウ
Android起動周りのノウハウAndroid起動周りのノウハウ
Android起動周りのノウハウchancelab
 
Quickboot on i.MX6
Quickboot on i.MX6Quickboot on i.MX6
Quickboot on i.MX6Gary Bisson
 

What's hot (20)

Make ARM Shellcode Great Again
Make ARM Shellcode Great AgainMake ARM Shellcode Great Again
Make ARM Shellcode Great Again
 
ARM IoT Firmware Emulation Workshop
ARM IoT Firmware Emulation WorkshopARM IoT Firmware Emulation Workshop
ARM IoT Firmware Emulation Workshop
 
Building images efficiently and securely on Kubernetes with BuildKit
Building images efficiently and securely on Kubernetes with BuildKitBuilding images efficiently and securely on Kubernetes with BuildKit
Building images efficiently and securely on Kubernetes with BuildKit
 
kubernetes practice
kubernetes practicekubernetes practice
kubernetes practice
 
Feversocial系統操作說明
Feversocial系統操作說明Feversocial系統操作說明
Feversocial系統操作說明
 
Quick and Easy Device Drivers for Embedded Linux Using UIO
Quick and Easy Device Drivers for Embedded Linux Using UIOQuick and Easy Device Drivers for Embedded Linux Using UIO
Quick and Easy Device Drivers for Embedded Linux Using UIO
 
Something About Dynamic Linking
Something About Dynamic LinkingSomething About Dynamic Linking
Something About Dynamic Linking
 
Virtual Machine Constructions for Dummies
Virtual Machine Constructions for DummiesVirtual Machine Constructions for Dummies
Virtual Machine Constructions for Dummies
 
OS X Drivers Reverse Engineering
OS X Drivers Reverse EngineeringOS X Drivers Reverse Engineering
OS X Drivers Reverse Engineering
 
Fun with Network Interfaces
Fun with Network InterfacesFun with Network Interfaces
Fun with Network Interfaces
 
DeathNote of Microsoft Windows Kernel
DeathNote of Microsoft Windows KernelDeathNote of Microsoft Windows Kernel
DeathNote of Microsoft Windows Kernel
 
WSL Reloaded
WSL ReloadedWSL Reloaded
WSL Reloaded
 
Linux Booting Steps
Linux Booting StepsLinux Booting Steps
Linux Booting Steps
 
AndroidとSELinux
AndroidとSELinuxAndroidとSELinux
AndroidとSELinux
 
DockerCon参加報告 (`docker build`が30倍以上速くなる話など)
DockerCon参加報告 (`docker build`が30倍以上速くなる話など)DockerCon参加報告 (`docker build`が30倍以上速くなる話など)
DockerCon参加報告 (`docker build`が30倍以上速くなる話など)
 
RACE - Minimal Rights and ACE for Active Directory Dominance
RACE - Minimal Rights and ACE for Active Directory DominanceRACE - Minimal Rights and ACE for Active Directory Dominance
RACE - Minimal Rights and ACE for Active Directory Dominance
 
Clean Code
Clean CodeClean Code
Clean Code
 
Android Booting Scenarios
Android Booting ScenariosAndroid Booting Scenarios
Android Booting Scenarios
 
Android起動周りのノウハウ
Android起動周りのノウハウAndroid起動周りのノウハウ
Android起動周りのノウハウ
 
Quickboot on i.MX6
Quickboot on i.MX6Quickboot on i.MX6
Quickboot on i.MX6
 

Similar to Debugging with EMUX - RIngzer0 BACK2WORKSHOPS

Docker Introduction.pdf
Docker Introduction.pdfDocker Introduction.pdf
Docker Introduction.pdfOKLABS
 
Docker Compose user guide
Docker Compose user guideDocker Compose user guide
Docker Compose user guideVAIBHAV GUPTA
 
Docker for (Java) Developers
Docker for (Java) DevelopersDocker for (Java) Developers
Docker for (Java) DevelopersRafael Benevides
 
Getting started docker notes
Getting started docker notesGetting started docker notes
Getting started docker notesAJAY NAYAK
 
kubernetes - minikube - getting started
kubernetes - minikube - getting startedkubernetes - minikube - getting started
kubernetes - minikube - getting startedMunish Mehta
 
Infrastructureascode slideshare-160331143725
Infrastructureascode slideshare-160331143725Infrastructureascode slideshare-160331143725
Infrastructureascode slideshare-160331143725miguel dominguez
 
Infrastructureascode slideshare-160331143725
Infrastructureascode slideshare-160331143725Infrastructureascode slideshare-160331143725
Infrastructureascode slideshare-160331143725MortazaJohari
 
Infrastructure as code: running microservices on AWS using Docker, Terraform,...
Infrastructure as code: running microservices on AWS using Docker, Terraform,...Infrastructure as code: running microservices on AWS using Docker, Terraform,...
Infrastructure as code: running microservices on AWS using Docker, Terraform,...Yevgeniy Brikman
 
Delivering Docker & K3s worloads to IoT Edge devices
Delivering Docker & K3s worloads to IoT Edge devicesDelivering Docker & K3s worloads to IoT Edge devices
Delivering Docker & K3s worloads to IoT Edge devicesAjeet Singh Raina
 
Docker in a JS Developer’s Life
Docker in a JS Developer’s LifeDocker in a JS Developer’s Life
Docker in a JS Developer’s LifeGlobalLogic Ukraine
 
Kubernetes laravel and kubernetes
Kubernetes laravel and kubernetesKubernetes laravel and kubernetes
Kubernetes laravel and kubernetesWilliam Stewart
 
Docker Essentials Workshop— Innovation Labs July 2020
Docker Essentials Workshop— Innovation Labs July 2020Docker Essentials Workshop— Innovation Labs July 2020
Docker Essentials Workshop— Innovation Labs July 2020CloudHero
 
[Codelab 2017] Docker 기초 및 활용 방안
[Codelab 2017] Docker 기초 및 활용 방안[Codelab 2017] Docker 기초 및 활용 방안
[Codelab 2017] Docker 기초 및 활용 방안양재동 코드랩
 
Improve your Java Environment with Docker
Improve your Java Environment with DockerImprove your Java Environment with Docker
Improve your Java Environment with DockerHanoiJUG
 
Primi passi con Docker - ItalianCoders - 12-01-2021
Primi passi con Docker - ItalianCoders - 12-01-2021Primi passi con Docker - ItalianCoders - 12-01-2021
Primi passi con Docker - ItalianCoders - 12-01-2021Alessandro Mignogna
 

Similar to Debugging with EMUX - RIngzer0 BACK2WORKSHOPS (20)

Docker Introduction.pdf
Docker Introduction.pdfDocker Introduction.pdf
Docker Introduction.pdf
 
Docker, c'est bonheur !
Docker, c'est bonheur !Docker, c'est bonheur !
Docker, c'est bonheur !
 
Docker Compose user guide
Docker Compose user guideDocker Compose user guide
Docker Compose user guide
 
Docker for (Java) Developers
Docker for (Java) DevelopersDocker for (Java) Developers
Docker for (Java) Developers
 
Getting started docker notes
Getting started docker notesGetting started docker notes
Getting started docker notes
 
kubernetes - minikube - getting started
kubernetes - minikube - getting startedkubernetes - minikube - getting started
kubernetes - minikube - getting started
 
From zero to Docker
From zero to DockerFrom zero to Docker
From zero to Docker
 
Infrastructureascode slideshare-160331143725
Infrastructureascode slideshare-160331143725Infrastructureascode slideshare-160331143725
Infrastructureascode slideshare-160331143725
 
Infrastructureascode slideshare-160331143725
Infrastructureascode slideshare-160331143725Infrastructureascode slideshare-160331143725
Infrastructureascode slideshare-160331143725
 
Infrastructure as code: running microservices on AWS using Docker, Terraform,...
Infrastructure as code: running microservices on AWS using Docker, Terraform,...Infrastructure as code: running microservices on AWS using Docker, Terraform,...
Infrastructure as code: running microservices on AWS using Docker, Terraform,...
 
Delivering Docker & K3s worloads to IoT Edge devices
Delivering Docker & K3s worloads to IoT Edge devicesDelivering Docker & K3s worloads to IoT Edge devices
Delivering Docker & K3s worloads to IoT Edge devices
 
Docker in a JS Developer’s Life
Docker in a JS Developer’s LifeDocker in a JS Developer’s Life
Docker in a JS Developer’s Life
 
Kubernetes laravel and kubernetes
Kubernetes laravel and kubernetesKubernetes laravel and kubernetes
Kubernetes laravel and kubernetes
 
Docker Essentials Workshop— Innovation Labs July 2020
Docker Essentials Workshop— Innovation Labs July 2020Docker Essentials Workshop— Innovation Labs July 2020
Docker Essentials Workshop— Innovation Labs July 2020
 
[Codelab 2017] Docker 기초 및 활용 방안
[Codelab 2017] Docker 기초 및 활용 방안[Codelab 2017] Docker 기초 및 활용 방안
[Codelab 2017] Docker 기초 및 활용 방안
 
Docker
DockerDocker
Docker
 
Improve your Java Environment with Docker
Improve your Java Environment with DockerImprove your Java Environment with Docker
Improve your Java Environment with Docker
 
Primi passi con Docker - ItalianCoders - 12-01-2021
Primi passi con Docker - ItalianCoders - 12-01-2021Primi passi con Docker - ItalianCoders - 12-01-2021
Primi passi con Docker - ItalianCoders - 12-01-2021
 
Ansible101
Ansible101Ansible101
Ansible101
 
Docker
DockerDocker
Docker
 

More from Saumil Shah

The Hand That Strikes, Also Blocks
The Hand That Strikes, Also BlocksThe Hand That Strikes, Also Blocks
The Hand That Strikes, Also BlocksSaumil Shah
 
Announcing ARMX Docker - DC11332
Announcing ARMX Docker - DC11332Announcing ARMX Docker - DC11332
Announcing ARMX Docker - DC11332Saumil Shah
 
Precise Presentations
Precise PresentationsPrecise Presentations
Precise PresentationsSaumil Shah
 
Effective Webinars: Presentation Skills for a Virtual Audience
Effective Webinars: Presentation Skills for a Virtual AudienceEffective Webinars: Presentation Skills for a Virtual Audience
Effective Webinars: Presentation Skills for a Virtual AudienceSaumil Shah
 
INSIDE ARM-X Cansecwest 2020
INSIDE ARM-X Cansecwest 2020INSIDE ARM-X Cansecwest 2020
INSIDE ARM-X Cansecwest 2020Saumil Shah
 
Cyberspace And Security - India's Decade Ahead
Cyberspace And Security - India's Decade AheadCyberspace And Security - India's Decade Ahead
Cyberspace And Security - India's Decade AheadSaumil Shah
 
Cybersecurity And Sovereignty - A Look At Society's Transformation In Cyberspace
Cybersecurity And Sovereignty - A Look At Society's Transformation In CyberspaceCybersecurity And Sovereignty - A Look At Society's Transformation In Cyberspace
Cybersecurity And Sovereignty - A Look At Society's Transformation In CyberspaceSaumil Shah
 
NSConclave2020 The Decade Behind And The Decade Ahead
NSConclave2020 The Decade Behind And The Decade AheadNSConclave2020 The Decade Behind And The Decade Ahead
NSConclave2020 The Decade Behind And The Decade AheadSaumil Shah
 
Cybersecurity In India - The Decade Ahead
Cybersecurity In India - The Decade AheadCybersecurity In India - The Decade Ahead
Cybersecurity In India - The Decade AheadSaumil Shah
 
INSIDE ARM-X - Countermeasure 2019
INSIDE ARM-X - Countermeasure 2019INSIDE ARM-X - Countermeasure 2019
INSIDE ARM-X - Countermeasure 2019Saumil Shah
 
The Road To Defendable Systems - Emirates NBD
The Road To Defendable Systems - Emirates NBDThe Road To Defendable Systems - Emirates NBD
The Road To Defendable Systems - Emirates NBDSaumil Shah
 
The CISO's Dilemma 44CON 2019
The CISO's Dilemma 44CON 2019The CISO's Dilemma 44CON 2019
The CISO's Dilemma 44CON 2019Saumil Shah
 
The CISO's Dilemma HITBGSEC2019
The CISO's Dilemma HITBGSEC2019The CISO's Dilemma HITBGSEC2019
The CISO's Dilemma HITBGSEC2019Saumil Shah
 
Schrödinger's ARM Assembly
Schrödinger's ARM AssemblySchrödinger's ARM Assembly
Schrödinger's ARM AssemblySaumil Shah
 
ARM Polyglot Shellcode - HITB2019AMS
ARM Polyglot Shellcode - HITB2019AMSARM Polyglot Shellcode - HITB2019AMS
ARM Polyglot Shellcode - HITB2019AMSSaumil Shah
 
What Makes a Compelling Photograph
What Makes a Compelling PhotographWhat Makes a Compelling Photograph
What Makes a Compelling PhotographSaumil Shah
 
Make ARM Shellcode Great Again - HITB2018PEK
Make ARM Shellcode Great Again - HITB2018PEKMake ARM Shellcode Great Again - HITB2018PEK
Make ARM Shellcode Great Again - HITB2018PEKSaumil Shah
 
HackLU 2018 Make ARM Shellcode Great Again
HackLU 2018 Make ARM Shellcode Great AgainHackLU 2018 Make ARM Shellcode Great Again
HackLU 2018 Make ARM Shellcode Great AgainSaumil Shah
 
Hack.LU 2018 ARM IoT Firmware Emulation Workshop
Hack.LU 2018 ARM IoT Firmware Emulation WorkshopHack.LU 2018 ARM IoT Firmware Emulation Workshop
Hack.LU 2018 ARM IoT Firmware Emulation WorkshopSaumil Shah
 
Cross Border Cyber Attacks: Impact on Digital Sovereignty
Cross Border Cyber Attacks: Impact on Digital SovereigntyCross Border Cyber Attacks: Impact on Digital Sovereignty
Cross Border Cyber Attacks: Impact on Digital SovereigntySaumil Shah
 

More from Saumil Shah (20)

The Hand That Strikes, Also Blocks
The Hand That Strikes, Also BlocksThe Hand That Strikes, Also Blocks
The Hand That Strikes, Also Blocks
 
Announcing ARMX Docker - DC11332
Announcing ARMX Docker - DC11332Announcing ARMX Docker - DC11332
Announcing ARMX Docker - DC11332
 
Precise Presentations
Precise PresentationsPrecise Presentations
Precise Presentations
 
Effective Webinars: Presentation Skills for a Virtual Audience
Effective Webinars: Presentation Skills for a Virtual AudienceEffective Webinars: Presentation Skills for a Virtual Audience
Effective Webinars: Presentation Skills for a Virtual Audience
 
INSIDE ARM-X Cansecwest 2020
INSIDE ARM-X Cansecwest 2020INSIDE ARM-X Cansecwest 2020
INSIDE ARM-X Cansecwest 2020
 
Cyberspace And Security - India's Decade Ahead
Cyberspace And Security - India's Decade AheadCyberspace And Security - India's Decade Ahead
Cyberspace And Security - India's Decade Ahead
 
Cybersecurity And Sovereignty - A Look At Society's Transformation In Cyberspace
Cybersecurity And Sovereignty - A Look At Society's Transformation In CyberspaceCybersecurity And Sovereignty - A Look At Society's Transformation In Cyberspace
Cybersecurity And Sovereignty - A Look At Society's Transformation In Cyberspace
 
NSConclave2020 The Decade Behind And The Decade Ahead
NSConclave2020 The Decade Behind And The Decade AheadNSConclave2020 The Decade Behind And The Decade Ahead
NSConclave2020 The Decade Behind And The Decade Ahead
 
Cybersecurity In India - The Decade Ahead
Cybersecurity In India - The Decade AheadCybersecurity In India - The Decade Ahead
Cybersecurity In India - The Decade Ahead
 
INSIDE ARM-X - Countermeasure 2019
INSIDE ARM-X - Countermeasure 2019INSIDE ARM-X - Countermeasure 2019
INSIDE ARM-X - Countermeasure 2019
 
The Road To Defendable Systems - Emirates NBD
The Road To Defendable Systems - Emirates NBDThe Road To Defendable Systems - Emirates NBD
The Road To Defendable Systems - Emirates NBD
 
The CISO's Dilemma 44CON 2019
The CISO's Dilemma 44CON 2019The CISO's Dilemma 44CON 2019
The CISO's Dilemma 44CON 2019
 
The CISO's Dilemma HITBGSEC2019
The CISO's Dilemma HITBGSEC2019The CISO's Dilemma HITBGSEC2019
The CISO's Dilemma HITBGSEC2019
 
Schrödinger's ARM Assembly
Schrödinger's ARM AssemblySchrödinger's ARM Assembly
Schrödinger's ARM Assembly
 
ARM Polyglot Shellcode - HITB2019AMS
ARM Polyglot Shellcode - HITB2019AMSARM Polyglot Shellcode - HITB2019AMS
ARM Polyglot Shellcode - HITB2019AMS
 
What Makes a Compelling Photograph
What Makes a Compelling PhotographWhat Makes a Compelling Photograph
What Makes a Compelling Photograph
 
Make ARM Shellcode Great Again - HITB2018PEK
Make ARM Shellcode Great Again - HITB2018PEKMake ARM Shellcode Great Again - HITB2018PEK
Make ARM Shellcode Great Again - HITB2018PEK
 
HackLU 2018 Make ARM Shellcode Great Again
HackLU 2018 Make ARM Shellcode Great AgainHackLU 2018 Make ARM Shellcode Great Again
HackLU 2018 Make ARM Shellcode Great Again
 
Hack.LU 2018 ARM IoT Firmware Emulation Workshop
Hack.LU 2018 ARM IoT Firmware Emulation WorkshopHack.LU 2018 ARM IoT Firmware Emulation Workshop
Hack.LU 2018 ARM IoT Firmware Emulation Workshop
 
Cross Border Cyber Attacks: Impact on Digital Sovereignty
Cross Border Cyber Attacks: Impact on Digital SovereigntyCross Border Cyber Attacks: Impact on Digital Sovereignty
Cross Border Cyber Attacks: Impact on Digital Sovereignty
 

Recently uploaded

Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...CzechDreamin
 
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdfSimplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdfFIDO Alliance
 
Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyJohn Staveley
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfFIDO Alliance
 
The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?Mark Billinghurst
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIES VE
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlPeter Udo Diehl
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutesconfluent
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfFIDO Alliance
 
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyA Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyUXDXConf
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxAbida Shariff
 
Strategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering TeamsStrategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering TeamsUXDXConf
 
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...CzechDreamin
 
Top 10 Symfony Development Companies 2024
Top 10 Symfony Development Companies 2024Top 10 Symfony Development Companies 2024
Top 10 Symfony Development Companies 2024TopCSSGallery
 
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfThe Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfFIDO Alliance
 
Buy Epson EcoTank L3210 Colour Printer Online.pptx
Buy Epson EcoTank L3210 Colour Printer Online.pptxBuy Epson EcoTank L3210 Colour Printer Online.pptx
Buy Epson EcoTank L3210 Colour Printer Online.pptxEasyPrinterHelp
 
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...FIDO Alliance
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxDavid Michel
 
Designing for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastDesigning for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastUXDXConf
 
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCzechDreamin
 

Recently uploaded (20)

Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
 
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdfSimplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
 
Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John Staveley
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
 
The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and Planning
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutes
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
 
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyA Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System Strategy
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
 
Strategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering TeamsStrategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering Teams
 
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
 
Top 10 Symfony Development Companies 2024
Top 10 Symfony Development Companies 2024Top 10 Symfony Development Companies 2024
Top 10 Symfony Development Companies 2024
 
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfThe Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
 
Buy Epson EcoTank L3210 Colour Printer Online.pptx
Buy Epson EcoTank L3210 Colour Printer Online.pptxBuy Epson EcoTank L3210 Colour Printer Online.pptx
Buy Epson EcoTank L3210 Colour Printer Online.pptx
 
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
 
Designing for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastDesigning for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at Comcast
 
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
 

Debugging with EMUX - RIngzer0 BACK2WORKSHOPS

  • 1. @therealsaumil @_ringzer0 debugging WITH EMUX SAUMIL SHAH @therealsaumil 7 JULY 2022 < BACK2 workshops` ringzer¿
  • 2. @therealsaumil @_ringzer0 # WHO AM I Saumil Shah @therealsaumil educating, entertaining and exasperating audiences since 1999
  • 3. @therealsaumil @_ringzer0 WHAT IS ARM + MIPS IoT Emulation Framework emux.exploitlab.net
  • 4. @therealsaumil @_ringzer0 What Is This Workshop About An Introduction to debugging binaries on emulated targets Using GDB + gdbserver for remote debugging Hands-on examples How EMUX makes the debugging process easy
  • 5. @therealsaumil @_ringzer0 EMUX docker container HOST EMUX DOCKER launcher EMULATED TARGET ON QEMU emux-docker-shell workspace (shared directory) nweb (target binary) 192.168.100.2 192.168.100.1 socat 80 20080 RINGZER0 HACKME
  • 6. @therealsaumil @_ringzer0 Concepts Covered Functions of a Debugger How does Remote Debugging work EMUX's debugger wrappers Advantages of using GEF Debugging a webserver binary Crash Dump Analysis
  • 7. @therealsaumil @_ringzer0 Functions of a Debugger Inspect the target Inspect the CPU state Examine Memory Control Process Execution Analyse Crashes and Exceptions Luxuries: Plugins, Macros, Logging
  • 8. @therealsaumil @_ringzer0 Remote Debugging - how it works GDB multiarch nweb (target binary) 192.168.100.1 gdbserver :5000 --attach <PID> (gdb) target remote 192.168.100.2:5000 (gdb) set sysroot target:/path/to/rootfs (gdb) continue REMOTE HOST 192.168.100.2
  • 9. @therealsaumil @_ringzer0 Remote Debugging - emuxgdb emux-docker-shell nweb (target binary) REMOTE HOST 192.168.100.1 gdbserver $ emuxgdb nweb (gdb) " Automatically looks up the PID of the target " Launches gdbserver on the remote host " Launches gdb-multiarch locally " Connects to remote gdbserver " Sets sysroot " Ready to debug! 192.168.100.2
  • 11. @therealsaumil @_ringzer0 A few GDB/GEF commands RECONNAISSANCE vmmap [GEF] Display the process' memory layout info target Information about the target being debugged (ELF binary) info sharedlibrary Shared Libraries that are loaded with the binary info functions List of functions that belong to the target binary PROCESS EXECUTION break Set a breakpoint continue Resume process execution rbreak Set multiple breakpoints using regular expressions stepi / nexti Step Into / Next Instruction CPU AND MEMORY context [GEF] Better view of registers, stack, code, call stack, etc. x Examine memory (many variations) hexdump [GEF] When you want characters and bytes side by side backtrace Display the call stack info frame Inspect stack frames disassemble Disassemble code printf Formatted printing LUXURIES set logging Enable / Disable logging and redirect log output to a file commands Execute multiple commands in sequence every time a breakpoint is reached
  • 12. @therealsaumil @_ringzer0 EMUX utilities emuxps List processes running in the emulated device emuxkill Terminate a process inside the emulated device emuxmaps Remote process virtual memory layout emuxgdb Attach gdb to a remote process in the emulated device emuxnetstat Remote netstat emuxhalt Shut down the emulated device monitor Attach to QEMU monitor
  • 14. @therealsaumil @_ringzer0 Start EMUX ./run-emux-docker : : [+] Setting up forwarded ports 20080:80,20443:443,28080:8080,24433:4433,9999:9999 [+] mapping port 20080 -> 192.168.100.2:80 [+] mapping port 20443 -> 192.168.100.2:443 [+] mapping port 28080 -> 192.168.100.2:8080 [+] mapping port 24433 -> 192.168.100.2:4433 [+] mapping port 9999 -> 192.168.100.2:9999 ___ __ __ _ __ __ / __| / | | | / / by Saumil Shah | The Exploit Laboratory | __| |/| | |_| ) ( @therealsaumil | emux.exploitlab.net ___|_| |_____/_/_ [EMUX-DOCKER !] ~$ 1. Start the EMUX Docker Container
  • 15. @therealsaumil @_ringzer0 Launch the target 2. Run launcher and boot into Damn Vulnerable ARM Router [EMUX-DOCKER !] ~$ launcher
  • 16. @therealsaumil @_ringzer0 Start Userspace ./emux-docker-shell [emux-docker !] ~$ 3. Open a new terminal window and attach to emux-docker-shell [emux-docker !] ~$ userspace 4. Run userspace
  • 17. @therealsaumil @_ringzer0 Enter the DVAR Console 5. Select "Enter the Damn Vulnerable ARM Router CONSOLE" option
  • 18. @therealsaumil @_ringzer0 Start nweb (our target binary) Entering Damn Vulnerable ARM Router CONSOLE (/bin/sh) [+] Logging enabled [+] EMUX Debug log - /home/r0/workspace/logs/emuxdebug.log [+] QEMU Console log - qemuconsole.log [+] chroot /emux/DV-ARM/rootfs-arm /.emux/emuxshell Script started, output log file is '/home/r0/workspace/logs/emuxdebug.log'. BusyBox v1.23.2 (2021-10-14 18:26:48 IST) built-in shell (ash) / # nweb 80 /www/nweb/ 6. Manually start the nweb web server from the Busybox prompt ./emux-docker-shell [emux-docker !] ~$ curl http://192.168.100.2 <h1>Ringzer0 Hackme</h1> 7. Start another emux-docker-shell and test nweb
  • 19. @therealsaumil @_ringzer0 Grab the attack scripts! [emux-docker !] ~$ cd workspace [emux-docker !] ~/workspace$ wget https://saumil.net/tmp/attack1.py --2022-07-07 14:12:48-- https://saumil.net/tmp/attack1.py Resolving saumil.net (saumil.net)... 208.113.163.5 Connecting to saumil.net (saumil.net)|208.113.163.5|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 535 [text/plain] Saving to: 'attack1.py' attack1.py 100%[=======================>] 535 --.-KB/s in 0s 2022-07-07 14:12:50 (58.9 MB/s) - 'attack1.py' saved [535/535] [emux-docker !] ~/workspace$ chmod +x attack1.py 8. From the emux-docker-shell grab the following attack scripts
  • 21. @therealsaumil @_ringzer0 HERE BE THE GOODS CODE: https://github.com/therealsaumil/emux !- ANNOUNCEMENTS: @therealsaumil DOCS: https://emux.exploitlab.net/