GDB baby!

• git - everybodies friendly repo

CTRL-X A puts you into TUI mode. CTRL-L reprint screen CTRL-X 2 multiple windows, cycle thru. CTRL-X 1 go back. CTRL-P/N Next and Prev command.

gdb> python print("hello world") gdb> python[RETURN]

print("type python code here")

gdb> info functions gdb> b factorial(int) # set breakpoint at function. gdb> l N,M # list from/to line number. gdb> info locals # local vars gdb> watch <var> # watch how a var changes. gdb> record full # start record. gdb> c # continue gdb> rs # alias for 'reverse step' gdb> p <var> # print value of var. gdb> set var <var>=<val> # set a var to any value.

Examine the procedure call stack. $ gcc -fno-stack-protector -m32 overflow.c

• compile without any stack protection and 32bit memory address smaller.

gdb> run <args> gdb> info functions gdb> disass main gdb> x/20x $esp # dive into the stack. gdb> c # continue to do stuff.

• the machine will do stuff here.

gdb> x/20x $\(esp \) # Again to see what happens.

• look at the return pointer on the stack.
• points to a function. <--
• fuzzing, make it crash, in a way we understand.

gdb> run # run Again, breakpoint will still

be set.

python>>> print "AAAAAAAAAAAAAAABBBB" > attack.txt

• the B's are where the return point gets over written.

python>>> print 'A*28' + '\xfa\x84\x04\x08'

• the memory address of a valid function.

=======