SlideShare a Scribd company logo

Debugging with EMUX - RIngzer0 BACK2WORKSHOPS

Saumil Shah
Saumil Shah

The EMUX IoT Firmware Emulation Framework currently provides near native userland emulation for ARM and MIPS IoT devices. EMUX is actively used Saumil's popular ARM IoT Exploit Laboratory training for over 5 years. The Debugging with EMUX workshop shall be in two parts: Part 1 (30 minutes) - Setting up EMUX in 7 minutes - A tour of EMUX internals - EMUX utilities - Tracing userland processes within EMUX Part 2 (90 minutes) - Debugging an ARM IoT target in EMUX - Debugging a MIPS IoT Target in EMUX - Crash dump analysis

Technology
1 of 23
@therealsaumil @_ringzer0 debugging WITH EMUX SAUMIL SHAH @therealsaumil 7 JULY 2022 < BACK2 workshops` ringzer¿
@therealsaumil @_ringzer0 # WHO AM I Saumil Shah @therealsaumil educating, entertaining and exasperating audiences since 1999
@therealsaumil @_ringzer0 WHAT IS ARM + MIPS IoT Emulation Framework emux.exploitlab.net
@therealsaumil @_ringzer0 What Is This Workshop About An Introduction to debugging binaries on emulated targets Using GDB + gdbserver for remote debugging Hands-on examples How EMUX makes the debugging process easy
@therealsaumil @_ringzer0 EMUX docker container HOST EMUX DOCKER launcher EMULATED TARGET ON QEMU emux-docker-shell workspace (shared directory) nweb (target binary) 192.168.100.2 192.168.100.1 socat 80 20080 RINGZER0 HACKME
@therealsaumil @_ringzer0 Concepts Covered Functions of a Debugger How does Remote Debugging work EMUX's debugger wrappers Advantages of using GEF Debugging a webserver binary Crash Dump Analysis
@therealsaumil @_ringzer0 Functions of a Debugger Inspect the target Inspect the CPU state Examine Memory Control Process Execution Analyse Crashes and Exceptions Luxuries: Plugins, Macros, Logging
@therealsaumil @_ringzer0 Remote Debugging - how it works GDB multiarch nweb (target binary) 192.168.100.1 gdbserver :5000 --attach <PID> (gdb) target remote 192.168.100.2:5000 (gdb) set sysroot target:/path/to/rootfs (gdb) continue REMOTE HOST 192.168.100.2
@therealsaumil @_ringzer0 Remote Debugging - emuxgdb emux-docker-shell nweb (target binary) REMOTE HOST 192.168.100.1 gdbserver $ emuxgdb nweb (gdb) " Automatically looks up the PID of the target " Launches gdbserver on the remote host " Launches gdb-multiarch locally " Connects to remote gdbserver " Sets sysroot " Ready to debug! 192.168.100.2
@therealsaumil @_ringzer0 Plain ol GDB -vs- new & shiny GEF
@therealsaumil @_ringzer0 A few GDB/GEF commands RECONNAISSANCE vmmap [GEF] Display the process' memory layout info target Information about the target being debugged (ELF binary) info sharedlibrary Shared Libraries that are loaded with the binary info functions List of functions that belong to the target binary PROCESS EXECUTION break Set a breakpoint continue Resume process execution rbreak Set multiple breakpoints using regular expressions stepi / nexti Step Into / Next Instruction CPU AND MEMORY context [GEF] Better view of registers, stack, code, call stack, etc. x Examine memory (many variations) hexdump [GEF] When you want characters and bytes side by side backtrace Display the call stack info frame Inspect stack frames disassemble Disassemble code printf Formatted printing LUXURIES set logging Enable / Disable logging and redirect log output to a file commands Execute multiple commands in sequence every time a breakpoint is reached
@therealsaumil @_ringzer0 EMUX utilities emuxps List processes running in the emulated device emuxkill Terminate a process inside the emulated device emuxmaps Remote process virtual memory layout emuxgdb Attach gdb to a remote process in the emulated device emuxnetstat Remote netstat emuxhalt Shut down the emulated device monitor Attach to QEMU monitor
@therealsaumil @_ringzer0 SETTING UP!
@therealsaumil @_ringzer0 Start EMUX ./run-emux-docker : : [+] Setting up forwarded ports 20080:80,20443:443,28080:8080,24433:4433,9999:9999 [+] mapping port 20080 -> 192.168.100.2:80 [+] mapping port 20443 -> 192.168.100.2:443 [+] mapping port 28080 -> 192.168.100.2:8080 [+] mapping port 24433 -> 192.168.100.2:4433 [+] mapping port 9999 -> 192.168.100.2:9999 ___ __ __ _ __ __ / __| / | | | / / by Saumil Shah | The Exploit Laboratory | __| |/| | |_| ) ( @therealsaumil | emux.exploitlab.net ___|_| |_____/_/_ [EMUX-DOCKER !] ~$ 1. Start the EMUX Docker Container
@therealsaumil @_ringzer0 Launch the target 2. Run launcher and boot into Damn Vulnerable ARM Router [EMUX-DOCKER !] ~$ launcher
@therealsaumil @_ringzer0 Start Userspace ./emux-docker-shell [emux-docker !] ~$ 3. Open a new terminal window and attach to emux-docker-shell [emux-docker !] ~$ userspace 4. Run userspace
@therealsaumil @_ringzer0 Enter the DVAR Console 5. Select "Enter the Damn Vulnerable ARM Router CONSOLE" option
@therealsaumil @_ringzer0 Start nweb (our target binary) Entering Damn Vulnerable ARM Router CONSOLE (/bin/sh) [+] Logging enabled [+] EMUX Debug log - /home/r0/workspace/logs/emuxdebug.log [+] QEMU Console log - qemuconsole.log [+] chroot /emux/DV-ARM/rootfs-arm /.emux/emuxshell Script started, output log file is '/home/r0/workspace/logs/emuxdebug.log'. BusyBox v1.23.2 (2021-10-14 18:26:48 IST) built-in shell (ash) / # nweb 80 /www/nweb/ 6. Manually start the nweb web server from the Busybox prompt ./emux-docker-shell [emux-docker !] ~$ curl http://192.168.100.2 <h1>Ringzer0 Hackme</h1> 7. Start another emux-docker-shell and test nweb
@therealsaumil @_ringzer0 Grab the attack scripts! [emux-docker !] ~$ cd workspace [emux-docker !] ~/workspace$ wget https://saumil.net/tmp/attack1.py --2022-07-07 14:12:48-- https://saumil.net/tmp/attack1.py Resolving saumil.net (saumil.net)... 208.113.163.5 Connecting to saumil.net (saumil.net)|208.113.163.5|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 535 [text/plain] Saving to: 'attack1.py' attack1.py 100%[=======================>] 535 --.-KB/s in 0s 2022-07-07 14:12:50 (58.9 MB/s) - 'attack1.py' saved [535/535] [emux-docker !] ~/workspace$ chmod +x attack1.py 8. From the emux-docker-shell grab the following attack scripts
@therealsaumil @_ringzer0 HANDS ON EMUXGDB
@therealsaumil @_ringzer0 HERE BE THE GOODS CODE: https://github.com/therealsaumil/emux !- ANNOUNCEMENTS: @therealsaumil DOCS: https://emux.exploitlab.net/
@therealsaumil @_ringzer0 ringzer¿ AUGUST 6-9 REGISTRATIONS OPEN www.ringzer¿.training THE ARM IoT EXPLOIT LABORATORY
@therealsaumil @_ringzer0 THANK YOU! SAUMIL SHAH @therealsaumil 7 JULY 2022 < BACK2 workshops` ringzer¿

Recommended

Unveiling EMUX - ARM and MIPS IoT Emulation Framework
Unveiling EMUX - ARM and MIPS IoT Emulation FrameworkUnveiling EMUX - ARM and MIPS IoT Emulation Framework
Unveiling EMUX - ARM and MIPS IoT Emulation FrameworkSaumil Shah
 
Introducing ARM-X
Introducing ARM-XIntroducing ARM-X
Introducing ARM-XSaumil Shah
 
BusyBox for Embedded Linux
BusyBox for Embedded LinuxBusyBox for Embedded Linux
BusyBox for Embedded LinuxEmertxe Information Technologies Pvt Ltd
 
U-Boot - An universal bootloader
U-Boot - An universal bootloader U-Boot - An universal bootloader
U-Boot - An universal bootloader Emertxe Information Technologies Pvt Ltd
 
Linux LVM Logical Volume Management
Linux LVM Logical Volume ManagementLinux LVM Logical Volume Management
Linux LVM Logical Volume ManagementManolis Kartsonakis
 
Linux Kernel Module - For NLKB
Linux Kernel Module - For NLKBLinux Kernel Module - For NLKB
Linux Kernel Module - For NLKBshimosawa
 
Docker란 무엇인가? : Docker 기본 사용법
Docker란 무엇인가? : Docker 기본 사용법Docker란 무엇인가? : Docker 기본 사용법
Docker란 무엇인가? : Docker 기본 사용법pyrasis
 
Linux Device Tree
Linux Device TreeLinux Device Tree
Linux Device Tree艾鍗科技
 

Recommended

Unveiling EMUX - ARM and MIPS IoT Emulation Framework
Unveiling EMUX - ARM and MIPS IoT Emulation FrameworkUnveiling EMUX - ARM and MIPS IoT Emulation Framework
Unveiling EMUX - ARM and MIPS IoT Emulation FrameworkSaumil Shah
 
Introducing ARM-X
Introducing ARM-XIntroducing ARM-X
Introducing ARM-XSaumil Shah
 
BusyBox for Embedded Linux
BusyBox for Embedded LinuxBusyBox for Embedded Linux
BusyBox for Embedded LinuxEmertxe Information Technologies Pvt Ltd
 
U-Boot - An universal bootloader
U-Boot - An universal bootloader U-Boot - An universal bootloader
U-Boot - An universal bootloader Emertxe Information Technologies Pvt Ltd
 
Linux LVM Logical Volume Management
Linux LVM Logical Volume ManagementLinux LVM Logical Volume Management
Linux LVM Logical Volume ManagementManolis Kartsonakis
 
Linux Kernel Module - For NLKB
Linux Kernel Module - For NLKBLinux Kernel Module - For NLKB
Linux Kernel Module - For NLKBshimosawa
 
Docker란 무엇인가? : Docker 기본 사용법
Docker란 무엇인가? : Docker 기본 사용법Docker란 무엇인가? : Docker 기본 사용법
Docker란 무엇인가? : Docker 기본 사용법pyrasis
 
Linux Device Tree
Linux Device TreeLinux Device Tree
Linux Device Tree艾鍗科技
 
Part 02 Linux Kernel Module Programming
Part 02 Linux Kernel Module ProgrammingPart 02 Linux Kernel Module Programming
Part 02 Linux Kernel Module ProgrammingTushar B Kute
 
Basic Linux Internals
Basic Linux InternalsBasic Linux Internals
Basic Linux Internalsmukul bhardwaj
 
Android Boot Time Optimization
Android Boot Time OptimizationAndroid Boot Time Optimization
Android Boot Time OptimizationKan-Ru Chen
 
Linux basics part 1
Linux basics part 1Linux basics part 1
Linux basics part 1Lilesh Pathe
 
Kernel Recipes 2017 - Understanding the Linux kernel via ftrace - Steven Rostedt
Kernel Recipes 2017 - Understanding the Linux kernel via ftrace - Steven RostedtKernel Recipes 2017 - Understanding the Linux kernel via ftrace - Steven Rostedt
Kernel Recipes 2017 - Understanding the Linux kernel via ftrace - Steven RostedtAnne Nicolas
 
Introduction to Linux Kernel by Quontra Solutions
Introduction to Linux Kernel by Quontra SolutionsIntroduction to Linux Kernel by Quontra Solutions
Introduction to Linux Kernel by Quontra SolutionsQUONTRASOLUTIONS
 
Linux Internals - Part I
Linux Internals - Part ILinux Internals - Part I
Linux Internals - Part IEmertxe Information Technologies Pvt Ltd
 
Building Mini Embedded Linux System for X86 Arch
Building Mini Embedded Linux System for X86 ArchBuilding Mini Embedded Linux System for X86 Arch
Building Mini Embedded Linux System for X86 ArchSherif Mousa
 
Lvm advanced topics
Lvm advanced topicsLvm advanced topics
Lvm advanced topicsWill Sterling
 
nexus helm 설치, docker/helm repo 설정과 예제
nexus helm 설치, docker/helm repo 설정과 예제nexus helm 설치, docker/helm repo 설정과 예제
nexus helm 설치, docker/helm repo 설정과 예제choi sungwook
 
U Boot or Universal Bootloader
U Boot or Universal BootloaderU Boot or Universal Bootloader
U Boot or Universal BootloaderSatpal Parmar
 
Introduction to Docker storage, volume and image
Introduction to Docker storage, volume and imageIntroduction to Docker storage, volume and image
Introduction to Docker storage, volume and imageejlp12
 
Linux Directory Structure
Linux Directory StructureLinux Directory Structure
Linux Directory StructureKevin OBrien
 
A Journey to Boot Linux on Raspberry Pi
A Journey to Boot Linux on Raspberry PiA Journey to Boot Linux on Raspberry Pi
A Journey to Boot Linux on Raspberry PiJian-Hong Pan
 
Introduction to Linux
Introduction to LinuxIntroduction to Linux
Introduction to Linuxsureskal
 
Linux beginner's Workshop
Linux beginner's WorkshopLinux beginner's Workshop
Linux beginner's Workshopfutureshocked
 
Rootlinux17: Hypervisors on ARM - Overview and Design Choices by Julien Grall...
Rootlinux17: Hypervisors on ARM - Overview and Design Choices by Julien Grall...Rootlinux17: Hypervisors on ARM - Overview and Design Choices by Julien Grall...
Rootlinux17: Hypervisors on ARM - Overview and Design Choices by Julien Grall...The Linux Foundation
 
Uboot startup sequence
Uboot startup sequenceUboot startup sequence
Uboot startup sequenceHoucheng Lin
 
Tuning Android for low RAM
Tuning Android for low RAMTuning Android for low RAM
Tuning Android for low RAMChris Simmonds
 
CloudStack and cloud-init
CloudStack and cloud-initCloudStack and cloud-init
CloudStack and cloud-initMarcusS13
 
Docker Introduction.pdf
Docker Introduction.pdfDocker Introduction.pdf
Docker Introduction.pdfOKLABS
 
Docker, c'est bonheur !
Docker, c'est bonheur !Docker, c'est bonheur !
Docker, c'est bonheur !Alexandre Salomé
 

More Related Content

What's hot

Part 02 Linux Kernel Module Programming
Part 02 Linux Kernel Module ProgrammingPart 02 Linux Kernel Module Programming
Part 02 Linux Kernel Module ProgrammingTushar B Kute
 
Android Boot Time Optimization
Android Boot Time OptimizationAndroid Boot Time Optimization
Android Boot Time OptimizationKan-Ru Chen
 
Linux basics part 1
Linux basics part 1Linux basics part 1
Linux basics part 1Lilesh Pathe
 
Kernel Recipes 2017 - Understanding the Linux kernel via ftrace - Steven Rostedt
Kernel Recipes 2017 - Understanding the Linux kernel via ftrace - Steven RostedtKernel Recipes 2017 - Understanding the Linux kernel via ftrace - Steven Rostedt
Kernel Recipes 2017 - Understanding the Linux kernel via ftrace - Steven RostedtAnne Nicolas
 
Introduction to Linux Kernel by Quontra Solutions
Introduction to Linux Kernel by Quontra SolutionsIntroduction to Linux Kernel by Quontra Solutions
Introduction to Linux Kernel by Quontra SolutionsQUONTRASOLUTIONS
 
Building Mini Embedded Linux System for X86 Arch
Building Mini Embedded Linux System for X86 ArchBuilding Mini Embedded Linux System for X86 Arch
Building Mini Embedded Linux System for X86 ArchSherif Mousa
 
nexus helm 설치, docker/helm repo 설정과 예제
nexus helm 설치, docker/helm repo 설정과 예제nexus helm 설치, docker/helm repo 설정과 예제
nexus helm 설치, docker/helm repo 설정과 예제choi sungwook
 
U Boot or Universal Bootloader
U Boot or Universal BootloaderU Boot or Universal Bootloader
U Boot or Universal BootloaderSatpal Parmar
 
Introduction to Docker storage, volume and image
Introduction to Docker storage, volume and imageIntroduction to Docker storage, volume and image
Introduction to Docker storage, volume and imageejlp12
 
Linux Directory Structure
Linux Directory StructureLinux Directory Structure
Linux Directory StructureKevin OBrien
 
A Journey to Boot Linux on Raspberry Pi
A Journey to Boot Linux on Raspberry PiA Journey to Boot Linux on Raspberry Pi
A Journey to Boot Linux on Raspberry PiJian-Hong Pan
 
Introduction to Linux
Introduction to LinuxIntroduction to Linux
Introduction to Linuxsureskal
 
Linux beginner's Workshop
Linux beginner's WorkshopLinux beginner's Workshop
Linux beginner's Workshopfutureshocked
 
Rootlinux17: Hypervisors on ARM - Overview and Design Choices by Julien Grall...
Rootlinux17: Hypervisors on ARM - Overview and Design Choices by Julien Grall...Rootlinux17: Hypervisors on ARM - Overview and Design Choices by Julien Grall...
Rootlinux17: Hypervisors on ARM - Overview and Design Choices by Julien Grall...The Linux Foundation
 
Uboot startup sequence
Uboot startup sequenceUboot startup sequence
Uboot startup sequenceHoucheng Lin
 
Tuning Android for low RAM
Tuning Android for low RAMTuning Android for low RAM
Tuning Android for low RAMChris Simmonds
 
CloudStack and cloud-init
CloudStack and cloud-initCloudStack and cloud-init
CloudStack and cloud-initMarcusS13
 

What's hot (20)

Part 02 Linux Kernel Module Programming
Part 02 Linux Kernel Module ProgrammingPart 02 Linux Kernel Module Programming
Part 02 Linux Kernel Module Programming
 
Basic Linux Internals
Basic Linux InternalsBasic Linux Internals
Basic Linux Internals
 
Android Boot Time Optimization
Android Boot Time OptimizationAndroid Boot Time Optimization
Android Boot Time Optimization
 
Linux basics part 1
Linux basics part 1Linux basics part 1
Linux basics part 1
 
Kernel Recipes 2017 - Understanding the Linux kernel via ftrace - Steven Rostedt
Kernel Recipes 2017 - Understanding the Linux kernel via ftrace - Steven RostedtKernel Recipes 2017 - Understanding the Linux kernel via ftrace - Steven Rostedt
Kernel Recipes 2017 - Understanding the Linux kernel via ftrace - Steven Rostedt
 
Introduction to Linux Kernel by Quontra Solutions
Introduction to Linux Kernel by Quontra SolutionsIntroduction to Linux Kernel by Quontra Solutions
Introduction to Linux Kernel by Quontra Solutions
 
Linux Internals - Part I
Linux Internals - Part ILinux Internals - Part I
Linux Internals - Part I
 
Building Mini Embedded Linux System for X86 Arch
Building Mini Embedded Linux System for X86 ArchBuilding Mini Embedded Linux System for X86 Arch
Building Mini Embedded Linux System for X86 Arch
 
Lvm advanced topics
Lvm advanced topicsLvm advanced topics
Lvm advanced topics
 
nexus helm 설치, docker/helm repo 설정과 예제
nexus helm 설치, docker/helm repo 설정과 예제nexus helm 설치, docker/helm repo 설정과 예제
nexus helm 설치, docker/helm repo 설정과 예제
 
U Boot or Universal Bootloader
U Boot or Universal BootloaderU Boot or Universal Bootloader
U Boot or Universal Bootloader
 
Introduction to Docker storage, volume and image
Introduction to Docker storage, volume and imageIntroduction to Docker storage, volume and image
Introduction to Docker storage, volume and image
 
Linux Directory Structure
Linux Directory StructureLinux Directory Structure
Linux Directory Structure
 
A Journey to Boot Linux on Raspberry Pi
A Journey to Boot Linux on Raspberry PiA Journey to Boot Linux on Raspberry Pi
A Journey to Boot Linux on Raspberry Pi
 
Introduction to Linux
Introduction to LinuxIntroduction to Linux
Introduction to Linux
 
Linux beginner's Workshop
Linux beginner's WorkshopLinux beginner's Workshop
Linux beginner's Workshop
 
Rootlinux17: Hypervisors on ARM - Overview and Design Choices by Julien Grall...
Rootlinux17: Hypervisors on ARM - Overview and Design Choices by Julien Grall...Rootlinux17: Hypervisors on ARM - Overview and Design Choices by Julien Grall...
Rootlinux17: Hypervisors on ARM - Overview and Design Choices by Julien Grall...
 
Uboot startup sequence
Uboot startup sequenceUboot startup sequence
Uboot startup sequence
 
Tuning Android for low RAM
Tuning Android for low RAMTuning Android for low RAM
Tuning Android for low RAM
 
CloudStack and cloud-init
CloudStack and cloud-initCloudStack and cloud-init
CloudStack and cloud-init
 

Similar to Debugging with EMUX - RIngzer0 BACK2WORKSHOPS

Docker Introduction.pdf
Docker Introduction.pdfDocker Introduction.pdf
Docker Introduction.pdfOKLABS
 
Docker Compose user guide
Docker Compose user guideDocker Compose user guide
Docker Compose user guideVAIBHAV GUPTA
 
Docker for (Java) Developers
Docker for (Java) DevelopersDocker for (Java) Developers
Docker for (Java) DevelopersRafael Benevides
 
Getting started docker notes
Getting started docker notesGetting started docker notes
Getting started docker notesAJAY NAYAK
 
kubernetes - minikube - getting started
kubernetes - minikube - getting startedkubernetes - minikube - getting started
kubernetes - minikube - getting startedMunish Mehta
 
Infrastructureascode slideshare-160331143725
Infrastructureascode slideshare-160331143725Infrastructureascode slideshare-160331143725
Infrastructureascode slideshare-160331143725miguel dominguez
 
Infrastructureascode slideshare-160331143725
Infrastructureascode slideshare-160331143725Infrastructureascode slideshare-160331143725
Infrastructureascode slideshare-160331143725MortazaJohari
 
Infrastructure as code: running microservices on AWS using Docker, Terraform,...
Infrastructure as code: running microservices on AWS using Docker, Terraform,...Infrastructure as code: running microservices on AWS using Docker, Terraform,...
Infrastructure as code: running microservices on AWS using Docker, Terraform,...Yevgeniy Brikman
 
Delivering Docker & K3s worloads to IoT Edge devices
Delivering Docker & K3s worloads to IoT Edge devicesDelivering Docker & K3s worloads to IoT Edge devices
Delivering Docker & K3s worloads to IoT Edge devicesAjeet Singh Raina
 
Docker in a JS Developer’s Life
Docker in a JS Developer’s LifeDocker in a JS Developer’s Life
Docker in a JS Developer’s LifeGlobalLogic Ukraine
 
Kubernetes laravel and kubernetes
Kubernetes laravel and kubernetesKubernetes laravel and kubernetes
Kubernetes laravel and kubernetesWilliam Stewart
 
Docker Essentials Workshop— Innovation Labs July 2020
Docker Essentials Workshop— Innovation Labs July 2020Docker Essentials Workshop— Innovation Labs July 2020
Docker Essentials Workshop— Innovation Labs July 2020CloudHero
 
[Codelab 2017] Docker 기초 및 활용 방안
[Codelab 2017] Docker 기초 및 활용 방안[Codelab 2017] Docker 기초 및 활용 방안
[Codelab 2017] Docker 기초 및 활용 방안양재동 코드랩
 
Improve your Java Environment with Docker
Improve your Java Environment with DockerImprove your Java Environment with Docker
Improve your Java Environment with DockerHanoiJUG
 
Primi passi con Docker - ItalianCoders - 12-01-2021
Primi passi con Docker - ItalianCoders - 12-01-2021Primi passi con Docker - ItalianCoders - 12-01-2021
Primi passi con Docker - ItalianCoders - 12-01-2021Alessandro Mignogna
 

Similar to Debugging with EMUX - RIngzer0 BACK2WORKSHOPS (20)

Docker Introduction.pdf
Docker Introduction.pdfDocker Introduction.pdf
Docker Introduction.pdf
 
Docker, c'est bonheur !
Docker, c'est bonheur !Docker, c'est bonheur !
Docker, c'est bonheur !
 
Docker Compose user guide
Docker Compose user guideDocker Compose user guide
Docker Compose user guide
 
Docker for (Java) Developers
Docker for (Java) DevelopersDocker for (Java) Developers
Docker for (Java) Developers
 
Getting started docker notes
Getting started docker notesGetting started docker notes
Getting started docker notes
 
kubernetes - minikube - getting started
kubernetes - minikube - getting startedkubernetes - minikube - getting started
kubernetes - minikube - getting started
 
From zero to Docker
From zero to DockerFrom zero to Docker
From zero to Docker
 
Infrastructureascode slideshare-160331143725
Infrastructureascode slideshare-160331143725Infrastructureascode slideshare-160331143725
Infrastructureascode slideshare-160331143725
 
Infrastructureascode slideshare-160331143725
Infrastructureascode slideshare-160331143725Infrastructureascode slideshare-160331143725
Infrastructureascode slideshare-160331143725
 
Infrastructure as code: running microservices on AWS using Docker, Terraform,...
Infrastructure as code: running microservices on AWS using Docker, Terraform,...Infrastructure as code: running microservices on AWS using Docker, Terraform,...
Infrastructure as code: running microservices on AWS using Docker, Terraform,...
 
Delivering Docker & K3s worloads to IoT Edge devices
Delivering Docker & K3s worloads to IoT Edge devicesDelivering Docker & K3s worloads to IoT Edge devices
Delivering Docker & K3s worloads to IoT Edge devices
 
Docker in a JS Developer’s Life
Docker in a JS Developer’s LifeDocker in a JS Developer’s Life
Docker in a JS Developer’s Life
 
Kubernetes laravel and kubernetes
Kubernetes laravel and kubernetesKubernetes laravel and kubernetes
Kubernetes laravel and kubernetes
 
Docker Essentials Workshop— Innovation Labs July 2020
Docker Essentials Workshop— Innovation Labs July 2020Docker Essentials Workshop— Innovation Labs July 2020
Docker Essentials Workshop— Innovation Labs July 2020
 
[Codelab 2017] Docker 기초 및 활용 방안
[Codelab 2017] Docker 기초 및 활용 방안[Codelab 2017] Docker 기초 및 활용 방안
[Codelab 2017] Docker 기초 및 활용 방안
 
Docker
DockerDocker
Docker
 
Improve your Java Environment with Docker
Improve your Java Environment with DockerImprove your Java Environment with Docker
Improve your Java Environment with Docker
 
Primi passi con Docker - ItalianCoders - 12-01-2021
Primi passi con Docker - ItalianCoders - 12-01-2021Primi passi con Docker - ItalianCoders - 12-01-2021
Primi passi con Docker - ItalianCoders - 12-01-2021
 
Ansible101
Ansible101Ansible101
Ansible101
 
Docker
DockerDocker
Docker
 

More from Saumil Shah

The Hand That Strikes, Also Blocks
The Hand That Strikes, Also BlocksThe Hand That Strikes, Also Blocks
The Hand That Strikes, Also BlocksSaumil Shah
 
Announcing ARMX Docker - DC11332
Announcing ARMX Docker - DC11332Announcing ARMX Docker - DC11332
Announcing ARMX Docker - DC11332Saumil Shah
 
Precise Presentations
Precise PresentationsPrecise Presentations
Precise PresentationsSaumil Shah
 
Effective Webinars: Presentation Skills for a Virtual Audience
Effective Webinars: Presentation Skills for a Virtual AudienceEffective Webinars: Presentation Skills for a Virtual Audience
Effective Webinars: Presentation Skills for a Virtual AudienceSaumil Shah
 
INSIDE ARM-X Cansecwest 2020
INSIDE ARM-X Cansecwest 2020INSIDE ARM-X Cansecwest 2020
INSIDE ARM-X Cansecwest 2020Saumil Shah
 
Cyberspace And Security - India's Decade Ahead
Cyberspace And Security - India's Decade AheadCyberspace And Security - India's Decade Ahead
Cyberspace And Security - India's Decade AheadSaumil Shah
 
Cybersecurity And Sovereignty - A Look At Society's Transformation In Cyberspace
Cybersecurity And Sovereignty - A Look At Society's Transformation In CyberspaceCybersecurity And Sovereignty - A Look At Society's Transformation In Cyberspace
Cybersecurity And Sovereignty - A Look At Society's Transformation In CyberspaceSaumil Shah
 
NSConclave2020 The Decade Behind And The Decade Ahead
NSConclave2020 The Decade Behind And The Decade AheadNSConclave2020 The Decade Behind And The Decade Ahead
NSConclave2020 The Decade Behind And The Decade AheadSaumil Shah
 
Cybersecurity In India - The Decade Ahead
Cybersecurity In India - The Decade AheadCybersecurity In India - The Decade Ahead
Cybersecurity In India - The Decade AheadSaumil Shah
 
INSIDE ARM-X - Countermeasure 2019
INSIDE ARM-X - Countermeasure 2019INSIDE ARM-X - Countermeasure 2019
INSIDE ARM-X - Countermeasure 2019Saumil Shah
 
The Road To Defendable Systems - Emirates NBD
The Road To Defendable Systems - Emirates NBDThe Road To Defendable Systems - Emirates NBD
The Road To Defendable Systems - Emirates NBDSaumil Shah
 
The CISO's Dilemma 44CON 2019
The CISO's Dilemma 44CON 2019The CISO's Dilemma 44CON 2019
The CISO's Dilemma 44CON 2019Saumil Shah
 
The CISO's Dilemma HITBGSEC2019
The CISO's Dilemma HITBGSEC2019The CISO's Dilemma HITBGSEC2019
The CISO's Dilemma HITBGSEC2019Saumil Shah
 
Schrödinger's ARM Assembly
Schrödinger's ARM AssemblySchrödinger's ARM Assembly
Schrödinger's ARM AssemblySaumil Shah
 
ARM Polyglot Shellcode - HITB2019AMS
ARM Polyglot Shellcode - HITB2019AMSARM Polyglot Shellcode - HITB2019AMS
ARM Polyglot Shellcode - HITB2019AMSSaumil Shah
 
What Makes a Compelling Photograph
What Makes a Compelling PhotographWhat Makes a Compelling Photograph
What Makes a Compelling PhotographSaumil Shah
 
Make ARM Shellcode Great Again - HITB2018PEK
Make ARM Shellcode Great Again - HITB2018PEKMake ARM Shellcode Great Again - HITB2018PEK
Make ARM Shellcode Great Again - HITB2018PEKSaumil Shah
 
HackLU 2018 Make ARM Shellcode Great Again
HackLU 2018 Make ARM Shellcode Great AgainHackLU 2018 Make ARM Shellcode Great Again
HackLU 2018 Make ARM Shellcode Great AgainSaumil Shah
 
Hack.LU 2018 ARM IoT Firmware Emulation Workshop
Hack.LU 2018 ARM IoT Firmware Emulation WorkshopHack.LU 2018 ARM IoT Firmware Emulation Workshop
Hack.LU 2018 ARM IoT Firmware Emulation WorkshopSaumil Shah
 
Make ARM Shellcode Great Again
Make ARM Shellcode Great AgainMake ARM Shellcode Great Again
Make ARM Shellcode Great AgainSaumil Shah
 

More from Saumil Shah (20)

The Hand That Strikes, Also Blocks
The Hand That Strikes, Also BlocksThe Hand That Strikes, Also Blocks
The Hand That Strikes, Also Blocks
 
Announcing ARMX Docker - DC11332
Announcing ARMX Docker - DC11332Announcing ARMX Docker - DC11332
Announcing ARMX Docker - DC11332
 
Precise Presentations
Precise PresentationsPrecise Presentations
Precise Presentations
 
Effective Webinars: Presentation Skills for a Virtual Audience
Effective Webinars: Presentation Skills for a Virtual AudienceEffective Webinars: Presentation Skills for a Virtual Audience
Effective Webinars: Presentation Skills for a Virtual Audience
 
INSIDE ARM-X Cansecwest 2020
INSIDE ARM-X Cansecwest 2020INSIDE ARM-X Cansecwest 2020
INSIDE ARM-X Cansecwest 2020
 
Cyberspace And Security - India's Decade Ahead
Cyberspace And Security - India's Decade AheadCyberspace And Security - India's Decade Ahead
Cyberspace And Security - India's Decade Ahead
 
Cybersecurity And Sovereignty - A Look At Society's Transformation In Cyberspace
Cybersecurity And Sovereignty - A Look At Society's Transformation In CyberspaceCybersecurity And Sovereignty - A Look At Society's Transformation In Cyberspace
Cybersecurity And Sovereignty - A Look At Society's Transformation In Cyberspace
 
NSConclave2020 The Decade Behind And The Decade Ahead
NSConclave2020 The Decade Behind And The Decade AheadNSConclave2020 The Decade Behind And The Decade Ahead
NSConclave2020 The Decade Behind And The Decade Ahead
 
Cybersecurity In India - The Decade Ahead
Cybersecurity In India - The Decade AheadCybersecurity In India - The Decade Ahead
Cybersecurity In India - The Decade Ahead
 
INSIDE ARM-X - Countermeasure 2019
INSIDE ARM-X - Countermeasure 2019INSIDE ARM-X - Countermeasure 2019
INSIDE ARM-X - Countermeasure 2019
 
The Road To Defendable Systems - Emirates NBD
The Road To Defendable Systems - Emirates NBDThe Road To Defendable Systems - Emirates NBD
The Road To Defendable Systems - Emirates NBD
 
The CISO's Dilemma 44CON 2019
The CISO's Dilemma 44CON 2019The CISO's Dilemma 44CON 2019
The CISO's Dilemma 44CON 2019
 
The CISO's Dilemma HITBGSEC2019
The CISO's Dilemma HITBGSEC2019The CISO's Dilemma HITBGSEC2019
The CISO's Dilemma HITBGSEC2019
 
Schrödinger's ARM Assembly
Schrödinger's ARM AssemblySchrödinger's ARM Assembly
Schrödinger's ARM Assembly
 
ARM Polyglot Shellcode - HITB2019AMS
ARM Polyglot Shellcode - HITB2019AMSARM Polyglot Shellcode - HITB2019AMS
ARM Polyglot Shellcode - HITB2019AMS
 
What Makes a Compelling Photograph
What Makes a Compelling PhotographWhat Makes a Compelling Photograph
What Makes a Compelling Photograph
 
Make ARM Shellcode Great Again - HITB2018PEK
Make ARM Shellcode Great Again - HITB2018PEKMake ARM Shellcode Great Again - HITB2018PEK
Make ARM Shellcode Great Again - HITB2018PEK
 
HackLU 2018 Make ARM Shellcode Great Again
HackLU 2018 Make ARM Shellcode Great AgainHackLU 2018 Make ARM Shellcode Great Again
HackLU 2018 Make ARM Shellcode Great Again
 
Hack.LU 2018 ARM IoT Firmware Emulation Workshop
Hack.LU 2018 ARM IoT Firmware Emulation WorkshopHack.LU 2018 ARM IoT Firmware Emulation Workshop
Hack.LU 2018 ARM IoT Firmware Emulation Workshop
 
Make ARM Shellcode Great Again
Make ARM Shellcode Great AgainMake ARM Shellcode Great Again
Make ARM Shellcode Great Again
 

Recently uploaded

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 

Recently uploaded (20)

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 

Debugging with EMUX - RIngzer0 BACK2WORKSHOPS

  • 1. @therealsaumil @_ringzer0 debugging WITH EMUX SAUMIL SHAH @therealsaumil 7 JULY 2022 < BACK2 workshops` ringzer¿
  • 2. @therealsaumil @_ringzer0 # WHO AM I Saumil Shah @therealsaumil educating, entertaining and exasperating audiences since 1999
  • 3. @therealsaumil @_ringzer0 WHAT IS ARM + MIPS IoT Emulation Framework emux.exploitlab.net
  • 4. @therealsaumil @_ringzer0 What Is This Workshop About An Introduction to debugging binaries on emulated targets Using GDB + gdbserver for remote debugging Hands-on examples How EMUX makes the debugging process easy
  • 5. @therealsaumil @_ringzer0 EMUX docker container HOST EMUX DOCKER launcher EMULATED TARGET ON QEMU emux-docker-shell workspace (shared directory) nweb (target binary) 192.168.100.2 192.168.100.1 socat 80 20080 RINGZER0 HACKME
  • 6. @therealsaumil @_ringzer0 Concepts Covered Functions of a Debugger How does Remote Debugging work EMUX's debugger wrappers Advantages of using GEF Debugging a webserver binary Crash Dump Analysis
  • 7. @therealsaumil @_ringzer0 Functions of a Debugger Inspect the target Inspect the CPU state Examine Memory Control Process Execution Analyse Crashes and Exceptions Luxuries: Plugins, Macros, Logging
  • 8. @therealsaumil @_ringzer0 Remote Debugging - how it works GDB multiarch nweb (target binary) 192.168.100.1 gdbserver :5000 --attach <PID> (gdb) target remote 192.168.100.2:5000 (gdb) set sysroot target:/path/to/rootfs (gdb) continue REMOTE HOST 192.168.100.2
  • 9. @therealsaumil @_ringzer0 Remote Debugging - emuxgdb emux-docker-shell nweb (target binary) REMOTE HOST 192.168.100.1 gdbserver $ emuxgdb nweb (gdb) " Automatically looks up the PID of the target " Launches gdbserver on the remote host " Launches gdb-multiarch locally " Connects to remote gdbserver " Sets sysroot " Ready to debug! 192.168.100.2
  • 11. @therealsaumil @_ringzer0 A few GDB/GEF commands RECONNAISSANCE vmmap [GEF] Display the process' memory layout info target Information about the target being debugged (ELF binary) info sharedlibrary Shared Libraries that are loaded with the binary info functions List of functions that belong to the target binary PROCESS EXECUTION break Set a breakpoint continue Resume process execution rbreak Set multiple breakpoints using regular expressions stepi / nexti Step Into / Next Instruction CPU AND MEMORY context [GEF] Better view of registers, stack, code, call stack, etc. x Examine memory (many variations) hexdump [GEF] When you want characters and bytes side by side backtrace Display the call stack info frame Inspect stack frames disassemble Disassemble code printf Formatted printing LUXURIES set logging Enable / Disable logging and redirect log output to a file commands Execute multiple commands in sequence every time a breakpoint is reached
  • 12. @therealsaumil @_ringzer0 EMUX utilities emuxps List processes running in the emulated device emuxkill Terminate a process inside the emulated device emuxmaps Remote process virtual memory layout emuxgdb Attach gdb to a remote process in the emulated device emuxnetstat Remote netstat emuxhalt Shut down the emulated device monitor Attach to QEMU monitor
  • 14. @therealsaumil @_ringzer0 Start EMUX ./run-emux-docker : : [+] Setting up forwarded ports 20080:80,20443:443,28080:8080,24433:4433,9999:9999 [+] mapping port 20080 -> 192.168.100.2:80 [+] mapping port 20443 -> 192.168.100.2:443 [+] mapping port 28080 -> 192.168.100.2:8080 [+] mapping port 24433 -> 192.168.100.2:4433 [+] mapping port 9999 -> 192.168.100.2:9999 ___ __ __ _ __ __ / __| / | | | / / by Saumil Shah | The Exploit Laboratory | __| |/| | |_| ) ( @therealsaumil | emux.exploitlab.net ___|_| |_____/_/_ [EMUX-DOCKER !] ~$ 1. Start the EMUX Docker Container
  • 15. @therealsaumil @_ringzer0 Launch the target 2. Run launcher and boot into Damn Vulnerable ARM Router [EMUX-DOCKER !] ~$ launcher
  • 16. @therealsaumil @_ringzer0 Start Userspace ./emux-docker-shell [emux-docker !] ~$ 3. Open a new terminal window and attach to emux-docker-shell [emux-docker !] ~$ userspace 4. Run userspace
  • 17. @therealsaumil @_ringzer0 Enter the DVAR Console 5. Select "Enter the Damn Vulnerable ARM Router CONSOLE" option
  • 18. @therealsaumil @_ringzer0 Start nweb (our target binary) Entering Damn Vulnerable ARM Router CONSOLE (/bin/sh) [+] Logging enabled [+] EMUX Debug log - /home/r0/workspace/logs/emuxdebug.log [+] QEMU Console log - qemuconsole.log [+] chroot /emux/DV-ARM/rootfs-arm /.emux/emuxshell Script started, output log file is '/home/r0/workspace/logs/emuxdebug.log'. BusyBox v1.23.2 (2021-10-14 18:26:48 IST) built-in shell (ash) / # nweb 80 /www/nweb/ 6. Manually start the nweb web server from the Busybox prompt ./emux-docker-shell [emux-docker !] ~$ curl http://192.168.100.2 <h1>Ringzer0 Hackme</h1> 7. Start another emux-docker-shell and test nweb
  • 19. @therealsaumil @_ringzer0 Grab the attack scripts! [emux-docker !] ~$ cd workspace [emux-docker !] ~/workspace$ wget https://saumil.net/tmp/attack1.py --2022-07-07 14:12:48-- https://saumil.net/tmp/attack1.py Resolving saumil.net (saumil.net)... 208.113.163.5 Connecting to saumil.net (saumil.net)|208.113.163.5|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 535 [text/plain] Saving to: 'attack1.py' attack1.py 100%[=======================>] 535 --.-KB/s in 0s 2022-07-07 14:12:50 (58.9 MB/s) - 'attack1.py' saved [535/535] [emux-docker !] ~/workspace$ chmod +x attack1.py 8. From the emux-docker-shell grab the following attack scripts
  • 21. @therealsaumil @_ringzer0 HERE BE THE GOODS CODE: https://github.com/therealsaumil/emux !- ANNOUNCEMENTS: @therealsaumil DOCS: https://emux.exploitlab.net/