SlideShare a Scribd company logo

Debugging with EMUX - RIngzer0 BACK2WORKSHOPS

Saumil Shah
Saumil Shah

The EMUX IoT Firmware Emulation Framework currently provides near native userland emulation for ARM and MIPS IoT devices. EMUX is actively used Saumil's popular ARM IoT Exploit Laboratory training for over 5 years. The Debugging with EMUX workshop shall be in two parts: Part 1 (30 minutes) - Setting up EMUX in 7 minutes - A tour of EMUX internals - EMUX utilities - Tracing userland processes within EMUX Part 2 (90 minutes) - Debugging an ARM IoT target in EMUX - Debugging a MIPS IoT Target in EMUX - Crash dump analysis

Technology
1 of 23
@therealsaumil @_ringzer0 debugging WITH EMUX SAUMIL SHAH @therealsaumil 7 JULY 2022 < BACK2 workshops` ringzer¿
@therealsaumil @_ringzer0 # WHO AM I Saumil Shah @therealsaumil educating, entertaining and exasperating audiences since 1999
@therealsaumil @_ringzer0 WHAT IS ARM + MIPS IoT Emulation Framework emux.exploitlab.net
@therealsaumil @_ringzer0 What Is This Workshop About An Introduction to debugging binaries on emulated targets Using GDB + gdbserver for remote debugging Hands-on examples How EMUX makes the debugging process easy
@therealsaumil @_ringzer0 EMUX docker container HOST EMUX DOCKER launcher EMULATED TARGET ON QEMU emux-docker-shell workspace (shared directory) nweb (target binary) 192.168.100.2 192.168.100.1 socat 80 20080 RINGZER0 HACKME
@therealsaumil @_ringzer0 Concepts Covered Functions of a Debugger How does Remote Debugging work EMUX's debugger wrappers Advantages of using GEF Debugging a webserver binary Crash Dump Analysis
@therealsaumil @_ringzer0 Functions of a Debugger Inspect the target Inspect the CPU state Examine Memory Control Process Execution Analyse Crashes and Exceptions Luxuries: Plugins, Macros, Logging
@therealsaumil @_ringzer0 Remote Debugging - how it works GDB multiarch nweb (target binary) 192.168.100.1 gdbserver :5000 --attach <PID> (gdb) target remote 192.168.100.2:5000 (gdb) set sysroot target:/path/to/rootfs (gdb) continue REMOTE HOST 192.168.100.2
@therealsaumil @_ringzer0 Remote Debugging - emuxgdb emux-docker-shell nweb (target binary) REMOTE HOST 192.168.100.1 gdbserver $ emuxgdb nweb (gdb) " Automatically looks up the PID of the target " Launches gdbserver on the remote host " Launches gdb-multiarch locally " Connects to remote gdbserver " Sets sysroot " Ready to debug! 192.168.100.2
@therealsaumil @_ringzer0 Plain ol GDB -vs- new & shiny GEF
@therealsaumil @_ringzer0 A few GDB/GEF commands RECONNAISSANCE vmmap [GEF] Display the process' memory layout info target Information about the target being debugged (ELF binary) info sharedlibrary Shared Libraries that are loaded with the binary info functions List of functions that belong to the target binary PROCESS EXECUTION break Set a breakpoint continue Resume process execution rbreak Set multiple breakpoints using regular expressions stepi / nexti Step Into / Next Instruction CPU AND MEMORY context [GEF] Better view of registers, stack, code, call stack, etc. x Examine memory (many variations) hexdump [GEF] When you want characters and bytes side by side backtrace Display the call stack info frame Inspect stack frames disassemble Disassemble code printf Formatted printing LUXURIES set logging Enable / Disable logging and redirect log output to a file commands Execute multiple commands in sequence every time a breakpoint is reached
@therealsaumil @_ringzer0 EMUX utilities emuxps List processes running in the emulated device emuxkill Terminate a process inside the emulated device emuxmaps Remote process virtual memory layout emuxgdb Attach gdb to a remote process in the emulated device emuxnetstat Remote netstat emuxhalt Shut down the emulated device monitor Attach to QEMU monitor
@therealsaumil @_ringzer0 SETTING UP!
@therealsaumil @_ringzer0 Start EMUX ./run-emux-docker : : [+] Setting up forwarded ports 20080:80,20443:443,28080:8080,24433:4433,9999:9999 [+] mapping port 20080 -> 192.168.100.2:80 [+] mapping port 20443 -> 192.168.100.2:443 [+] mapping port 28080 -> 192.168.100.2:8080 [+] mapping port 24433 -> 192.168.100.2:4433 [+] mapping port 9999 -> 192.168.100.2:9999 ___ __ __ _ __ __ / __| / | | | / / by Saumil Shah | The Exploit Laboratory | __| |/| | |_| ) ( @therealsaumil | emux.exploitlab.net ___|_| |_____/_/_ [EMUX-DOCKER !] ~$ 1. Start the EMUX Docker Container
@therealsaumil @_ringzer0 Launch the target 2. Run launcher and boot into Damn Vulnerable ARM Router [EMUX-DOCKER !] ~$ launcher
@therealsaumil @_ringzer0 Start Userspace ./emux-docker-shell [emux-docker !] ~$ 3. Open a new terminal window and attach to emux-docker-shell [emux-docker !] ~$ userspace 4. Run userspace
@therealsaumil @_ringzer0 Enter the DVAR Console 5. Select "Enter the Damn Vulnerable ARM Router CONSOLE" option
@therealsaumil @_ringzer0 Start nweb (our target binary) Entering Damn Vulnerable ARM Router CONSOLE (/bin/sh) [+] Logging enabled [+] EMUX Debug log - /home/r0/workspace/logs/emuxdebug.log [+] QEMU Console log - qemuconsole.log [+] chroot /emux/DV-ARM/rootfs-arm /.emux/emuxshell Script started, output log file is '/home/r0/workspace/logs/emuxdebug.log'. BusyBox v1.23.2 (2021-10-14 18:26:48 IST) built-in shell (ash) / # nweb 80 /www/nweb/ 6. Manually start the nweb web server from the Busybox prompt ./emux-docker-shell [emux-docker !] ~$ curl http://192.168.100.2 <h1>Ringzer0 Hackme</h1> 7. Start another emux-docker-shell and test nweb
@therealsaumil @_ringzer0 Grab the attack scripts! [emux-docker !] ~$ cd workspace [emux-docker !] ~/workspace$ wget https://saumil.net/tmp/attack1.py --2022-07-07 14:12:48-- https://saumil.net/tmp/attack1.py Resolving saumil.net (saumil.net)... 208.113.163.5 Connecting to saumil.net (saumil.net)|208.113.163.5|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 535 [text/plain] Saving to: 'attack1.py' attack1.py 100%[=======================>] 535 --.-KB/s in 0s 2022-07-07 14:12:50 (58.9 MB/s) - 'attack1.py' saved [535/535] [emux-docker !] ~/workspace$ chmod +x attack1.py 8. From the emux-docker-shell grab the following attack scripts
@therealsaumil @_ringzer0 HANDS ON EMUXGDB
@therealsaumil @_ringzer0 HERE BE THE GOODS CODE: https://github.com/therealsaumil/emux !- ANNOUNCEMENTS: @therealsaumil DOCS: https://emux.exploitlab.net/
@therealsaumil @_ringzer0 ringzer¿ AUGUST 6-9 REGISTRATIONS OPEN www.ringzer¿.training THE ARM IoT EXPLOIT LABORATORY
@therealsaumil @_ringzer0 THANK YOU! SAUMIL SHAH @therealsaumil 7 JULY 2022 < BACK2 workshops` ringzer¿

Recommended

Introducing ARM-X
Introducing ARM-XIntroducing ARM-X
Introducing ARM-XSaumil Shah
 
Make ARM Shellcode Great Again
Make ARM Shellcode Great AgainMake ARM Shellcode Great Again
Make ARM Shellcode Great AgainSaumil Shah
 
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...Linaro
 
Introduction to Optee (26 may 2016)
Introduction to Optee (26 may 2016)Introduction to Optee (26 may 2016)
Introduction to Optee (26 may 2016)Yannick Gicquel
 
Linux Kernel Development
Linux Kernel DevelopmentLinux Kernel Development
Linux Kernel DevelopmentPriyank Kapadia
 
HKG15-311: OP-TEE for Beginners and Porting Review
HKG15-311: OP-TEE for Beginners and Porting ReviewHKG15-311: OP-TEE for Beginners and Porting Review
HKG15-311: OP-TEE for Beginners and Porting ReviewLinaro
 
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEEBKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEELinaro
 
docker installation and basics
docker installation and basicsdocker installation and basics
docker installation and basicsWalid Ashraf
 

Recommended

Introducing ARM-X
Introducing ARM-XIntroducing ARM-X
Introducing ARM-XSaumil Shah
 
Make ARM Shellcode Great Again
Make ARM Shellcode Great AgainMake ARM Shellcode Great Again
Make ARM Shellcode Great AgainSaumil Shah
 
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...Linaro
 
Introduction to Optee (26 may 2016)
Introduction to Optee (26 may 2016)Introduction to Optee (26 may 2016)
Introduction to Optee (26 may 2016)Yannick Gicquel
 
Linux Kernel Development
Linux Kernel DevelopmentLinux Kernel Development
Linux Kernel DevelopmentPriyank Kapadia
 
HKG15-311: OP-TEE for Beginners and Porting Review
HKG15-311: OP-TEE for Beginners and Porting ReviewHKG15-311: OP-TEE for Beginners and Porting Review
HKG15-311: OP-TEE for Beginners and Porting ReviewLinaro
 
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEEBKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEELinaro
 
docker installation and basics
docker installation and basicsdocker installation and basics
docker installation and basicsWalid Ashraf
 
Lcu14 107- op-tee on ar mv8
Lcu14 107- op-tee on ar mv8Lcu14 107- op-tee on ar mv8
Lcu14 107- op-tee on ar mv8Linaro
 
Snort
SnortSnort
SnortStickman Hai
 
Linux command ppt
Linux command pptLinux command ppt
Linux command pptkalyanineve
 
SFO15-200: Linux kernel generic TEE driver
SFO15-200: Linux kernel generic TEE driverSFO15-200: Linux kernel generic TEE driver
SFO15-200: Linux kernel generic TEE driverLinaro
 
SFO15-503: Secure storage in OP-TEE
SFO15-503: Secure storage in OP-TEESFO15-503: Secure storage in OP-TEE
SFO15-503: Secure storage in OP-TEELinaro
 
OPTEE on QEMU - Build Tutorial
OPTEE on QEMU - Build TutorialOPTEE on QEMU - Build Tutorial
OPTEE on QEMU - Build TutorialDalton Valadares
 
NMap
NMapNMap
NMapPritesh Raka
 
Understanding NMAP
Understanding NMAPUnderstanding NMAP
Understanding NMAPPhannarith Ou, G-CISO
 
Mender; the open-source software update solution
Mender; the open-source software update solutionMender; the open-source software update solution
Mender; the open-source software update solutionMender.io
 
LCU14-103: How to create and run Trusted Applications on OP-TEE
LCU14-103: How to create and run Trusted Applications on OP-TEELCU14-103: How to create and run Trusted Applications on OP-TEE
LCU14-103: How to create and run Trusted Applications on OP-TEELinaro
 
U boot-boot-flow
U boot-boot-flowU boot-boot-flow
U boot-boot-flowBabuSubashChandar Chandra Mohan
 
Ansible presentation
Ansible presentationAnsible presentation
Ansible presentationSuresh Kumar
 
[KubeCon EU 2021] Introduction and Deep Dive Into Containerd
[KubeCon EU 2021] Introduction and Deep Dive Into Containerd[KubeCon EU 2021] Introduction and Deep Dive Into Containerd
[KubeCon EU 2021] Introduction and Deep Dive Into ContainerdAkihiro Suda
 
From printk to QEMU: Xen/Linux Kernel debugging
From printk to QEMU: Xen/Linux Kernel debuggingFrom printk to QEMU: Xen/Linux Kernel debugging
From printk to QEMU: Xen/Linux Kernel debuggingThe Linux Foundation
 
TEE - kernel support is now upstream. What this means for open source security
TEE - kernel support is now upstream. What this means for open source securityTEE - kernel support is now upstream. What this means for open source security
TEE - kernel support is now upstream. What this means for open source securityLinaro
 
Android Audio System
Android Audio SystemAndroid Audio System
Android Audio SystemYi-Hsiang Huang
 
Linux device drivers
Linux device drivers Linux device drivers
Linux device drivers Emertxe Information Technologies Pvt Ltd
 
Basic Linux Internals
Basic Linux InternalsBasic Linux Internals
Basic Linux Internalsmukul bhardwaj
 
RISC-V-Day-Tokyo2018-suzaki
RISC-V-Day-Tokyo2018-suzakiRISC-V-Day-Tokyo2018-suzaki
RISC-V-Day-Tokyo2018-suzakiKuniyasu Suzaki
 
Network Scanning Phases and Supporting Tools
Network Scanning Phases and Supporting ToolsNetwork Scanning Phases and Supporting Tools
Network Scanning Phases and Supporting ToolsJoseph Bugeja
 
Docker Introduction.pdf
Docker Introduction.pdfDocker Introduction.pdf
Docker Introduction.pdfOKLABS
 
Docker, c'est bonheur !
Docker, c'est bonheur !Docker, c'est bonheur !
Docker, c'est bonheur !Alexandre Salomé
 

More Related Content

What's hot

Lcu14 107- op-tee on ar mv8
Lcu14 107- op-tee on ar mv8Lcu14 107- op-tee on ar mv8
Lcu14 107- op-tee on ar mv8Linaro
 
Linux command ppt
Linux command pptLinux command ppt
Linux command pptkalyanineve
 
SFO15-200: Linux kernel generic TEE driver
SFO15-200: Linux kernel generic TEE driverSFO15-200: Linux kernel generic TEE driver
SFO15-200: Linux kernel generic TEE driverLinaro
 
SFO15-503: Secure storage in OP-TEE
SFO15-503: Secure storage in OP-TEESFO15-503: Secure storage in OP-TEE
SFO15-503: Secure storage in OP-TEELinaro
 
OPTEE on QEMU - Build Tutorial
OPTEE on QEMU - Build TutorialOPTEE on QEMU - Build Tutorial
OPTEE on QEMU - Build TutorialDalton Valadares
 
Mender; the open-source software update solution
Mender; the open-source software update solutionMender; the open-source software update solution
Mender; the open-source software update solutionMender.io
 
LCU14-103: How to create and run Trusted Applications on OP-TEE
LCU14-103: How to create and run Trusted Applications on OP-TEELCU14-103: How to create and run Trusted Applications on OP-TEE
LCU14-103: How to create and run Trusted Applications on OP-TEELinaro
 
Ansible presentation
Ansible presentationAnsible presentation
Ansible presentationSuresh Kumar
 
[KubeCon EU 2021] Introduction and Deep Dive Into Containerd
[KubeCon EU 2021] Introduction and Deep Dive Into Containerd[KubeCon EU 2021] Introduction and Deep Dive Into Containerd
[KubeCon EU 2021] Introduction and Deep Dive Into ContainerdAkihiro Suda
 
From printk to QEMU: Xen/Linux Kernel debugging
From printk to QEMU: Xen/Linux Kernel debuggingFrom printk to QEMU: Xen/Linux Kernel debugging
From printk to QEMU: Xen/Linux Kernel debuggingThe Linux Foundation
 
TEE - kernel support is now upstream. What this means for open source security
TEE - kernel support is now upstream. What this means for open source securityTEE - kernel support is now upstream. What this means for open source security
TEE - kernel support is now upstream. What this means for open source securityLinaro
 
RISC-V-Day-Tokyo2018-suzaki
RISC-V-Day-Tokyo2018-suzakiRISC-V-Day-Tokyo2018-suzaki
RISC-V-Day-Tokyo2018-suzakiKuniyasu Suzaki
 
Network Scanning Phases and Supporting Tools
Network Scanning Phases and Supporting ToolsNetwork Scanning Phases and Supporting Tools
Network Scanning Phases and Supporting ToolsJoseph Bugeja
 

What's hot (20)

Lcu14 107- op-tee on ar mv8
Lcu14 107- op-tee on ar mv8Lcu14 107- op-tee on ar mv8
Lcu14 107- op-tee on ar mv8
 
Snort
SnortSnort
Snort
 
Linux command ppt
Linux command pptLinux command ppt
Linux command ppt
 
SFO15-200: Linux kernel generic TEE driver
SFO15-200: Linux kernel generic TEE driverSFO15-200: Linux kernel generic TEE driver
SFO15-200: Linux kernel generic TEE driver
 
SFO15-503: Secure storage in OP-TEE
SFO15-503: Secure storage in OP-TEESFO15-503: Secure storage in OP-TEE
SFO15-503: Secure storage in OP-TEE
 
OPTEE on QEMU - Build Tutorial
OPTEE on QEMU - Build TutorialOPTEE on QEMU - Build Tutorial
OPTEE on QEMU - Build Tutorial
 
NMap
NMapNMap
NMap
 
Understanding NMAP
Understanding NMAPUnderstanding NMAP
Understanding NMAP
 
Mender; the open-source software update solution
Mender; the open-source software update solutionMender; the open-source software update solution
Mender; the open-source software update solution
 
LCU14-103: How to create and run Trusted Applications on OP-TEE
LCU14-103: How to create and run Trusted Applications on OP-TEELCU14-103: How to create and run Trusted Applications on OP-TEE
LCU14-103: How to create and run Trusted Applications on OP-TEE
 
U boot-boot-flow
U boot-boot-flowU boot-boot-flow
U boot-boot-flow
 
Ansible presentation
Ansible presentationAnsible presentation
Ansible presentation
 
[KubeCon EU 2021] Introduction and Deep Dive Into Containerd
[KubeCon EU 2021] Introduction and Deep Dive Into Containerd[KubeCon EU 2021] Introduction and Deep Dive Into Containerd
[KubeCon EU 2021] Introduction and Deep Dive Into Containerd
 
From printk to QEMU: Xen/Linux Kernel debugging
From printk to QEMU: Xen/Linux Kernel debuggingFrom printk to QEMU: Xen/Linux Kernel debugging
From printk to QEMU: Xen/Linux Kernel debugging
 
TEE - kernel support is now upstream. What this means for open source security
TEE - kernel support is now upstream. What this means for open source securityTEE - kernel support is now upstream. What this means for open source security
TEE - kernel support is now upstream. What this means for open source security
 
Android Audio System
Android Audio SystemAndroid Audio System
Android Audio System
 
Linux device drivers
Linux device drivers Linux device drivers
Linux device drivers
 
Basic Linux Internals
Basic Linux InternalsBasic Linux Internals
Basic Linux Internals
 
RISC-V-Day-Tokyo2018-suzaki
RISC-V-Day-Tokyo2018-suzakiRISC-V-Day-Tokyo2018-suzaki
RISC-V-Day-Tokyo2018-suzaki
 
Network Scanning Phases and Supporting Tools
Network Scanning Phases and Supporting ToolsNetwork Scanning Phases and Supporting Tools
Network Scanning Phases and Supporting Tools
 

Similar to Debugging with EMUX - RIngzer0 BACK2WORKSHOPS

Docker Introduction.pdf
Docker Introduction.pdfDocker Introduction.pdf
Docker Introduction.pdfOKLABS
 
Docker Compose user guide
Docker Compose user guideDocker Compose user guide
Docker Compose user guideVAIBHAV GUPTA
 
Docker for (Java) Developers
Docker for (Java) DevelopersDocker for (Java) Developers
Docker for (Java) DevelopersRafael Benevides
 
Getting started docker notes
Getting started docker notesGetting started docker notes
Getting started docker notesAJAY NAYAK
 
kubernetes - minikube - getting started
kubernetes - minikube - getting startedkubernetes - minikube - getting started
kubernetes - minikube - getting startedMunish Mehta
 
Infrastructureascode slideshare-160331143725
Infrastructureascode slideshare-160331143725Infrastructureascode slideshare-160331143725
Infrastructureascode slideshare-160331143725miguel dominguez
 
Infrastructureascode slideshare-160331143725
Infrastructureascode slideshare-160331143725Infrastructureascode slideshare-160331143725
Infrastructureascode slideshare-160331143725MortazaJohari
 
Infrastructure as code: running microservices on AWS using Docker, Terraform,...
Infrastructure as code: running microservices on AWS using Docker, Terraform,...Infrastructure as code: running microservices on AWS using Docker, Terraform,...
Infrastructure as code: running microservices on AWS using Docker, Terraform,...Yevgeniy Brikman
 
Delivering Docker & K3s worloads to IoT Edge devices
Delivering Docker & K3s worloads to IoT Edge devicesDelivering Docker & K3s worloads to IoT Edge devices
Delivering Docker & K3s worloads to IoT Edge devicesAjeet Singh Raina
 
Docker in a JS Developer’s Life
Docker in a JS Developer’s LifeDocker in a JS Developer’s Life
Docker in a JS Developer’s LifeGlobalLogic Ukraine
 
Kubernetes laravel and kubernetes
Kubernetes laravel and kubernetesKubernetes laravel and kubernetes
Kubernetes laravel and kubernetesWilliam Stewart
 
Docker Essentials Workshop— Innovation Labs July 2020
Docker Essentials Workshop— Innovation Labs July 2020Docker Essentials Workshop— Innovation Labs July 2020
Docker Essentials Workshop— Innovation Labs July 2020CloudHero
 
[Codelab 2017] Docker 기초 및 활용 방안
[Codelab 2017] Docker 기초 및 활용 방안[Codelab 2017] Docker 기초 및 활용 방안
[Codelab 2017] Docker 기초 및 활용 방안양재동 코드랩
 
Improve your Java Environment with Docker
Improve your Java Environment with DockerImprove your Java Environment with Docker
Improve your Java Environment with DockerHanoiJUG
 
Primi passi con Docker - ItalianCoders - 12-01-2021
Primi passi con Docker - ItalianCoders - 12-01-2021Primi passi con Docker - ItalianCoders - 12-01-2021
Primi passi con Docker - ItalianCoders - 12-01-2021Alessandro Mignogna
 

Similar to Debugging with EMUX - RIngzer0 BACK2WORKSHOPS (20)

Docker Introduction.pdf
Docker Introduction.pdfDocker Introduction.pdf
Docker Introduction.pdf
 
Docker, c'est bonheur !
Docker, c'est bonheur !Docker, c'est bonheur !
Docker, c'est bonheur !
 
Docker Compose user guide
Docker Compose user guideDocker Compose user guide
Docker Compose user guide
 
Docker for (Java) Developers
Docker for (Java) DevelopersDocker for (Java) Developers
Docker for (Java) Developers
 
Getting started docker notes
Getting started docker notesGetting started docker notes
Getting started docker notes
 
kubernetes - minikube - getting started
kubernetes - minikube - getting startedkubernetes - minikube - getting started
kubernetes - minikube - getting started
 
From zero to Docker
From zero to DockerFrom zero to Docker
From zero to Docker
 
Infrastructureascode slideshare-160331143725
Infrastructureascode slideshare-160331143725Infrastructureascode slideshare-160331143725
Infrastructureascode slideshare-160331143725
 
Infrastructureascode slideshare-160331143725
Infrastructureascode slideshare-160331143725Infrastructureascode slideshare-160331143725
Infrastructureascode slideshare-160331143725
 
Infrastructure as code: running microservices on AWS using Docker, Terraform,...
Infrastructure as code: running microservices on AWS using Docker, Terraform,...Infrastructure as code: running microservices on AWS using Docker, Terraform,...
Infrastructure as code: running microservices on AWS using Docker, Terraform,...
 
Delivering Docker & K3s worloads to IoT Edge devices
Delivering Docker & K3s worloads to IoT Edge devicesDelivering Docker & K3s worloads to IoT Edge devices
Delivering Docker & K3s worloads to IoT Edge devices
 
Docker in a JS Developer’s Life
Docker in a JS Developer’s LifeDocker in a JS Developer’s Life
Docker in a JS Developer’s Life
 
Kubernetes laravel and kubernetes
Kubernetes laravel and kubernetesKubernetes laravel and kubernetes
Kubernetes laravel and kubernetes
 
Docker Essentials Workshop— Innovation Labs July 2020
Docker Essentials Workshop— Innovation Labs July 2020Docker Essentials Workshop— Innovation Labs July 2020
Docker Essentials Workshop— Innovation Labs July 2020
 
[Codelab 2017] Docker 기초 및 활용 방안
[Codelab 2017] Docker 기초 및 활용 방안[Codelab 2017] Docker 기초 및 활용 방안
[Codelab 2017] Docker 기초 및 활용 방안
 
Docker
DockerDocker
Docker
 
Improve your Java Environment with Docker
Improve your Java Environment with DockerImprove your Java Environment with Docker
Improve your Java Environment with Docker
 
Primi passi con Docker - ItalianCoders - 12-01-2021
Primi passi con Docker - ItalianCoders - 12-01-2021Primi passi con Docker - ItalianCoders - 12-01-2021
Primi passi con Docker - ItalianCoders - 12-01-2021
 
Ansible101
Ansible101Ansible101
Ansible101
 
Docker
DockerDocker
Docker
 

More from Saumil Shah

The Hand That Strikes, Also Blocks
The Hand That Strikes, Also BlocksThe Hand That Strikes, Also Blocks
The Hand That Strikes, Also BlocksSaumil Shah
 
Unveiling EMUX - ARM and MIPS IoT Emulation Framework
Unveiling EMUX - ARM and MIPS IoT Emulation FrameworkUnveiling EMUX - ARM and MIPS IoT Emulation Framework
Unveiling EMUX - ARM and MIPS IoT Emulation FrameworkSaumil Shah
 
Announcing ARMX Docker - DC11332
Announcing ARMX Docker - DC11332Announcing ARMX Docker - DC11332
Announcing ARMX Docker - DC11332Saumil Shah
 
Precise Presentations
Precise PresentationsPrecise Presentations
Precise PresentationsSaumil Shah
 
Effective Webinars: Presentation Skills for a Virtual Audience
Effective Webinars: Presentation Skills for a Virtual AudienceEffective Webinars: Presentation Skills for a Virtual Audience
Effective Webinars: Presentation Skills for a Virtual AudienceSaumil Shah
 
INSIDE ARM-X Cansecwest 2020
INSIDE ARM-X Cansecwest 2020INSIDE ARM-X Cansecwest 2020
INSIDE ARM-X Cansecwest 2020Saumil Shah
 
Cyberspace And Security - India's Decade Ahead
Cyberspace And Security - India's Decade AheadCyberspace And Security - India's Decade Ahead
Cyberspace And Security - India's Decade AheadSaumil Shah
 
Cybersecurity And Sovereignty - A Look At Society's Transformation In Cyberspace
Cybersecurity And Sovereignty - A Look At Society's Transformation In CyberspaceCybersecurity And Sovereignty - A Look At Society's Transformation In Cyberspace
Cybersecurity And Sovereignty - A Look At Society's Transformation In CyberspaceSaumil Shah
 
NSConclave2020 The Decade Behind And The Decade Ahead
NSConclave2020 The Decade Behind And The Decade AheadNSConclave2020 The Decade Behind And The Decade Ahead
NSConclave2020 The Decade Behind And The Decade AheadSaumil Shah
 
Cybersecurity In India - The Decade Ahead
Cybersecurity In India - The Decade AheadCybersecurity In India - The Decade Ahead
Cybersecurity In India - The Decade AheadSaumil Shah
 
INSIDE ARM-X - Countermeasure 2019
INSIDE ARM-X - Countermeasure 2019INSIDE ARM-X - Countermeasure 2019
INSIDE ARM-X - Countermeasure 2019Saumil Shah
 
The Road To Defendable Systems - Emirates NBD
The Road To Defendable Systems - Emirates NBDThe Road To Defendable Systems - Emirates NBD
The Road To Defendable Systems - Emirates NBDSaumil Shah
 
The CISO's Dilemma 44CON 2019
The CISO's Dilemma 44CON 2019The CISO's Dilemma 44CON 2019
The CISO's Dilemma 44CON 2019Saumil Shah
 
The CISO's Dilemma HITBGSEC2019
The CISO's Dilemma HITBGSEC2019The CISO's Dilemma HITBGSEC2019
The CISO's Dilemma HITBGSEC2019Saumil Shah
 
Schrödinger's ARM Assembly
Schrödinger's ARM AssemblySchrödinger's ARM Assembly
Schrödinger's ARM AssemblySaumil Shah
 
ARM Polyglot Shellcode - HITB2019AMS
ARM Polyglot Shellcode - HITB2019AMSARM Polyglot Shellcode - HITB2019AMS
ARM Polyglot Shellcode - HITB2019AMSSaumil Shah
 
What Makes a Compelling Photograph
What Makes a Compelling PhotographWhat Makes a Compelling Photograph
What Makes a Compelling PhotographSaumil Shah
 
Make ARM Shellcode Great Again - HITB2018PEK
Make ARM Shellcode Great Again - HITB2018PEKMake ARM Shellcode Great Again - HITB2018PEK
Make ARM Shellcode Great Again - HITB2018PEKSaumil Shah
 
HackLU 2018 Make ARM Shellcode Great Again
HackLU 2018 Make ARM Shellcode Great AgainHackLU 2018 Make ARM Shellcode Great Again
HackLU 2018 Make ARM Shellcode Great AgainSaumil Shah
 
Hack.LU 2018 ARM IoT Firmware Emulation Workshop
Hack.LU 2018 ARM IoT Firmware Emulation WorkshopHack.LU 2018 ARM IoT Firmware Emulation Workshop
Hack.LU 2018 ARM IoT Firmware Emulation WorkshopSaumil Shah
 

More from Saumil Shah (20)

The Hand That Strikes, Also Blocks
The Hand That Strikes, Also BlocksThe Hand That Strikes, Also Blocks
The Hand That Strikes, Also Blocks
 
Unveiling EMUX - ARM and MIPS IoT Emulation Framework
Unveiling EMUX - ARM and MIPS IoT Emulation FrameworkUnveiling EMUX - ARM and MIPS IoT Emulation Framework
Unveiling EMUX - ARM and MIPS IoT Emulation Framework
 
Announcing ARMX Docker - DC11332
Announcing ARMX Docker - DC11332Announcing ARMX Docker - DC11332
Announcing ARMX Docker - DC11332
 
Precise Presentations
Precise PresentationsPrecise Presentations
Precise Presentations
 
Effective Webinars: Presentation Skills for a Virtual Audience
Effective Webinars: Presentation Skills for a Virtual AudienceEffective Webinars: Presentation Skills for a Virtual Audience
Effective Webinars: Presentation Skills for a Virtual Audience
 
INSIDE ARM-X Cansecwest 2020
INSIDE ARM-X Cansecwest 2020INSIDE ARM-X Cansecwest 2020
INSIDE ARM-X Cansecwest 2020
 
Cyberspace And Security - India's Decade Ahead
Cyberspace And Security - India's Decade AheadCyberspace And Security - India's Decade Ahead
Cyberspace And Security - India's Decade Ahead
 
Cybersecurity And Sovereignty - A Look At Society's Transformation In Cyberspace
Cybersecurity And Sovereignty - A Look At Society's Transformation In CyberspaceCybersecurity And Sovereignty - A Look At Society's Transformation In Cyberspace
Cybersecurity And Sovereignty - A Look At Society's Transformation In Cyberspace
 
NSConclave2020 The Decade Behind And The Decade Ahead
NSConclave2020 The Decade Behind And The Decade AheadNSConclave2020 The Decade Behind And The Decade Ahead
NSConclave2020 The Decade Behind And The Decade Ahead
 
Cybersecurity In India - The Decade Ahead
Cybersecurity In India - The Decade AheadCybersecurity In India - The Decade Ahead
Cybersecurity In India - The Decade Ahead
 
INSIDE ARM-X - Countermeasure 2019
INSIDE ARM-X - Countermeasure 2019INSIDE ARM-X - Countermeasure 2019
INSIDE ARM-X - Countermeasure 2019
 
The Road To Defendable Systems - Emirates NBD
The Road To Defendable Systems - Emirates NBDThe Road To Defendable Systems - Emirates NBD
The Road To Defendable Systems - Emirates NBD
 
The CISO's Dilemma 44CON 2019
The CISO's Dilemma 44CON 2019The CISO's Dilemma 44CON 2019
The CISO's Dilemma 44CON 2019
 
The CISO's Dilemma HITBGSEC2019
The CISO's Dilemma HITBGSEC2019The CISO's Dilemma HITBGSEC2019
The CISO's Dilemma HITBGSEC2019
 
Schrödinger's ARM Assembly
Schrödinger's ARM AssemblySchrödinger's ARM Assembly
Schrödinger's ARM Assembly
 
ARM Polyglot Shellcode - HITB2019AMS
ARM Polyglot Shellcode - HITB2019AMSARM Polyglot Shellcode - HITB2019AMS
ARM Polyglot Shellcode - HITB2019AMS
 
What Makes a Compelling Photograph
What Makes a Compelling PhotographWhat Makes a Compelling Photograph
What Makes a Compelling Photograph
 
Make ARM Shellcode Great Again - HITB2018PEK
Make ARM Shellcode Great Again - HITB2018PEKMake ARM Shellcode Great Again - HITB2018PEK
Make ARM Shellcode Great Again - HITB2018PEK
 
HackLU 2018 Make ARM Shellcode Great Again
HackLU 2018 Make ARM Shellcode Great AgainHackLU 2018 Make ARM Shellcode Great Again
HackLU 2018 Make ARM Shellcode Great Again
 
Hack.LU 2018 ARM IoT Firmware Emulation Workshop
Hack.LU 2018 ARM IoT Firmware Emulation WorkshopHack.LU 2018 ARM IoT Firmware Emulation Workshop
Hack.LU 2018 ARM IoT Firmware Emulation Workshop
 

Recently uploaded

Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 

Recently uploaded (20)

Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 

Debugging with EMUX - RIngzer0 BACK2WORKSHOPS

  • 1. @therealsaumil @_ringzer0 debugging WITH EMUX SAUMIL SHAH @therealsaumil 7 JULY 2022 < BACK2 workshops` ringzer¿
  • 2. @therealsaumil @_ringzer0 # WHO AM I Saumil Shah @therealsaumil educating, entertaining and exasperating audiences since 1999
  • 3. @therealsaumil @_ringzer0 WHAT IS ARM + MIPS IoT Emulation Framework emux.exploitlab.net
  • 4. @therealsaumil @_ringzer0 What Is This Workshop About An Introduction to debugging binaries on emulated targets Using GDB + gdbserver for remote debugging Hands-on examples How EMUX makes the debugging process easy
  • 5. @therealsaumil @_ringzer0 EMUX docker container HOST EMUX DOCKER launcher EMULATED TARGET ON QEMU emux-docker-shell workspace (shared directory) nweb (target binary) 192.168.100.2 192.168.100.1 socat 80 20080 RINGZER0 HACKME
  • 6. @therealsaumil @_ringzer0 Concepts Covered Functions of a Debugger How does Remote Debugging work EMUX's debugger wrappers Advantages of using GEF Debugging a webserver binary Crash Dump Analysis
  • 7. @therealsaumil @_ringzer0 Functions of a Debugger Inspect the target Inspect the CPU state Examine Memory Control Process Execution Analyse Crashes and Exceptions Luxuries: Plugins, Macros, Logging
  • 8. @therealsaumil @_ringzer0 Remote Debugging - how it works GDB multiarch nweb (target binary) 192.168.100.1 gdbserver :5000 --attach <PID> (gdb) target remote 192.168.100.2:5000 (gdb) set sysroot target:/path/to/rootfs (gdb) continue REMOTE HOST 192.168.100.2
  • 9. @therealsaumil @_ringzer0 Remote Debugging - emuxgdb emux-docker-shell nweb (target binary) REMOTE HOST 192.168.100.1 gdbserver $ emuxgdb nweb (gdb) " Automatically looks up the PID of the target " Launches gdbserver on the remote host " Launches gdb-multiarch locally " Connects to remote gdbserver " Sets sysroot " Ready to debug! 192.168.100.2
  • 11. @therealsaumil @_ringzer0 A few GDB/GEF commands RECONNAISSANCE vmmap [GEF] Display the process' memory layout info target Information about the target being debugged (ELF binary) info sharedlibrary Shared Libraries that are loaded with the binary info functions List of functions that belong to the target binary PROCESS EXECUTION break Set a breakpoint continue Resume process execution rbreak Set multiple breakpoints using regular expressions stepi / nexti Step Into / Next Instruction CPU AND MEMORY context [GEF] Better view of registers, stack, code, call stack, etc. x Examine memory (many variations) hexdump [GEF] When you want characters and bytes side by side backtrace Display the call stack info frame Inspect stack frames disassemble Disassemble code printf Formatted printing LUXURIES set logging Enable / Disable logging and redirect log output to a file commands Execute multiple commands in sequence every time a breakpoint is reached
  • 12. @therealsaumil @_ringzer0 EMUX utilities emuxps List processes running in the emulated device emuxkill Terminate a process inside the emulated device emuxmaps Remote process virtual memory layout emuxgdb Attach gdb to a remote process in the emulated device emuxnetstat Remote netstat emuxhalt Shut down the emulated device monitor Attach to QEMU monitor
  • 14. @therealsaumil @_ringzer0 Start EMUX ./run-emux-docker : : [+] Setting up forwarded ports 20080:80,20443:443,28080:8080,24433:4433,9999:9999 [+] mapping port 20080 -> 192.168.100.2:80 [+] mapping port 20443 -> 192.168.100.2:443 [+] mapping port 28080 -> 192.168.100.2:8080 [+] mapping port 24433 -> 192.168.100.2:4433 [+] mapping port 9999 -> 192.168.100.2:9999 ___ __ __ _ __ __ / __| / | | | / / by Saumil Shah | The Exploit Laboratory | __| |/| | |_| ) ( @therealsaumil | emux.exploitlab.net ___|_| |_____/_/_ [EMUX-DOCKER !] ~$ 1. Start the EMUX Docker Container
  • 15. @therealsaumil @_ringzer0 Launch the target 2. Run launcher and boot into Damn Vulnerable ARM Router [EMUX-DOCKER !] ~$ launcher
  • 16. @therealsaumil @_ringzer0 Start Userspace ./emux-docker-shell [emux-docker !] ~$ 3. Open a new terminal window and attach to emux-docker-shell [emux-docker !] ~$ userspace 4. Run userspace
  • 17. @therealsaumil @_ringzer0 Enter the DVAR Console 5. Select "Enter the Damn Vulnerable ARM Router CONSOLE" option
  • 18. @therealsaumil @_ringzer0 Start nweb (our target binary) Entering Damn Vulnerable ARM Router CONSOLE (/bin/sh) [+] Logging enabled [+] EMUX Debug log - /home/r0/workspace/logs/emuxdebug.log [+] QEMU Console log - qemuconsole.log [+] chroot /emux/DV-ARM/rootfs-arm /.emux/emuxshell Script started, output log file is '/home/r0/workspace/logs/emuxdebug.log'. BusyBox v1.23.2 (2021-10-14 18:26:48 IST) built-in shell (ash) / # nweb 80 /www/nweb/ 6. Manually start the nweb web server from the Busybox prompt ./emux-docker-shell [emux-docker !] ~$ curl http://192.168.100.2 <h1>Ringzer0 Hackme</h1> 7. Start another emux-docker-shell and test nweb
  • 19. @therealsaumil @_ringzer0 Grab the attack scripts! [emux-docker !] ~$ cd workspace [emux-docker !] ~/workspace$ wget https://saumil.net/tmp/attack1.py --2022-07-07 14:12:48-- https://saumil.net/tmp/attack1.py Resolving saumil.net (saumil.net)... 208.113.163.5 Connecting to saumil.net (saumil.net)|208.113.163.5|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 535 [text/plain] Saving to: 'attack1.py' attack1.py 100%[=======================>] 535 --.-KB/s in 0s 2022-07-07 14:12:50 (58.9 MB/s) - 'attack1.py' saved [535/535] [emux-docker !] ~/workspace$ chmod +x attack1.py 8. From the emux-docker-shell grab the following attack scripts
  • 21. @therealsaumil @_ringzer0 HERE BE THE GOODS CODE: https://github.com/therealsaumil/emux !- ANNOUNCEMENTS: @therealsaumil DOCS: https://emux.exploitlab.net/