SlideShare a Scribd company logo

Debugging with EMUX - RIngzer0 BACK2WORKSHOPS

Saumil Shah
Saumil Shah

The EMUX IoT Firmware Emulation Framework currently provides near native userland emulation for ARM and MIPS IoT devices. EMUX is actively used Saumil's popular ARM IoT Exploit Laboratory training for over 5 years. The Debugging with EMUX workshop shall be in two parts: Part 1 (30 minutes) - Setting up EMUX in 7 minutes - A tour of EMUX internals - EMUX utilities - Tracing userland processes within EMUX Part 2 (90 minutes) - Debugging an ARM IoT target in EMUX - Debugging a MIPS IoT Target in EMUX - Crash dump analysis

Technology
1 of 23
@therealsaumil @_ringzer0 debugging WITH EMUX SAUMIL SHAH @therealsaumil 7 JULY 2022 < BACK2 workshops` ringzer¿
@therealsaumil @_ringzer0 # WHO AM I Saumil Shah @therealsaumil educating, entertaining and exasperating audiences since 1999
@therealsaumil @_ringzer0 WHAT IS ARM + MIPS IoT Emulation Framework emux.exploitlab.net
@therealsaumil @_ringzer0 What Is This Workshop About An Introduction to debugging binaries on emulated targets Using GDB + gdbserver for remote debugging Hands-on examples How EMUX makes the debugging process easy
@therealsaumil @_ringzer0 EMUX docker container HOST EMUX DOCKER launcher EMULATED TARGET ON QEMU emux-docker-shell workspace (shared directory) nweb (target binary) 192.168.100.2 192.168.100.1 socat 80 20080 RINGZER0 HACKME
@therealsaumil @_ringzer0 Concepts Covered Functions of a Debugger How does Remote Debugging work EMUX's debugger wrappers Advantages of using GEF Debugging a webserver binary Crash Dump Analysis
@therealsaumil @_ringzer0 Functions of a Debugger Inspect the target Inspect the CPU state Examine Memory Control Process Execution Analyse Crashes and Exceptions Luxuries: Plugins, Macros, Logging
@therealsaumil @_ringzer0 Remote Debugging - how it works GDB multiarch nweb (target binary) 192.168.100.1 gdbserver :5000 --attach <PID> (gdb) target remote 192.168.100.2:5000 (gdb) set sysroot target:/path/to/rootfs (gdb) continue REMOTE HOST 192.168.100.2
@therealsaumil @_ringzer0 Remote Debugging - emuxgdb emux-docker-shell nweb (target binary) REMOTE HOST 192.168.100.1 gdbserver $ emuxgdb nweb (gdb) " Automatically looks up the PID of the target " Launches gdbserver on the remote host " Launches gdb-multiarch locally " Connects to remote gdbserver " Sets sysroot " Ready to debug! 192.168.100.2
@therealsaumil @_ringzer0 Plain ol GDB -vs- new & shiny GEF
@therealsaumil @_ringzer0 A few GDB/GEF commands RECONNAISSANCE vmmap [GEF] Display the process' memory layout info target Information about the target being debugged (ELF binary) info sharedlibrary Shared Libraries that are loaded with the binary info functions List of functions that belong to the target binary PROCESS EXECUTION break Set a breakpoint continue Resume process execution rbreak Set multiple breakpoints using regular expressions stepi / nexti Step Into / Next Instruction CPU AND MEMORY context [GEF] Better view of registers, stack, code, call stack, etc. x Examine memory (many variations) hexdump [GEF] When you want characters and bytes side by side backtrace Display the call stack info frame Inspect stack frames disassemble Disassemble code printf Formatted printing LUXURIES set logging Enable / Disable logging and redirect log output to a file commands Execute multiple commands in sequence every time a breakpoint is reached
@therealsaumil @_ringzer0 EMUX utilities emuxps List processes running in the emulated device emuxkill Terminate a process inside the emulated device emuxmaps Remote process virtual memory layout emuxgdb Attach gdb to a remote process in the emulated device emuxnetstat Remote netstat emuxhalt Shut down the emulated device monitor Attach to QEMU monitor
@therealsaumil @_ringzer0 SETTING UP!
@therealsaumil @_ringzer0 Start EMUX ./run-emux-docker : : [+] Setting up forwarded ports 20080:80,20443:443,28080:8080,24433:4433,9999:9999 [+] mapping port 20080 -> 192.168.100.2:80 [+] mapping port 20443 -> 192.168.100.2:443 [+] mapping port 28080 -> 192.168.100.2:8080 [+] mapping port 24433 -> 192.168.100.2:4433 [+] mapping port 9999 -> 192.168.100.2:9999 ___ __ __ _ __ __ / __| / | | | / / by Saumil Shah | The Exploit Laboratory | __| |/| | |_| ) ( @therealsaumil | emux.exploitlab.net ___|_| |_____/_/_ [EMUX-DOCKER !] ~$ 1. Start the EMUX Docker Container
@therealsaumil @_ringzer0 Launch the target 2. Run launcher and boot into Damn Vulnerable ARM Router [EMUX-DOCKER !] ~$ launcher
@therealsaumil @_ringzer0 Start Userspace ./emux-docker-shell [emux-docker !] ~$ 3. Open a new terminal window and attach to emux-docker-shell [emux-docker !] ~$ userspace 4. Run userspace
@therealsaumil @_ringzer0 Enter the DVAR Console 5. Select "Enter the Damn Vulnerable ARM Router CONSOLE" option
@therealsaumil @_ringzer0 Start nweb (our target binary) Entering Damn Vulnerable ARM Router CONSOLE (/bin/sh) [+] Logging enabled [+] EMUX Debug log - /home/r0/workspace/logs/emuxdebug.log [+] QEMU Console log - qemuconsole.log [+] chroot /emux/DV-ARM/rootfs-arm /.emux/emuxshell Script started, output log file is '/home/r0/workspace/logs/emuxdebug.log'. BusyBox v1.23.2 (2021-10-14 18:26:48 IST) built-in shell (ash) / # nweb 80 /www/nweb/ 6. Manually start the nweb web server from the Busybox prompt ./emux-docker-shell [emux-docker !] ~$ curl http://192.168.100.2 <h1>Ringzer0 Hackme</h1> 7. Start another emux-docker-shell and test nweb
@therealsaumil @_ringzer0 Grab the attack scripts! [emux-docker !] ~$ cd workspace [emux-docker !] ~/workspace$ wget https://saumil.net/tmp/attack1.py --2022-07-07 14:12:48-- https://saumil.net/tmp/attack1.py Resolving saumil.net (saumil.net)... 208.113.163.5 Connecting to saumil.net (saumil.net)|208.113.163.5|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 535 [text/plain] Saving to: 'attack1.py' attack1.py 100%[=======================>] 535 --.-KB/s in 0s 2022-07-07 14:12:50 (58.9 MB/s) - 'attack1.py' saved [535/535] [emux-docker !] ~/workspace$ chmod +x attack1.py 8. From the emux-docker-shell grab the following attack scripts
@therealsaumil @_ringzer0 HANDS ON EMUXGDB
@therealsaumil @_ringzer0 HERE BE THE GOODS CODE: https://github.com/therealsaumil/emux !- ANNOUNCEMENTS: @therealsaumil DOCS: https://emux.exploitlab.net/
@therealsaumil @_ringzer0 ringzer¿ AUGUST 6-9 REGISTRATIONS OPEN www.ringzer¿.training THE ARM IoT EXPLOIT LABORATORY
@therealsaumil @_ringzer0 THANK YOU! SAUMIL SHAH @therealsaumil 7 JULY 2022 < BACK2 workshops` ringzer¿

Recommended

Introducing ARM-X
Introducing ARM-XIntroducing ARM-X
Introducing ARM-X
Saumil Shah
 
The Linux Command Cheat Sheet
The Linux Command Cheat SheetThe Linux Command Cheat Sheet
The Linux Command Cheat Sheet
Tola LENG
 
Serialization in Go
Serialization in GoSerialization in Go
Serialization in GoAlbert Strasheim
 
Project ACRN: SR-IOV implementation
Project ACRN: SR-IOV implementationProject ACRN: SR-IOV implementation
Project ACRN: SR-IOV implementation
Geoffroy Van Cutsem
 
Summary of linux kernel security protections
Summary of linux kernel security protectionsSummary of linux kernel security protections
Summary of linux kernel security protections
Shubham Dubey
 
Browsing Linux Kernel Source
Browsing Linux Kernel SourceBrowsing Linux Kernel Source
Browsing Linux Kernel Source
Motaz Saad
 
Linux Basic Commands
Linux Basic CommandsLinux Basic Commands
Linux Basic Commands
Hanan Nmr
 
Render thead of hwui
Render thead of hwuiRender thead of hwui
Render thead of hwui
Rouyun Pan
 

Recommended

Introducing ARM-X
Introducing ARM-XIntroducing ARM-X
Introducing ARM-X
Saumil Shah
 
The Linux Command Cheat Sheet
The Linux Command Cheat SheetThe Linux Command Cheat Sheet
The Linux Command Cheat Sheet
Tola LENG
 
Serialization in Go
Serialization in GoSerialization in Go
Serialization in GoAlbert Strasheim
 
Project ACRN: SR-IOV implementation
Project ACRN: SR-IOV implementationProject ACRN: SR-IOV implementation
Project ACRN: SR-IOV implementation
Geoffroy Van Cutsem
 
Summary of linux kernel security protections
Summary of linux kernel security protectionsSummary of linux kernel security protections
Summary of linux kernel security protections
Shubham Dubey
 
Browsing Linux Kernel Source
Browsing Linux Kernel SourceBrowsing Linux Kernel Source
Browsing Linux Kernel Source
Motaz Saad
 
Linux Basic Commands
Linux Basic CommandsLinux Basic Commands
Linux Basic Commands
Hanan Nmr
 
Render thead of hwui
Render thead of hwuiRender thead of hwui
Render thead of hwui
Rouyun Pan
 
Introduction to ansible
Introduction to ansibleIntroduction to ansible
Introduction to ansible
Omid Vahdaty
 
Spi drivers
Spi driversSpi drivers
Spi drivers
pradeep_tewani
 
XPDDS17: Reworking the ARM GIC Emulation & Xen Challenges in the ARM ITS Emu...
XPDDS17: Reworking the ARM GIC Emulation & Xen Challenges in the ARM ITS Emu...XPDDS17: Reworking the ARM GIC Emulation & Xen Challenges in the ARM ITS Emu...
XPDDS17: Reworking the ARM GIC Emulation & Xen Challenges in the ARM ITS Emu...
The Linux Foundation
 
Linux Kernel and Driver Development Training
Linux Kernel and Driver Development TrainingLinux Kernel and Driver Development Training
Linux Kernel and Driver Development Training
Stephan Cadene
 
LFCollab14: Xen vs Xen Automotive
LFCollab14: Xen vs Xen AutomotiveLFCollab14: Xen vs Xen Automotive
LFCollab14: Xen vs Xen Automotive
The Linux Foundation
 
Understanding the Android System Server
Understanding the Android System ServerUnderstanding the Android System Server
Understanding the Android System Server
Opersys inc.
 
Effective service and resource management with systemd
Effective service and resource management with systemdEffective service and resource management with systemd
Effective service and resource management with systemd
David Timothy Strauss
 
The Linux Kernel Scheduler (For Beginners) - SFO17-421
The Linux Kernel Scheduler (For Beginners) - SFO17-421The Linux Kernel Scheduler (For Beginners) - SFO17-421
The Linux Kernel Scheduler (For Beginners) - SFO17-421
Linaro
 
Bootstrap process of u boot (NDS32 RISC CPU)
Bootstrap process of u boot (NDS32 RISC CPU)Bootstrap process of u boot (NDS32 RISC CPU)
Bootstrap process of u boot (NDS32 RISC CPU)
Macpaul Lin
 
Java Concurrency by Example
Java Concurrency by ExampleJava Concurrency by Example
Java Concurrency by Example
CodeOps Technologies LLP
 
Porting a new architecture (NDS32) to open wrt project
Porting a new architecture (NDS32) to open wrt projectPorting a new architecture (NDS32) to open wrt project
Porting a new architecture (NDS32) to open wrt projectMacpaul Lin
 
Linux shell
Linux shellLinux shell
Linux shell
Kenny (netman)
 
Modular by Design: Supermicro’s New Standards-Based Universal GPU Server
Modular by Design: Supermicro’s New Standards-Based Universal GPU ServerModular by Design: Supermicro’s New Standards-Based Universal GPU Server
Modular by Design: Supermicro’s New Standards-Based Universal GPU Server
Rebekah Rodriguez
 
SR-IOV+KVM on Debian/Stable
SR-IOV+KVM on Debian/StableSR-IOV+KVM on Debian/Stable
SR-IOV+KVM on Debian/Stable
juet-y
 
Process Scheduler and Balancer in Linux Kernel
Process Scheduler and Balancer in Linux KernelProcess Scheduler and Balancer in Linux Kernel
Process Scheduler and Balancer in Linux Kernel
Haifeng Li
 
vSAN Performance and Resiliency at Scale
vSAN Performance and Resiliency at ScalevSAN Performance and Resiliency at Scale
vSAN Performance and Resiliency at Scale
Sumit Lahiri
 
Introduction to Linux
Introduction to LinuxIntroduction to Linux
Introduction to LinuxAnil Kumar Pugalia
 
XPDS13: Xen in OSS based In–Vehicle Infotainment Systems - Artem Mygaiev, Glo...
XPDS13: Xen in OSS based In–Vehicle Infotainment Systems - Artem Mygaiev, Glo...XPDS13: Xen in OSS based In–Vehicle Infotainment Systems - Artem Mygaiev, Glo...
XPDS13: Xen in OSS based In–Vehicle Infotainment Systems - Artem Mygaiev, Glo...
The Linux Foundation
 
Backup using rsync
Backup using rsyncBackup using rsync
Backup using rsync
Gaurav Mishra
 
Linux basic commands with examples
Linux basic commands with examplesLinux basic commands with examples
Linux basic commands with examples
abclearnn
 
Docker Introduction.pdf
Docker Introduction.pdfDocker Introduction.pdf
Docker Introduction.pdf
OKLABS
 
Docker, c'est bonheur !
Docker, c'est bonheur !Docker, c'est bonheur !
Docker, c'est bonheur !
Alexandre Salomé
 

More Related Content

What's hot

Introduction to ansible
Introduction to ansibleIntroduction to ansible
Introduction to ansible
Omid Vahdaty
 
Spi drivers
Spi driversSpi drivers
Spi drivers
pradeep_tewani
 
XPDDS17: Reworking the ARM GIC Emulation & Xen Challenges in the ARM ITS Emu...
XPDDS17: Reworking the ARM GIC Emulation & Xen Challenges in the ARM ITS Emu...XPDDS17: Reworking the ARM GIC Emulation & Xen Challenges in the ARM ITS Emu...
XPDDS17: Reworking the ARM GIC Emulation & Xen Challenges in the ARM ITS Emu...
The Linux Foundation
 
Linux Kernel and Driver Development Training
Linux Kernel and Driver Development TrainingLinux Kernel and Driver Development Training
Linux Kernel and Driver Development Training
Stephan Cadene
 
LFCollab14: Xen vs Xen Automotive
LFCollab14: Xen vs Xen AutomotiveLFCollab14: Xen vs Xen Automotive
LFCollab14: Xen vs Xen Automotive
The Linux Foundation
 
Understanding the Android System Server
Understanding the Android System ServerUnderstanding the Android System Server
Understanding the Android System Server
Opersys inc.
 
Effective service and resource management with systemd
Effective service and resource management with systemdEffective service and resource management with systemd
Effective service and resource management with systemd
David Timothy Strauss
 
The Linux Kernel Scheduler (For Beginners) - SFO17-421
The Linux Kernel Scheduler (For Beginners) - SFO17-421The Linux Kernel Scheduler (For Beginners) - SFO17-421
The Linux Kernel Scheduler (For Beginners) - SFO17-421
Linaro
 
Bootstrap process of u boot (NDS32 RISC CPU)
Bootstrap process of u boot (NDS32 RISC CPU)Bootstrap process of u boot (NDS32 RISC CPU)
Bootstrap process of u boot (NDS32 RISC CPU)
Macpaul Lin
 
Java Concurrency by Example
Java Concurrency by ExampleJava Concurrency by Example
Java Concurrency by Example
CodeOps Technologies LLP
 
Porting a new architecture (NDS32) to open wrt project
Porting a new architecture (NDS32) to open wrt projectPorting a new architecture (NDS32) to open wrt project
Porting a new architecture (NDS32) to open wrt projectMacpaul Lin
 
Linux shell
Linux shellLinux shell
Linux shell
Kenny (netman)
 
Modular by Design: Supermicro’s New Standards-Based Universal GPU Server
Modular by Design: Supermicro’s New Standards-Based Universal GPU ServerModular by Design: Supermicro’s New Standards-Based Universal GPU Server
Modular by Design: Supermicro’s New Standards-Based Universal GPU Server
Rebekah Rodriguez
 
SR-IOV+KVM on Debian/Stable
SR-IOV+KVM on Debian/StableSR-IOV+KVM on Debian/Stable
SR-IOV+KVM on Debian/Stable
juet-y
 
Process Scheduler and Balancer in Linux Kernel
Process Scheduler and Balancer in Linux KernelProcess Scheduler and Balancer in Linux Kernel
Process Scheduler and Balancer in Linux Kernel
Haifeng Li
 
vSAN Performance and Resiliency at Scale
vSAN Performance and Resiliency at ScalevSAN Performance and Resiliency at Scale
vSAN Performance and Resiliency at Scale
Sumit Lahiri
 
XPDS13: Xen in OSS based In–Vehicle Infotainment Systems - Artem Mygaiev, Glo...
XPDS13: Xen in OSS based In–Vehicle Infotainment Systems - Artem Mygaiev, Glo...XPDS13: Xen in OSS based In–Vehicle Infotainment Systems - Artem Mygaiev, Glo...
XPDS13: Xen in OSS based In–Vehicle Infotainment Systems - Artem Mygaiev, Glo...
The Linux Foundation
 
Backup using rsync
Backup using rsyncBackup using rsync
Backup using rsync
Gaurav Mishra
 
Linux basic commands with examples
Linux basic commands with examplesLinux basic commands with examples
Linux basic commands with examples
abclearnn
 

What's hot (20)

Introduction to ansible
Introduction to ansibleIntroduction to ansible
Introduction to ansible
 
Spi drivers
Spi driversSpi drivers
Spi drivers
 
XPDDS17: Reworking the ARM GIC Emulation & Xen Challenges in the ARM ITS Emu...
XPDDS17: Reworking the ARM GIC Emulation & Xen Challenges in the ARM ITS Emu...XPDDS17: Reworking the ARM GIC Emulation & Xen Challenges in the ARM ITS Emu...
XPDDS17: Reworking the ARM GIC Emulation & Xen Challenges in the ARM ITS Emu...
 
Linux Kernel and Driver Development Training
Linux Kernel and Driver Development TrainingLinux Kernel and Driver Development Training
Linux Kernel and Driver Development Training
 
LFCollab14: Xen vs Xen Automotive
LFCollab14: Xen vs Xen AutomotiveLFCollab14: Xen vs Xen Automotive
LFCollab14: Xen vs Xen Automotive
 
Understanding the Android System Server
Understanding the Android System ServerUnderstanding the Android System Server
Understanding the Android System Server
 
Effective service and resource management with systemd
Effective service and resource management with systemdEffective service and resource management with systemd
Effective service and resource management with systemd
 
The Linux Kernel Scheduler (For Beginners) - SFO17-421
The Linux Kernel Scheduler (For Beginners) - SFO17-421The Linux Kernel Scheduler (For Beginners) - SFO17-421
The Linux Kernel Scheduler (For Beginners) - SFO17-421
 
Bootstrap process of u boot (NDS32 RISC CPU)
Bootstrap process of u boot (NDS32 RISC CPU)Bootstrap process of u boot (NDS32 RISC CPU)
Bootstrap process of u boot (NDS32 RISC CPU)
 
Java Concurrency by Example
Java Concurrency by ExampleJava Concurrency by Example
Java Concurrency by Example
 
Porting a new architecture (NDS32) to open wrt project
Porting a new architecture (NDS32) to open wrt projectPorting a new architecture (NDS32) to open wrt project
Porting a new architecture (NDS32) to open wrt project
 
Linux shell
Linux shellLinux shell
Linux shell
 
Modular by Design: Supermicro’s New Standards-Based Universal GPU Server
Modular by Design: Supermicro’s New Standards-Based Universal GPU ServerModular by Design: Supermicro’s New Standards-Based Universal GPU Server
Modular by Design: Supermicro’s New Standards-Based Universal GPU Server
 
SR-IOV+KVM on Debian/Stable
SR-IOV+KVM on Debian/StableSR-IOV+KVM on Debian/Stable
SR-IOV+KVM on Debian/Stable
 
Process Scheduler and Balancer in Linux Kernel
Process Scheduler and Balancer in Linux KernelProcess Scheduler and Balancer in Linux Kernel
Process Scheduler and Balancer in Linux Kernel
 
vSAN Performance and Resiliency at Scale
vSAN Performance and Resiliency at ScalevSAN Performance and Resiliency at Scale
vSAN Performance and Resiliency at Scale
 
Introduction to Linux
Introduction to LinuxIntroduction to Linux
Introduction to Linux
 
XPDS13: Xen in OSS based In–Vehicle Infotainment Systems - Artem Mygaiev, Glo...
XPDS13: Xen in OSS based In–Vehicle Infotainment Systems - Artem Mygaiev, Glo...XPDS13: Xen in OSS based In–Vehicle Infotainment Systems - Artem Mygaiev, Glo...
XPDS13: Xen in OSS based In–Vehicle Infotainment Systems - Artem Mygaiev, Glo...
 
Backup using rsync
Backup using rsyncBackup using rsync
Backup using rsync
 
Linux basic commands with examples
Linux basic commands with examplesLinux basic commands with examples
Linux basic commands with examples
 

Similar to Debugging with EMUX - RIngzer0 BACK2WORKSHOPS

Docker Introduction.pdf
Docker Introduction.pdfDocker Introduction.pdf
Docker Introduction.pdf
OKLABS
 
Docker, c'est bonheur !
Docker, c'est bonheur !Docker, c'est bonheur !
Docker, c'est bonheur !
Alexandre Salomé
 
Docker Compose user guide
Docker Compose user guideDocker Compose user guide
Docker Compose user guide
VAIBHAV GUPTA
 
Docker for (Java) Developers
Docker for (Java) DevelopersDocker for (Java) Developers
Docker for (Java) Developers
Rafael Benevides
 
Getting started docker notes
Getting started docker notesGetting started docker notes
Getting started docker notes
AJAY NAYAK
 
kubernetes - minikube - getting started
kubernetes - minikube - getting startedkubernetes - minikube - getting started
kubernetes - minikube - getting startedMunish Mehta
 
From zero to Docker
From zero to DockerFrom zero to Docker
From zero to Docker
Giovanni Toraldo
 
Infrastructureascode slideshare-160331143725
Infrastructureascode slideshare-160331143725Infrastructureascode slideshare-160331143725
Infrastructureascode slideshare-160331143725
miguel dominguez
 
Infrastructureascode slideshare-160331143725
Infrastructureascode slideshare-160331143725Infrastructureascode slideshare-160331143725
Infrastructureascode slideshare-160331143725
MortazaJohari
 
Infrastructure as code: running microservices on AWS using Docker, Terraform,...
Infrastructure as code: running microservices on AWS using Docker, Terraform,...Infrastructure as code: running microservices on AWS using Docker, Terraform,...
Infrastructure as code: running microservices on AWS using Docker, Terraform,...
Yevgeniy Brikman
 
Delivering Docker & K3s worloads to IoT Edge devices
Delivering Docker & K3s worloads to IoT Edge devicesDelivering Docker & K3s worloads to IoT Edge devices
Delivering Docker & K3s worloads to IoT Edge devices
Ajeet Singh Raina
 
Docker in a JS Developer’s Life
Docker in a JS Developer’s LifeDocker in a JS Developer’s Life
Docker in a JS Developer’s Life
GlobalLogic Ukraine
 
Kubernetes laravel and kubernetes
Kubernetes laravel and kubernetesKubernetes laravel and kubernetes
Kubernetes laravel and kubernetes
William Stewart
 
Docker Essentials Workshop— Innovation Labs July 2020
Docker Essentials Workshop— Innovation Labs July 2020Docker Essentials Workshop— Innovation Labs July 2020
Docker Essentials Workshop— Innovation Labs July 2020
CloudHero
 
[Codelab 2017] Docker 기초 및 활용 방안
[Codelab 2017] Docker 기초 및 활용 방안[Codelab 2017] Docker 기초 및 활용 방안
[Codelab 2017] Docker 기초 및 활용 방안
양재동 코드랩
 
Docker
DockerDocker
Docker
Dmitry Bolgarov
 
Improve your Java Environment with Docker
Improve your Java Environment with DockerImprove your Java Environment with Docker
Improve your Java Environment with Docker
HanoiJUG
 
Primi passi con Docker - ItalianCoders - 12-01-2021
Primi passi con Docker - ItalianCoders - 12-01-2021Primi passi con Docker - ItalianCoders - 12-01-2021
Primi passi con Docker - ItalianCoders - 12-01-2021
Alessandro Mignogna
 
Ansible101
Ansible101Ansible101
Ansible101
Hideki Saito
 
Docker
DockerDocker
Docker
Mutlu Okuducu
 

Similar to Debugging with EMUX - RIngzer0 BACK2WORKSHOPS (20)

Docker Introduction.pdf
Docker Introduction.pdfDocker Introduction.pdf
Docker Introduction.pdf
 
Docker, c'est bonheur !
Docker, c'est bonheur !Docker, c'est bonheur !
Docker, c'est bonheur !
 
Docker Compose user guide
Docker Compose user guideDocker Compose user guide
Docker Compose user guide
 
Docker for (Java) Developers
Docker for (Java) DevelopersDocker for (Java) Developers
Docker for (Java) Developers
 
Getting started docker notes
Getting started docker notesGetting started docker notes
Getting started docker notes
 
kubernetes - minikube - getting started
kubernetes - minikube - getting startedkubernetes - minikube - getting started
kubernetes - minikube - getting started
 
From zero to Docker
From zero to DockerFrom zero to Docker
From zero to Docker
 
Infrastructureascode slideshare-160331143725
Infrastructureascode slideshare-160331143725Infrastructureascode slideshare-160331143725
Infrastructureascode slideshare-160331143725
 
Infrastructureascode slideshare-160331143725
Infrastructureascode slideshare-160331143725Infrastructureascode slideshare-160331143725
Infrastructureascode slideshare-160331143725
 
Infrastructure as code: running microservices on AWS using Docker, Terraform,...
Infrastructure as code: running microservices on AWS using Docker, Terraform,...Infrastructure as code: running microservices on AWS using Docker, Terraform,...
Infrastructure as code: running microservices on AWS using Docker, Terraform,...
 
Delivering Docker & K3s worloads to IoT Edge devices
Delivering Docker & K3s worloads to IoT Edge devicesDelivering Docker & K3s worloads to IoT Edge devices
Delivering Docker & K3s worloads to IoT Edge devices
 
Docker in a JS Developer’s Life
Docker in a JS Developer’s LifeDocker in a JS Developer’s Life
Docker in a JS Developer’s Life
 
Kubernetes laravel and kubernetes
Kubernetes laravel and kubernetesKubernetes laravel and kubernetes
Kubernetes laravel and kubernetes
 
Docker Essentials Workshop— Innovation Labs July 2020
Docker Essentials Workshop— Innovation Labs July 2020Docker Essentials Workshop— Innovation Labs July 2020
Docker Essentials Workshop— Innovation Labs July 2020
 
[Codelab 2017] Docker 기초 및 활용 방안
[Codelab 2017] Docker 기초 및 활용 방안[Codelab 2017] Docker 기초 및 활용 방안
[Codelab 2017] Docker 기초 및 활용 방안
 
Docker
DockerDocker
Docker
 
Improve your Java Environment with Docker
Improve your Java Environment with DockerImprove your Java Environment with Docker
Improve your Java Environment with Docker
 
Primi passi con Docker - ItalianCoders - 12-01-2021
Primi passi con Docker - ItalianCoders - 12-01-2021Primi passi con Docker - ItalianCoders - 12-01-2021
Primi passi con Docker - ItalianCoders - 12-01-2021
 
Ansible101
Ansible101Ansible101
Ansible101
 
Docker
DockerDocker
Docker
 

More from Saumil Shah

The Hand That Strikes, Also Blocks
The Hand That Strikes, Also BlocksThe Hand That Strikes, Also Blocks
The Hand That Strikes, Also Blocks
Saumil Shah
 
Unveiling EMUX - ARM and MIPS IoT Emulation Framework
Unveiling EMUX - ARM and MIPS IoT Emulation FrameworkUnveiling EMUX - ARM and MIPS IoT Emulation Framework
Unveiling EMUX - ARM and MIPS IoT Emulation Framework
Saumil Shah
 
Announcing ARMX Docker - DC11332
Announcing ARMX Docker - DC11332Announcing ARMX Docker - DC11332
Announcing ARMX Docker - DC11332
Saumil Shah
 
Precise Presentations
Precise PresentationsPrecise Presentations
Precise Presentations
Saumil Shah
 
Effective Webinars: Presentation Skills for a Virtual Audience
Effective Webinars: Presentation Skills for a Virtual AudienceEffective Webinars: Presentation Skills for a Virtual Audience
Effective Webinars: Presentation Skills for a Virtual Audience
Saumil Shah
 
INSIDE ARM-X Cansecwest 2020
INSIDE ARM-X Cansecwest 2020INSIDE ARM-X Cansecwest 2020
INSIDE ARM-X Cansecwest 2020
Saumil Shah
 
Cyberspace And Security - India's Decade Ahead
Cyberspace And Security - India's Decade AheadCyberspace And Security - India's Decade Ahead
Cyberspace And Security - India's Decade Ahead
Saumil Shah
 
Cybersecurity And Sovereignty - A Look At Society's Transformation In Cyberspace
Cybersecurity And Sovereignty - A Look At Society's Transformation In CyberspaceCybersecurity And Sovereignty - A Look At Society's Transformation In Cyberspace
Cybersecurity And Sovereignty - A Look At Society's Transformation In Cyberspace
Saumil Shah
 
NSConclave2020 The Decade Behind And The Decade Ahead
NSConclave2020 The Decade Behind And The Decade AheadNSConclave2020 The Decade Behind And The Decade Ahead
NSConclave2020 The Decade Behind And The Decade Ahead
Saumil Shah
 
Cybersecurity In India - The Decade Ahead
Cybersecurity In India - The Decade AheadCybersecurity In India - The Decade Ahead
Cybersecurity In India - The Decade Ahead
Saumil Shah
 
INSIDE ARM-X - Countermeasure 2019
INSIDE ARM-X - Countermeasure 2019INSIDE ARM-X - Countermeasure 2019
INSIDE ARM-X - Countermeasure 2019
Saumil Shah
 
The Road To Defendable Systems - Emirates NBD
The Road To Defendable Systems - Emirates NBDThe Road To Defendable Systems - Emirates NBD
The Road To Defendable Systems - Emirates NBD
Saumil Shah
 
The CISO's Dilemma 44CON 2019
The CISO's Dilemma 44CON 2019The CISO's Dilemma 44CON 2019
The CISO's Dilemma 44CON 2019
Saumil Shah
 
The CISO's Dilemma HITBGSEC2019
The CISO's Dilemma HITBGSEC2019The CISO's Dilemma HITBGSEC2019
The CISO's Dilemma HITBGSEC2019
Saumil Shah
 
Schrödinger's ARM Assembly
Schrödinger's ARM AssemblySchrödinger's ARM Assembly
Schrödinger's ARM Assembly
Saumil Shah
 
ARM Polyglot Shellcode - HITB2019AMS
ARM Polyglot Shellcode - HITB2019AMSARM Polyglot Shellcode - HITB2019AMS
ARM Polyglot Shellcode - HITB2019AMS
Saumil Shah
 
What Makes a Compelling Photograph
What Makes a Compelling PhotographWhat Makes a Compelling Photograph
What Makes a Compelling Photograph
Saumil Shah
 
Make ARM Shellcode Great Again - HITB2018PEK
Make ARM Shellcode Great Again - HITB2018PEKMake ARM Shellcode Great Again - HITB2018PEK
Make ARM Shellcode Great Again - HITB2018PEK
Saumil Shah
 
HackLU 2018 Make ARM Shellcode Great Again
HackLU 2018 Make ARM Shellcode Great AgainHackLU 2018 Make ARM Shellcode Great Again
HackLU 2018 Make ARM Shellcode Great Again
Saumil Shah
 
Hack.LU 2018 ARM IoT Firmware Emulation Workshop
Hack.LU 2018 ARM IoT Firmware Emulation WorkshopHack.LU 2018 ARM IoT Firmware Emulation Workshop
Hack.LU 2018 ARM IoT Firmware Emulation Workshop
Saumil Shah
 

More from Saumil Shah (20)

The Hand That Strikes, Also Blocks
The Hand That Strikes, Also BlocksThe Hand That Strikes, Also Blocks
The Hand That Strikes, Also Blocks
 
Unveiling EMUX - ARM and MIPS IoT Emulation Framework
Unveiling EMUX - ARM and MIPS IoT Emulation FrameworkUnveiling EMUX - ARM and MIPS IoT Emulation Framework
Unveiling EMUX - ARM and MIPS IoT Emulation Framework
 
Announcing ARMX Docker - DC11332
Announcing ARMX Docker - DC11332Announcing ARMX Docker - DC11332
Announcing ARMX Docker - DC11332
 
Precise Presentations
Precise PresentationsPrecise Presentations
Precise Presentations
 
Effective Webinars: Presentation Skills for a Virtual Audience
Effective Webinars: Presentation Skills for a Virtual AudienceEffective Webinars: Presentation Skills for a Virtual Audience
Effective Webinars: Presentation Skills for a Virtual Audience
 
INSIDE ARM-X Cansecwest 2020
INSIDE ARM-X Cansecwest 2020INSIDE ARM-X Cansecwest 2020
INSIDE ARM-X Cansecwest 2020
 
Cyberspace And Security - India's Decade Ahead
Cyberspace And Security - India's Decade AheadCyberspace And Security - India's Decade Ahead
Cyberspace And Security - India's Decade Ahead
 
Cybersecurity And Sovereignty - A Look At Society's Transformation In Cyberspace
Cybersecurity And Sovereignty - A Look At Society's Transformation In CyberspaceCybersecurity And Sovereignty - A Look At Society's Transformation In Cyberspace
Cybersecurity And Sovereignty - A Look At Society's Transformation In Cyberspace
 
NSConclave2020 The Decade Behind And The Decade Ahead
NSConclave2020 The Decade Behind And The Decade AheadNSConclave2020 The Decade Behind And The Decade Ahead
NSConclave2020 The Decade Behind And The Decade Ahead
 
Cybersecurity In India - The Decade Ahead
Cybersecurity In India - The Decade AheadCybersecurity In India - The Decade Ahead
Cybersecurity In India - The Decade Ahead
 
INSIDE ARM-X - Countermeasure 2019
INSIDE ARM-X - Countermeasure 2019INSIDE ARM-X - Countermeasure 2019
INSIDE ARM-X - Countermeasure 2019
 
The Road To Defendable Systems - Emirates NBD
The Road To Defendable Systems - Emirates NBDThe Road To Defendable Systems - Emirates NBD
The Road To Defendable Systems - Emirates NBD
 
The CISO's Dilemma 44CON 2019
The CISO's Dilemma 44CON 2019The CISO's Dilemma 44CON 2019
The CISO's Dilemma 44CON 2019
 
The CISO's Dilemma HITBGSEC2019
The CISO's Dilemma HITBGSEC2019The CISO's Dilemma HITBGSEC2019
The CISO's Dilemma HITBGSEC2019
 
Schrödinger's ARM Assembly
Schrödinger's ARM AssemblySchrödinger's ARM Assembly
Schrödinger's ARM Assembly
 
ARM Polyglot Shellcode - HITB2019AMS
ARM Polyglot Shellcode - HITB2019AMSARM Polyglot Shellcode - HITB2019AMS
ARM Polyglot Shellcode - HITB2019AMS
 
What Makes a Compelling Photograph
What Makes a Compelling PhotographWhat Makes a Compelling Photograph
What Makes a Compelling Photograph
 
Make ARM Shellcode Great Again - HITB2018PEK
Make ARM Shellcode Great Again - HITB2018PEKMake ARM Shellcode Great Again - HITB2018PEK
Make ARM Shellcode Great Again - HITB2018PEK
 
HackLU 2018 Make ARM Shellcode Great Again
HackLU 2018 Make ARM Shellcode Great AgainHackLU 2018 Make ARM Shellcode Great Again
HackLU 2018 Make ARM Shellcode Great Again
 
Hack.LU 2018 ARM IoT Firmware Emulation Workshop
Hack.LU 2018 ARM IoT Firmware Emulation WorkshopHack.LU 2018 ARM IoT Firmware Emulation Workshop
Hack.LU 2018 ARM IoT Firmware Emulation Workshop
 

Recently uploaded

20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Neo4j
 
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
ThomasParaiso2
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
Neo4j
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofszkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
Alex Pruden
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Neo4j
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Vladimir Iglovikov, Ph.D.
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 

Recently uploaded (20)

20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
 
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofszkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 

Debugging with EMUX - RIngzer0 BACK2WORKSHOPS

  • 1. @therealsaumil @_ringzer0 debugging WITH EMUX SAUMIL SHAH @therealsaumil 7 JULY 2022 < BACK2 workshops` ringzer¿
  • 2. @therealsaumil @_ringzer0 # WHO AM I Saumil Shah @therealsaumil educating, entertaining and exasperating audiences since 1999
  • 3. @therealsaumil @_ringzer0 WHAT IS ARM + MIPS IoT Emulation Framework emux.exploitlab.net
  • 4. @therealsaumil @_ringzer0 What Is This Workshop About An Introduction to debugging binaries on emulated targets Using GDB + gdbserver for remote debugging Hands-on examples How EMUX makes the debugging process easy
  • 5. @therealsaumil @_ringzer0 EMUX docker container HOST EMUX DOCKER launcher EMULATED TARGET ON QEMU emux-docker-shell workspace (shared directory) nweb (target binary) 192.168.100.2 192.168.100.1 socat 80 20080 RINGZER0 HACKME
  • 6. @therealsaumil @_ringzer0 Concepts Covered Functions of a Debugger How does Remote Debugging work EMUX's debugger wrappers Advantages of using GEF Debugging a webserver binary Crash Dump Analysis
  • 7. @therealsaumil @_ringzer0 Functions of a Debugger Inspect the target Inspect the CPU state Examine Memory Control Process Execution Analyse Crashes and Exceptions Luxuries: Plugins, Macros, Logging
  • 8. @therealsaumil @_ringzer0 Remote Debugging - how it works GDB multiarch nweb (target binary) 192.168.100.1 gdbserver :5000 --attach <PID> (gdb) target remote 192.168.100.2:5000 (gdb) set sysroot target:/path/to/rootfs (gdb) continue REMOTE HOST 192.168.100.2
  • 9. @therealsaumil @_ringzer0 Remote Debugging - emuxgdb emux-docker-shell nweb (target binary) REMOTE HOST 192.168.100.1 gdbserver $ emuxgdb nweb (gdb) " Automatically looks up the PID of the target " Launches gdbserver on the remote host " Launches gdb-multiarch locally " Connects to remote gdbserver " Sets sysroot " Ready to debug! 192.168.100.2
  • 11. @therealsaumil @_ringzer0 A few GDB/GEF commands RECONNAISSANCE vmmap [GEF] Display the process' memory layout info target Information about the target being debugged (ELF binary) info sharedlibrary Shared Libraries that are loaded with the binary info functions List of functions that belong to the target binary PROCESS EXECUTION break Set a breakpoint continue Resume process execution rbreak Set multiple breakpoints using regular expressions stepi / nexti Step Into / Next Instruction CPU AND MEMORY context [GEF] Better view of registers, stack, code, call stack, etc. x Examine memory (many variations) hexdump [GEF] When you want characters and bytes side by side backtrace Display the call stack info frame Inspect stack frames disassemble Disassemble code printf Formatted printing LUXURIES set logging Enable / Disable logging and redirect log output to a file commands Execute multiple commands in sequence every time a breakpoint is reached
  • 12. @therealsaumil @_ringzer0 EMUX utilities emuxps List processes running in the emulated device emuxkill Terminate a process inside the emulated device emuxmaps Remote process virtual memory layout emuxgdb Attach gdb to a remote process in the emulated device emuxnetstat Remote netstat emuxhalt Shut down the emulated device monitor Attach to QEMU monitor
  • 14. @therealsaumil @_ringzer0 Start EMUX ./run-emux-docker : : [+] Setting up forwarded ports 20080:80,20443:443,28080:8080,24433:4433,9999:9999 [+] mapping port 20080 -> 192.168.100.2:80 [+] mapping port 20443 -> 192.168.100.2:443 [+] mapping port 28080 -> 192.168.100.2:8080 [+] mapping port 24433 -> 192.168.100.2:4433 [+] mapping port 9999 -> 192.168.100.2:9999 ___ __ __ _ __ __ / __| / | | | / / by Saumil Shah | The Exploit Laboratory | __| |/| | |_| ) ( @therealsaumil | emux.exploitlab.net ___|_| |_____/_/_ [EMUX-DOCKER !] ~$ 1. Start the EMUX Docker Container
  • 15. @therealsaumil @_ringzer0 Launch the target 2. Run launcher and boot into Damn Vulnerable ARM Router [EMUX-DOCKER !] ~$ launcher
  • 16. @therealsaumil @_ringzer0 Start Userspace ./emux-docker-shell [emux-docker !] ~$ 3. Open a new terminal window and attach to emux-docker-shell [emux-docker !] ~$ userspace 4. Run userspace
  • 17. @therealsaumil @_ringzer0 Enter the DVAR Console 5. Select "Enter the Damn Vulnerable ARM Router CONSOLE" option
  • 18. @therealsaumil @_ringzer0 Start nweb (our target binary) Entering Damn Vulnerable ARM Router CONSOLE (/bin/sh) [+] Logging enabled [+] EMUX Debug log - /home/r0/workspace/logs/emuxdebug.log [+] QEMU Console log - qemuconsole.log [+] chroot /emux/DV-ARM/rootfs-arm /.emux/emuxshell Script started, output log file is '/home/r0/workspace/logs/emuxdebug.log'. BusyBox v1.23.2 (2021-10-14 18:26:48 IST) built-in shell (ash) / # nweb 80 /www/nweb/ 6. Manually start the nweb web server from the Busybox prompt ./emux-docker-shell [emux-docker !] ~$ curl http://192.168.100.2 <h1>Ringzer0 Hackme</h1> 7. Start another emux-docker-shell and test nweb
  • 19. @therealsaumil @_ringzer0 Grab the attack scripts! [emux-docker !] ~$ cd workspace [emux-docker !] ~/workspace$ wget https://saumil.net/tmp/attack1.py --2022-07-07 14:12:48-- https://saumil.net/tmp/attack1.py Resolving saumil.net (saumil.net)... 208.113.163.5 Connecting to saumil.net (saumil.net)|208.113.163.5|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 535 [text/plain] Saving to: 'attack1.py' attack1.py 100%[=======================>] 535 --.-KB/s in 0s 2022-07-07 14:12:50 (58.9 MB/s) - 'attack1.py' saved [535/535] [emux-docker !] ~/workspace$ chmod +x attack1.py 8. From the emux-docker-shell grab the following attack scripts
  • 21. @therealsaumil @_ringzer0 HERE BE THE GOODS CODE: https://github.com/therealsaumil/emux !- ANNOUNCEMENTS: @therealsaumil DOCS: https://emux.exploitlab.net/