Results 1 to 11 of 11

Thread: linux RCE starter

  1. #1

    Arrow linux RCE starter

    hi everybody!

    i have put together a little "linux RCE entry point" - a reference listing
    the typical tools you need doing RCE on linux:

    debuggers, disassemblers, tracers, file editors, ...

    as well as some introductional papers ...

    as this grew too big for a post, I have loaded it up to

    http://woodmann.com/0xf001/

    this should be quite useful for a getting started reference.

    cheers, 0xf001

    [ edit ] link updated

  2. #2
    hi again!

    the new 29A#8 magazine provides an interesting article for ASM coding
    under linux, related to ELF header parsing. thx to gabri3l who told me!

    i have hosted this file temporary on the linux RCE starter page, until the
    29A#8 online version is fixed.

    enjoy!

    regards, 0xf001

  3. #3
    Some guys already started writting tutes

    http://biw.rult.at/tuts/stingduk_linux_disasm.htm
    esther


    Reverse the code,Reverse Your Minds First

  4. #4
    Super Moderator
    Join Date
    Dec 2004
    Posts
    1,487
    Blog Entries
    15
    hi Foo1,
    word wrap the texts to fit into 800*600 the horizontal scroll is icky
    btw iirc you coded one crackme yeah nice little trick checksumming the image before decrypting using int 80 i dont see a referance to it or a solution to it
    anyway nice page


    ps edit sorry about the crackme itwasnt by you but by some disorder

  5. #5
    cat dump1 | more

    this guy likes to type very redundant but yes for a beginners tut it is fine!

    oltough I do not really like objdump as it is very limited and it displays in AT&T syntax

    i can be arrogant, too hehe!

    thanks for the link,

    0xf001

  6. #6
    blabberer,

    800*600 (uuuh) - OK, I will do it for you !

    you are talking about the "trythis" crackme on biw.rult.at? Well, fine if there
    is no solution yet, let's give it a try ... ! Have you solved it?


    cheers, 0xf001

  7. #7
    Super Moderator
    Join Date
    Dec 2004
    Posts
    1,487
    Blog Entries
    15
    oltough I do not really like objdump as it is very limited and it displays in AT&T syntax
    try this
    objdump -M intel -d "yur exe" > dumpo
    cat dumpo | more
    well i kinda solved it lit four leds but dont have access to shell all the time
    and i was talking about dcrkme by discord
    running a gui app half way across the world from a windows pc with x-11
    forwarding is kinda time consuming a click takes two minutes to break on gdb running in shell
    and thanks for
    800*600 (uuuh) - OK, I will do it for you !
    Last edited by blabberer; January 5th, 2005 at 07:28.

  8. #8
    thank you blabberer !

    i really missed this objdump option (-M intel). or maybe allready forgot?
    does not matter... this is indeed a very good option to remember!

    but nevertheless I do very seldom use objdump, as I prefer "real"
    disassemblers which are made for this purpose. for quick looking well, I
    still use it sometimes. my concern is more about what I called
    "it is very limited"

    well i kinda solved it lit four leds
    hehe, good! this I also did before, without even looking at the code, just
    at the function names and I guessed how the syntax for the serial must be, hehe it is a nice crackme.
    now I have disassembled the serial algorythm and am writing a keygen....

    I am making an indepth tutorial out of it, will post the link here

    anyone else working on it?

    regards, 0xf001

  9. #9
    update: I found a

    linux reverse engineering whitepaper by O'Reilly / _mammon

    at ptth://searchenterpriselinux.techtarget.com/searchEnterpriseLinux/downloads/SecurityWarrior.pdf

    it is quite long, and includes LOTs of topics, in very nice quality, ie:

    tools and techniques, debugging, runtime monitoring (tracing, ...), disassembly (incl working with intermediate code representation), anti RE techniques, RE tool development

    and pretty much example code in it!

    definately a "must read" so I linked it on the starter page

    enjoy, 0xf001

    ps: blabberer I finally REwrote the page into real HTML so it is now independent of the screen resolution as I do not use the <pre> tag
    anymore
    Last edited by 0xf001; January 11th, 2005 at 16:57.

  10. #10
    Super Moderator
    Join Date
    Dec 2004
    Posts
    1,487
    Blog Entries
    15
    was there a reply here and was it deleted ??
    i got a flier in my inbox but it seems it is not locatable
    or is it some kind of spam

    Date: Fri, 20 May 2005 19:31:26 -0400
    To: ******@*****.com
    Subject: Reply to post 'linux RCE starter'

    in the Linux RCE forum of RCE Messageboard's
    Regroupment.

    This thread is located at:
    http://woodmann.net/forum/showthread.php?t=6715&goto=newpost

  11. #11
    There "was" a "Reply" from a first time poster which was simply a "Great" and a "Rule Violating: Where can I find a tool" request. Rather than edit the post and make a Reply myself, pointing out for the umteenth time the Rules prohibiting such requests, I simply deleted the offending Post.

    How about "next time" something similar happens, you simply "assume" that an administrative decisions were made for some valid reason and not waste even more time raising questions and/or speculation that "you" might have been deprived of something "vital" to your mental health and/or reversing future.

    Regards,
    JMI

Similar Threads

  1. guardit 4 linux
    By Shub-nigurrath in forum Linux RCE
    Replies: 8
    Last Post: August 14th, 2012, 21:19
  2. Analyzing and debugging not linux binaries on linux
    By Xgrzyb90 in forum The Newbie Forum
    Replies: 2
    Last Post: June 13th, 2010, 12:50
  3. what about linux
    By 0xf001 in forum Off Topic
    Replies: 4
    Last Post: December 6th, 2004, 12:11
  4. flexlm + linux
    By pchouk in forum Advanced Reversing and Programming
    Replies: 0
    Last Post: July 29th, 2001, 08:01

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •