Skip to main content

Reverse Engineering Methodology, Tools & Resources

Learn C and assembly. 

 C, Assembly & Reverse Engineering CTF’s playlist:

x86 Assembly Guide Link

Syntax:
je <label> (jump when equal)
jne <label> (jump when not equal)
jz <label> (jump when last result was zero)
jg <label> (jump when greater than)
jge <label> (jump when greater than or equal to)
jl <label> (jump when less than)
jle <label> (jump when less than or equal to)

Example

cmp %ebx, %eax
jle done

Compiler Explorer:

Decompiler Explorer:

 — — → TOOLS 🛠️ ← — — 

Windows 🪟

 x64dbg Files

  • An open-source x64/x32 debugger for Windows.


LINUX🐧

Commands:

file <filename>

strings <filename>

objdump -T <your_executable_file> #show function names, along with their addresses in memory

objdump -d <your_executable_file> #display the disassembled instructions

ltrace ./<file eg:a.out>
#USING GDB
gdb <your_executable_file>

info functions

Python:

  1. Angr is a popular Python framework used for binary analysis, particularly in the domain of reverse engineering

 Cutter

FREE and open-source reverse-engineering platform.

IDA Free

Debug an interactive program and need input/output, you should open it in a terminal with this command:

cat | ./ida64

edb-debugger

edb is a graphical cross platform x86/x86–64 debugger. It was inspired by Ollydbg.

Radare2

Radare2 (often abbreviated as r2) is a powerful, open-source reverse engineering framework used for analyzing binaries, disassembling, debugging, and more.

linux-exploit-suggester

This package contains a Linux privilege escalation auditing tool. It’s designed to assist in detecting security deficiencies for given Linux kernel/Linux-based machine.

root@kali:/usr/share/linux-exploit-suggester# ./Linux_Exploit_Suggester.pl -k 3.0.0

Kernel local: 3.0.0

Possible Exploits:
[+] semtex
CVE-2013-2094
Source: http://www.exploit-db.com/download/25444/
[+] memodipper
CVE-2012-0056
Source: http://www.exploit-db.com/exploits/18411/
[+] perf_swevent
CVE-2013-2094
Source: http://www.exploit-db.com/download/26131

lldb

LLDB is a debugger that is part of the LLVM project, used for debugging programs written in languages like C, C++, and Objective-C.




HacktheBox Ctf playlist:


Comments

Popular posts from this blog

Bug Boundy Methodology, Tools & Resources

Start by defining a clear objective, such as exploiting a remote code execution (RCE) vulnerability or bypassing authentication on your target. Then, consider how you can achieve this goal using various attack vectors like XSS, SSRF, or others - these are simply tools to help you reach your objective. Use the target as how a normal user would, while browsing keep these questions in mind: 1)How does the app pass data? 2)How/where does the app talk about users? 3)Does the app have multi-tenancy or user levels? 4)Does the app have a unique threat model? 5)Has there been past security research & vulnerabilities? 6)How does the app handle XSS, CSRF, and code injection?

Install & set up mitmweb or mitmproxy in Linux

Step 1: Go to the mitmproxy page and download the binaries. Step 2: Install the downloaded tar file with the command " tar -xzf <filename>.tar.gz " Step 3: In the FoxyProxy add the proxy 127.0.0.1:8080  and turn it on. Step 4 : In the terminal run command " ./mitmweb " Step 5: Go to the page  http://mitm.it/   and download the mitmproxy's Certificate. Step 6: If you downloaded the certificate for Firefox, then go to " settings -> Privacy & Security -> Click View Certificates -> Click  Import ", then import the certificate.  Step 7: Now you are ready to capture the web traffic. Step 8 : In terminal run " ./mitmweb"

API Bug Bounty Hunting: Reconnaissance and Reverse Engineering an API

  In order to target APIs, you must first be able to find them.APIs meant for consumer use are meant to be easily discovered. Typically, the API provider will market their API to developers who want to be consumers. So, it will often be very easy to find APIs, just by using a web application as an end-user. The goal here is to find APIs to attack and this can be accomplished by discovering the API itself or the API documentation. Bug Boundy Methodology, Tools & Resources Start by defining a clear objective, such as exploiting a remote code execution (RCE) vulnerability or bypassing… adithyakrishnav.blogspot.com Reconnaissance Passive Reconnaissance It is obtaining information about a target without directly interacting with the target’s systems. Google Dorking Firstly, google search for “<app name> API”. intitle:” api” site:”google.com” inurl:”/api/v2" site:”google.com” inurl:”/api/v1" intext:”index of /” inurl:json site:”google.com” intitle:”index.of” intext:”api.t...