Archive for the ‘Linux RCE Starting Guide from SilkCut’ Category


Hello,

A lot of intrigued reversers, new or skilled, are asking questions about Linux, don’t worry, you’re not alone
I felt like a topic resuming common questions, well known tools shall be (re)created. That would be wonderful to have such topic to become a reference we can suggest to people asking for it, don’t you think ?
Comments and suggestions are welcome as long as you keep it informative. No chit-chat here please, only links, tips ands tricks.

DISCLAIMER
Through this thread I am not encouraging people to hack, destroy or steal anything, you must comply with laws and you shall take entire responsability if you use this knowledge for bad behaviour. With great power (and in our information system-controlled world, every reverser, hacker, vxer has powers) comes great responsabilities. Reverse engineering is not always legal, check EULA/laws in your country. (Some interesting essays have been written on the subject, can you find them ?) A lot of companies are hiring reversers, malware analysts, win/linternals specialists for their own goods, YOU have the right to benefit this knowledge too,but don’t fall into the trap of skiddies activity..

Q & A

Q: I am new to reversing, can you advise me wether to choose Windows or Linux ?
A: No, for the simple reason that we cannot push you to decide what you want to do. Windows and its internals are fascinating reversers since ages, a lot of people are writing tuts, experimenting things, sharing tricks and discussing issues, Linux as well as other UNIX-like platform is less mainstream, therefore you are on your own, looking for someone that did it before, or simply threw some ideas you could investigate. But this thread could help you a bit.

Q: Ok, but what distrib should I use ?
A: If you already know linux enough (use at home/work) you can choose every flavor you like ! From RPM-style to DEB-stuff, including i-compil-everything-on-my-own, source-based distribs. If this is not the case, or if you want to use a virtual machine, please download Damn Vulnerable Linux (refer to the tool list)

Q: I am new to reversing with Linux, where should I start ?
A: Be sure to have sufficient assembly knowledge, at least one programming language skills (C/C++ are preferable since Linux in written with it, but Perl/Python are advised. Those parts are not treated here). As for Windows with its PE file format, Linux ELF is a unconditional step for reversing. A next step could be to try some crackmes under Linux, or try some wargames to know more about this arch. |STILL UNDER CONSTRUCTION|

Q: What tool should I use to disassemble,debug my target ?
A: Nobody can force you to use this or that but Linux comes with some tools like GDB (debugger), objdump (retrieve assembly)/hexdump (retrieve hex), ltrace/ptrace/strace/utrace (investigate the program execution flow)… Please refer to the tool list and make your own opinion, manuals as well as tutorials/papers are available.

Q: I lack training with Linux and Linternals, could you help me ?
A: RTFM ! A lot of documentation about Linux inner workings are available on the net, use a search engine or check the link category. You could for example search for Linux Kernel internals.You could also train your skills with wargames or crackmes. If you need a certification for your professional activities, check this out

Q: This tool is broken/outdated/doesn’t work as I’d want, can you help me ?
A: If you think the tool is broken try to contact the author: we are not a support forum, if it’s outdated post in the Linux area and be as specific as you can, no crack requests ! We’re not providing 100% working solutions, only pointers for your own research. If you cannot use the tool correctly, if you read every documentation available about it, if you tried everything and even googled for it desperately, you can post in the Linux Area.

Q: I need something that is not on the list, I asked for help and someone told me to Google, is this is a forum or what ?
A: We (people helping) are not assisting brain-disabled people, this is a bit rude, okay, but we will only help those who showed some implications, some previous work to solve their issue, and that actually did everything possible before asking. If we found out that the answer is in the first page on Google and you still ask for a link, you’ll get in serious trouble. If you are advised so, you can request a tool/paper to be added in this list.

Q: I made a tool, would you like to include it on your list ? / My tool|paper is in this list, I don’t want it !
A: That would be a pleasure ! First, talk to the CRCETL guys over there so they can add your tool (and a local copy of it) in their great list, then notify your link to us, we will add it.
If you want some materials to be removed, contact me but remember: if it was previously, legally, accessible on the Web you can get lost..

About this

Q: This has been done before here and there (like 0xf001’s place), why reinventing the wheel ?
A: If your links contains materials we missed, please contact us, we would be delighted to add it in the list as long as it complies with our rules.As for external sites, well I have been confronted too many times to pages or links that disappeared because of domain expiration/hosting problem etc, no one is to blame, we all have a life and such activities ain’t free. To prevent this issue I highly recommend you to copy this thread to your own forum/disk/whatever.

Q: Why such strict rules about legality ? This is reversing after all, and some of your links leads to place where illegal things are discussed (hacking/vxing)
A: Reversing is not always authorized, check the EULA of your target if any available. By posting here you automatically comply with the rules and the law this board is subject to (ie. what is legal in YOUR country doesn’t mean it is everywhere on the INTERNET). This is a scientific, technical-oriented board that doesn’t focus on warez despite some subject might be borderline. This is only made to avoid getting Zero into troubles.
As for Hacking/VXing, well I am not encouraging this at all, but it is your right to get information, I am not the one to tell you what to do about it. I hope you choose to stay clean though, getting in troubles ain’t fun. And trust me you’ll get to it sooner or later.

Q: This is cool but I would prefer a step-by-step tutorial to learn what button to press and where to look, for my specific needs?
A: Then you failed at the first and the most important step: working on your own; use your brain, use Google, use the forum search function, try things, read about everything you can before asking a question on a forum. This is for your own sake, please don’t be another “I need a tutorial to pee” guy. If you lack direction or ideas, please read about +Fravia (may he rest in peace) and +HCU. They could change your view of reversing from “I press buttons on my debugger but I don’t really know what I’m doing” to the all-mighty “I can express my reversing skills in the real world, in almost every possible situation”. If you get to this state of mind, I have nothing to `teach` you.

Q: Is a similar list for Windows|MacOS X is going to see the light some day ..?
A: I have a file in preparation, however it will not be hosted here: I’d like it to be as exhaustive as possible so it won’t comply with the rules.

Q: Hey some links are in a strange language I don’t understand, can’t you add articles in my mothertongue too ?
A: Unfortunately, my lack of knowledge is deepless, I only speak two or three languages. If you have materials in spanish, german etc I don’t see any problem to add them here. If you are speaking languages like chinese, arab or hindi (most spoken languages on earth) a translation would be warmly welcome, if you are opposed to this idea, make your own list pal.

Advertisements