gef: Multi-Architecture GDB Enhanced Features for Exploiters & Reverse-Engineers – Penetration Testing

GEF is a kick-ass set of commands for X86, ARM, MIPS, PowerPC and SPARC to make GDB cool again for exploit dev. It is aimed to be used mostly by exploiters and reverse-engineers, to provide additional features to GDB using the Python API to assist during the process of dynamic analysis and exploit development.

It has full support for both Python2 and Python3 indifferently (as more and more distros start pushing gdb compiled with Python3 support).

Feature

One single GDB script.

Entirely OS Agnostic, NO dependencies: GEF is battery-included and is installable in 2 seconds (unlike PwnDBG).

Fast limiting the number of dependencies and optimizing code to make the commands as fast as possible (unlike PwnDBG).

Provides more than 50 commands to drastically change your experience in GDB.

Easily extendable to create other commands by providing more comprehensible layout to GDB Python API.

Works consistently on both Python2 and Python3.

Built around an architecture abstraction layer, so all commands work in any GDB-supported architecture such as x86-32/64, ARMv5/6/7, AARCH64, SPARC, MIPS, PowerPC, etc. (unlike PEDA)

Suited for real-life apps debugging, exploit development, just as much as CTF (unlike PEDA or PwnDBG)

Installation

# via the install script
$ wget -q -O- http://ift.tt/1TsitBo | sh

Then just start playing (for local files):

$ gdb -q /path/to/my/bin
gef➤ gef help
Or (for remote debugging):

remote:~ $ gdbserver 0.0.0.0:1234 /path/to/file
Running as PID: 666
And:

local:~ $ gdb -q
gef➤ gef-remote -t your.ip.address:1234 -p 666

# manually
$ wget -O ~/.gdbinit-gef.py -q http://ift.tt/2sG1LoK
$ echo source ~/.gdbinit-gef.py >> ~/.gdbinit

Emulating code in GDB via Unicorn-Engine (x86-64)

Displaying ELF information, memory mapping and using Capstone/Keystone integration (ARM v6)

Automatic dereferencing of registers values and identifying binary protections (PowerPC)

Showing current context and heap information (MIPS)

Playing with Capstone engine (SPARC v9)

Source: Github

The post gef: Multi-Architecture GDB Enhanced Features for Exploiters & Reverse-Engineers appeared first on Penetration Testing. http://ift.tt/2rHH6U6 http://ift.tt/2aM8QhC

Anúncios

Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do WordPress.com

Você está comentando utilizando sua conta WordPress.com. Sair / Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair / Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair / Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair / Alterar )

Conectando a %s