diff --git a/config/_default/params.toml b/config/_default/params.toml index 34496e4..e7e5b9b 100644 --- a/config/_default/params.toml +++ b/config/_default/params.toml @@ -60,8 +60,8 @@ disableTextInHeader = false showDateUpdated = false showAuthor = true # showAuthorBottom = false - showHero = true - heroStyle = "basic" # valid options: basic, big, background, thumbAndBackground + showHero = false + heroStyle = "big" # valid options: basic, big, background, thumbAndBackground # layoutBackgroundBlur = true # only used when heroStyle equals background or thumbAndBackground layoutBackgroundHeaderSpace = true # only used when heroStyle equals background showBreadcrumbs = true diff --git a/content/posts/win11-pwn-env/featured.png b/content/posts/win11-pwn-env/featured.png new file mode 100644 index 0000000..36553fc Binary files /dev/null and b/content/posts/win11-pwn-env/featured.png differ diff --git a/content/posts/win11-pwn-env/img/Pasted image 20241209090017.png b/content/posts/win11-pwn-env/img/Pasted image 20241209090017.png new file mode 100644 index 0000000..019a85a Binary files /dev/null and b/content/posts/win11-pwn-env/img/Pasted image 20241209090017.png differ diff --git a/content/posts/win11-pwn-env/img/Pasted image 20241209090045.png b/content/posts/win11-pwn-env/img/Pasted image 20241209090045.png new file mode 100644 index 0000000..a8384a0 Binary files /dev/null and b/content/posts/win11-pwn-env/img/Pasted image 20241209090045.png differ diff --git a/content/posts/win11-pwn-env/img/Pasted image 20241209090109.png b/content/posts/win11-pwn-env/img/Pasted image 20241209090109.png new file mode 100644 index 0000000..a25b303 Binary files /dev/null and b/content/posts/win11-pwn-env/img/Pasted image 20241209090109.png differ diff --git a/content/posts/win11-pwn-env/img/Pasted image 20241209091105.png b/content/posts/win11-pwn-env/img/Pasted image 20241209091105.png new file mode 100644 index 0000000..5c197dd Binary files /dev/null and b/content/posts/win11-pwn-env/img/Pasted image 20241209091105.png differ diff --git a/content/posts/win11-pwn-env/img/Pasted image 20241209091403.png b/content/posts/win11-pwn-env/img/Pasted image 20241209091403.png new file mode 100644 index 0000000..3e25971 Binary files /dev/null and b/content/posts/win11-pwn-env/img/Pasted image 20241209091403.png differ diff --git a/content/posts/win11-pwn-env/img/Pasted image 20241209091547.png b/content/posts/win11-pwn-env/img/Pasted image 20241209091547.png new file mode 100644 index 0000000..26c1685 Binary files /dev/null and b/content/posts/win11-pwn-env/img/Pasted image 20241209091547.png differ diff --git a/content/posts/win11-pwn-env/img/Pasted image 20241209091733.png b/content/posts/win11-pwn-env/img/Pasted image 20241209091733.png new file mode 100644 index 0000000..dc9bf51 Binary files /dev/null and b/content/posts/win11-pwn-env/img/Pasted image 20241209091733.png differ diff --git a/content/posts/win11-pwn-env/img/Pasted image 20241209092006.png b/content/posts/win11-pwn-env/img/Pasted image 20241209092006.png new file mode 100644 index 0000000..ca7d3f1 Binary files /dev/null and b/content/posts/win11-pwn-env/img/Pasted image 20241209092006.png differ diff --git a/content/posts/win11-pwn-env/img/Pasted image 20241209092036.png b/content/posts/win11-pwn-env/img/Pasted image 20241209092036.png new file mode 100644 index 0000000..c77a8a1 Binary files /dev/null and b/content/posts/win11-pwn-env/img/Pasted image 20241209092036.png differ diff --git a/content/posts/win11-pwn-env/img/Pasted image 20241209092615.png b/content/posts/win11-pwn-env/img/Pasted image 20241209092615.png new file mode 100644 index 0000000..7854ce6 Binary files /dev/null and b/content/posts/win11-pwn-env/img/Pasted image 20241209092615.png differ diff --git a/content/posts/win11-pwn-env/img/Pasted image 20241209092706.png b/content/posts/win11-pwn-env/img/Pasted image 20241209092706.png new file mode 100644 index 0000000..866aa88 Binary files /dev/null and b/content/posts/win11-pwn-env/img/Pasted image 20241209092706.png differ diff --git a/content/posts/win11-pwn-env/img/Pasted image 20241209093218.png b/content/posts/win11-pwn-env/img/Pasted image 20241209093218.png new file mode 100644 index 0000000..d6841b4 Binary files /dev/null and b/content/posts/win11-pwn-env/img/Pasted image 20241209093218.png differ diff --git a/content/posts/win11-pwn-env/img/Pasted image 20241209115301.png b/content/posts/win11-pwn-env/img/Pasted image 20241209115301.png new file mode 100644 index 0000000..65853a4 Binary files /dev/null and b/content/posts/win11-pwn-env/img/Pasted image 20241209115301.png differ diff --git a/content/posts/win11-pwn-env/img/Pasted image 20241209115504.png b/content/posts/win11-pwn-env/img/Pasted image 20241209115504.png new file mode 100644 index 0000000..76ba788 Binary files /dev/null and b/content/posts/win11-pwn-env/img/Pasted image 20241209115504.png differ diff --git a/content/posts/win11-pwn-env/img/Pasted image 20241209115611.png b/content/posts/win11-pwn-env/img/Pasted image 20241209115611.png new file mode 100644 index 0000000..9f1c01d Binary files /dev/null and b/content/posts/win11-pwn-env/img/Pasted image 20241209115611.png differ diff --git a/content/posts/win11-pwn-env/index.md b/content/posts/win11-pwn-env/index.md new file mode 100644 index 0000000..35eb917 --- /dev/null +++ b/content/posts/win11-pwn-env/index.md @@ -0,0 +1,147 @@ +--- +title: "PWN environment setup on Win11 using WSL2" +date: 2024-12-11 +draft: false +summary: "Setting up a binary exploitation environment on Windows 11 using WSL2" +tags: ["pwn", "blog", "tutorial"] +--- + +Having a good environment is a must when you want to do binary exploitaton. Here I will show you how to set up a simple environment using Ubuntu and WSL2 +so you can straight up jump into finding and writing your exploits. + +## Agenda + +Things we will be setting up: +- Ubuntu inside our Windows WSL2 +- Pwntools library for writing exploits +- PwnDbg for debugging and finding vulnerability on programms + +## Setting up Ubuntu on WSL2 + +Change WSL version to 2 +```bash +wsl --set-default-version 2 +``` + +
+ +Searching for our distribution in the online marketplace +```bash +wsl --list --online +``` + +
+ +Installing our distribution with a suitable version. Here I will be instaling Ubuntu 24.04 which comes under their LTS +```bash + wsl --install -d Ubuntu-24.04 +``` + +
+ +After the installation, it will prompt you to set up a user with a password. After which it will drop you to your user shell +and you should be able to see something like this. + + +### Configuring 32-bit environment +Since the distribution we installed is of 64-bit, we must set it up to run 32-bit programs as well. Its very common in CTFs that we receive 32-bit binaries. + +Installing all the necessary packages and libraries. +```bash +sudo dpkg --add-architecture i386 +sudo apt-get update +``` + +
+ +```bash +sudo apt install build-essential +``` + +
+ +```bash +sudo apt install gcc-multilib +``` + + +## Setting up PwnTools library +Pwntools is a CTF framework and exploit development library. Written in Python, it is designed for rapid prototyping and development, and intended to make exploit writing as simple as possible. +```bash +sudo apt-get update +sudo apt-get install python3 python3-pip python3-dev git libssl-dev libffi-dev build-essential +python3 -m pip install --upgrade pip +python3 -m pip install --upgrade pwntools +``` + + +### Working around the PIP upgrade error + + +There are many solutions to it. The best and the recommended one is to set up a virtual environment. +The second would be to use the `--break-system-packages` tag with our pip command and +the third is to set up a config so that we dont have to pass the tag everytime we use pip. + +{{< alert iconColor="#FADFA1" >}} +**NOTE!** I would still recommend to set up an virtual environment! +{{< /alert >}} + +Lets set up a config for our pip +```bash +mkdir .config +mkdir .config/pip +touch .config/pip/pip.conf +``` + +edit `pip.conf` +```ini +[global] +break-system-packages = true +``` + +Now we should be able to continue our installing without any errors. + + +
+ +We can confirm our installation by loading the library into Python + + +## Setting up PwnDbg +PwnDbg is a GDB plug-in that makes debugging with GDB suck less, with a focus on features needed by low-level software developers, hardware hackers, reverse-engineers and exploit developers. + +First lets start by installing gdb +```bash +sudo apt install gdb +``` + +
+ +Installing and setting up PwnDbg +```bash +git clone https://github.com/pwndbg/pwndbg +cd pwndbg +./setup.sh +``` + + + +## Resources + +- PwnTools - +- PwnDbg - +- [How to install Linux on Windows with WSL](https://learn.microsoft.com/en-us/windows/wsl/install) +- [Windows Subsystem for Linux](https://learn.microsoft.com/en-us/windows/wsl/) + +## FAQ +### What to do after this? + +Well, I would suggest installing a code exitor such as [VSCode](https://code.visualstudio.com/) on your host machine for you to write exploits or you can be a chad and install neovim on your linux. + +After that you can set up a disassembler and decompiler of your choice. There are many to choose from but these are some of my picks: +- [Ghidra by NSA (yes the NSA)](https://ghidra-sre.org/) +- [IDA by Hex Rays](https://hex-rays.com/) +- [Binary Ninja by Vector 35](https://binary.ninja/) +- [Cutter by Rizin](https://cutter.re/) + +Now that you are all set, the only thing left is to start hacking and writing exploits \ No newline at end of file diff --git a/public/index.html b/public/index.html index 24787c8..a3b5fcc 100644 --- a/public/index.html +++ b/public/index.html @@ -649,6 +649,147 @@

Recent

+ + + + + + + + +
+ +
+
+ +
PWN environment setup on Win11 using WSL2
+ + + +
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + ·3 mins + + + + +
+ + + + + +
+ + + + + + + + + + + + + + + + Pwn + + + + + + + + Blog + + + + + + + + Tutorial + + + + + + + +
+ + + + +
+ +
+ Setting up a binary exploitation environment on Windows 11 using WSL2 +
+ +
+ + + + + + + + + + + + + + + + + + + + + diff --git a/public/index.json b/public/index.json index 83e135f..cff6e89 100644 --- a/public/index.json +++ b/public/index.json @@ -1,2 +1,2 @@ -[{"content":"\rHere\u0026rsquo;s a sleeping picture of my cat Salem [say.luhm]\r","date":"8 November 2024","externalUrl":null,"permalink":"/","section":"Aryan Gurung","summary":"","title":"Aryan Gurung","type":"page"},{"content":"","date":"8 November 2024","externalUrl":null,"permalink":"/tags/blog/","section":"Tags","summary":"","title":"Blog","type":"tags"},{"content":"\rThis is where I write about my life, learning and research\r","date":"8 November 2024","externalUrl":null,"permalink":"/posts/","section":"Blogs","summary":"","title":"Blogs","type":"posts"},{"content":"\rEvery year, the flare-on offers reverse engineering enthusiasts a unique set of puzzles that push our skills and creativity to new limits.\rThis year it was no different. I’ll be writing down a short blog about my experience tackling this years challenges.\nTimeline #\rSeptember 27th 2024 at 6:30 AM\rStarting of Flare-on\rSeptember 27th, 5:09:55 PM\rSolved Challenge 1 - frog\rOctober 1st, 4:46:42 AM\rSolved Challenge 2 - checksum\rNovember 1st, 9:23:14 AM\rSolved Challenge 3 - aray\rNovember 6th, 6:07:38 AM\rSolved Challenge 4 - Meme Maker 3000\rNovember 8th 2024 at 8pm\rEnding of Flare-on\rChallenge 1 - frog #\rWe were given a game written in python using the pygames library.\nThe logic of the game and the encryption was simple to understand and didn\u0026rsquo;t take me much to get the flag.\nChallenge 2 - checksum #\rFor me this was the most chellenging one out of all the challenges I solved. We had to reverse an executable written in Go.\nThe first step was to reverse engineer the hash used to solve the checksum, and the second step involved finding the path where the flag image was generated.\nChallenge 3 - aray #\rWe had to deal with yara rule constraints into solving the challenge through patience and scripting. At the end of solving, my script turned out to be of 407 lines.\nChallenge 4 - Meme Maker 3000 #\rLast of the challenge that I managed to solve was Meme Maker 300 which was a Javascript Obfuscattion challenge.\nI quickly deobfuscated and clened up the code as I began to understand the logic. After playing with the browser counsole couple to times, I managed to understand the logic for the required conditions and got the flag.\nGoodbye #\rThat wraps up my journey, having solved 4 out of 10 challenges.\nI might have solved more if I had been consistent but I’m happy with my performance this year improving over my last years results. Along the way, I got the chance to learn and explore new techniques growing as a reverse engineer.\nSo, this is a seeya and not a goodbye. Will come back stronger and better next year.\n:)\n","date":"8 November 2024","externalUrl":null,"permalink":"/posts/flare-on-11-diary/","section":"Blogs","summary":"My 2024 flare-on 11 journey","title":"Dear Diary, My Flare-On 11","type":"posts"},{"content":"","date":"8 November 2024","externalUrl":null,"permalink":"/tags/flare-on/","section":"Tags","summary":"","title":"Flare-On","type":"tags"},{"content":"","date":"8 November 2024","externalUrl":null,"permalink":"/tags/reverse-engineering/","section":"Tags","summary":"","title":"Reverse-Engineering","type":"tags"},{"content":"","date":"8 November 2024","externalUrl":null,"permalink":"/tags/","section":"Tags","summary":"","title":"Tags","type":"tags"},{"content":"\rExploring the Fundamentals of Low Level Architecture and Assembly Language\rIntroduction #\rWelcome to the world of x86 architecture and assembly language. This blog post will explore the fundamentals of this long-standing architecture, which remains crucial in modern computing. We\u0026rsquo;ll delve into how computers work at a low level, uncovering the inner workings of the systems we use every day.\nWhether you\u0026rsquo;re a beginner or a seasoned programmer, this guide will provide you with valuable insights and practical examples to enhance your understanding of x86 assembly language. Join us as we unravel its intricacies, demystify its operations, and equip you with the tools to write efficient and effective code. By the end of this exploration, you\u0026rsquo;ll have a solid foundation in x86 architecture, empowering you to tackle more complex programming challenges with confidence. Let\u0026rsquo;s dive in!\nWhat is x86 Architecture? #\rx86 architecture is a family of instruction set architectures (ISAs) or complex instruction set computer (CISC) based on the Intel 8086 microprocessor. It has evolved over the years to include a wide range of processors, including the Intel Pentium, Core, and Xeon series, as well as AMD processors such as the Athlon and Ryzen series. x86 architecture is known for its widespread use in personal computers, servers, and embedded systems, making it one of the most popular ISAs in the world.\nThe x86 architecture is a complex and feature-rich ISA that provides a broad set of instructions for performing various operations, such as arithmetic, logic, data movement, and control flow. It supports a wide range of data types, addressing modes, and memory access methods, making it a versatile and powerful platform for software development.\nWhy Learn Assembly Language? #\rAssembly language is a low-level programming language that provides a direct correspondence between the instructions executed by a computer\u0026rsquo;s CPU and the operations performed by a program. By learning assembly language, you gain a deeper understanding of how computers work at a fundamental level, enabling you to write more efficient and optimized code.\nUnderstanding assembly language is essential for a variety of reasons:\nPerformance Optimization: Assembly language allows you to write highly optimized code that takes full advantage of a CPU\u0026rsquo;s capabilities. By writing code at a low level, you can fine-tune performance critical sections of your program to achieve maximum efficiency.\nDebugging and Reverse Engineering: Assembly language is often used in debugging and reverse engineering tasks to analyze and understand the behavior of programs. By examining the assembly code generated by a compiler, you can gain insights into how a program works and identify potential issues.\nEmbedded Systems Development: Assembly language is commonly used in embedded systems development, where performance, size, and power consumption are critical factors. By writing code directly in assembly language, you can control the hardware at a low level and optimize your programs for resource-constrained environments.\nOperating Systems Development: Assembly language is essential for developing operating systems, bootloaders, and device drivers, where direct hardware access and control are required. By writing code in assembly language, you can interact with hardware components, manage system resources, and implement low-level functionality.\nGetting Started with x86 Assembly Language #\rTo get started with x86 assembly language, you\u0026rsquo;ll need an understanding of the basic concepts and instructions that form the foundation of the language. In the following sections, we\u0026rsquo;ll cover essential topics such as registers, memory addressing modes, arithmetic and logic operations, control flow instructions, and more.\nRegisters #\rRegisters are small, fast storage locations within the CPU that are used to hold data temporarily during program execution. The x86 architecture provides a set of general-purpose registers, segment registers, and control registers that serve different purposes and have specific functions. Here are some of the key registers in x86 assembly language:\nGeneral-Purpose Registers: The x86 architecture provides several general-purpose registers, including EAX, EBX, ECX, EDX, ESI, and EDI, which can be used to store data, perform arithmetic and logic operations, and hold memory addresses.\nSegment Registers: The x86 architecture includes segment registers such as CS, DS, ES, FS, GS, and SS, which are used to manage memory segmentation and access different segments of memory.\nControl Registers: The x86 architecture also includes control registers such as CR0, CR2, CR3, and CR4, which are used to control various aspects of the CPU\u0026rsquo;s operation, such as paging, caching, and system configuration.\nHere is a list of CPU registers for x86-64 and lower\nMemory Addressing Modes #\rMemory addressing modes define how memory operands are accessed and manipulated in x86 assembly language instructions. The x86 architecture supports a variety of memory addressing modes, including direct addressing, register addressing, immediate addressing, indirect addressing, indexed addressing, and base-indexed addressing. These addressing modes provide flexibility and versatility in accessing memory locations.\nArithmetic and Logic Operations #\rThe x86 architecture provides a rich set of arithmetic and logic operations that can be performed on data stored in registers or memory. These operations include addition, subtraction, multiplication, division, bitwise AND, OR, XOR, and shift operations, which allow you to manipulate data and perform calculations efficiently.\nControl Flow Instructions #\rControl flow instructions in x86 assembly language allow you to control the flow of program execution by making decisions, looping, and branching based on conditions. These instructions include conditional jumps, unconditional jumps, call and return instructions, loop instructions, and interrupt instructions, which enable you to implement complex control structures and algorithms.\nMemory Management in x86 Assembly Language #\rMemory management is a critical aspect of x86 assembly language programming, as it involves allocating, accessing, and releasing memory resources efficiently. In x86 assembly language, memory management tasks are typically performed using instructions such as MOV, LEA, PUSH, POP, XCHG, CMP, and JMP, which allow you to manipulate memory contents, transfer data between memory locations and registers, and control program flow based on memory conditions.\nStack Operations #\rThe stack is a special region of memory used for storing temporary data, function parameters, return addresses, and local variables during program execution. In x86 assembly language, stack operations are performed using instructions such as PUSH, POP, CALL, and RET, which allow you to push data onto the stack, pop data off the stack, call functions, and return from functions, respectively. The stack plays a crucial role in managing program state and function calls in x86 assembly language programs.\nMemory Segmentation #\rMemory segmentation is a memory management technique used in x86 architecture to divide the memory address space into segments of variable sizes. Each segment is identified by a segment selector and an offset, which together form a linear address that points to a specific memory location. Memory segmentation provides a flexible and efficient way to organize memory resources and manage memory access in x86 assembly language programs.\nInstruction Set #\rThe x86 instruction set is a collection of instructions that define the operations that can be performed by the CPU. The x86 instruction set includes a wide range of instructions for arithmetic, logic, data movement, control flow, and system operations, which allow you to write programs that perform complex tasks efficiently. Understanding the x86 instruction set is essential for writing efficient and optimized assembly language code that takes full advantage of the CPU\u0026rsquo;s capabilities.\nExample Program #\rTo demonstrate the concepts discussed in this blog post, let\u0026rsquo;s write some simple x86 assembly language program. We will use all the things we have learned so far to create a basic program that performs arithmetic operations and control flow instructions.\nWriting assembly language programs can be challenging at first, but with practice and patience, you can become proficient in writing efficient and optimized code that runs on x86 architecture. Let\u0026rsquo;s get started!\nsection .data msg db \u0026#39;Hello, World!\u0026#39;, 0 section .text global _start _start: ; Print the message mov eax, 4 mov ebx, 1 mov ecx, msg mov edx, 13 int 0x80 ; Exit the program mov eax, 1 xor ebx, ebx int 0x80 In this example program, we define a message in the .data section, then use the mov instruction to load the message address into the ecx register. We then use the mov instruction to load the system call number for writing to standard output into the eax register, and the file descriptor for standard output into the ebx register. Finally, we use the int 0x80 instruction to make the system call to write the message to standard output. We then use the mov instruction to load the system call number for exiting the program into the eax register, and the exit status into the ebx register, before making the system call to exit the program.\nsection .data num1 dd 10 num2 dd 20 sum dd 0 section .text global _start _start: ; Add the numbers mov eax, [num1] add eax, [num2] mov [sum], eax ; Exit the program mov eax, 1 xor ebx, ebx int 0x80 In this example program, we define two numbers num1 and num2 in the .data section, and a sum sum to store the result of the addition. We then use the mov instruction to load the value of num1 into the eax register, add the value of num2 to eax, and store the result in sum. We then use the mov instruction to load the system call number for exiting the program into the eax register, and the exit status into the ebx register, before making the system call to exit the program.\nsection .text global _start _start: ; Initialize the counter mov ecx, 10 loop: ; Print the counter mov eax, 4 mov ebx, 1 mov edx, 1 int 0x80 ; Decrement the counter loop loop ; Exit the program mov eax, 1 xor ebx, ebx int 0x80 In this example program, we use a loop to print the numbers from 10 to 1. We initialize the counter ecx to 10, then use a loop to print the value of the counter, decrement the counter, and repeat the process until the counter reaches 0. We then use the mov instruction to load the system call number for exiting the program into the eax register, and the exit status into the ebx register, before making the system call to exit the program.\nsection .text global _start _start: ; Initialize the Fibonacci sequence mov eax, 0 mov ebx, 1 ; Print the first two numbers mov edx, 1 int 0x80 mov edx, 1 int 0x80 ; Generate the Fibonacci sequence mov ecx, 10 loop: ; Calculate the next number add eax, ebx mov ebx, eax ; Print the next number mov edx, 1 int 0x80 ; Decrement the counter loop loop ; Exit the program mov eax, 1 xor ebx, ebx int 0x80 In this example program, we generate the Fibonacci sequence by adding the previous two numbers to get the next number. We initialize the sequence with 0 and 1, then use a loop to calculate and print the next number in the sequence. We repeat this process until we have generated 10 numbers in the Fibonacci sequence, then exit the program.\nExercise #\rVisit the following website and see if you can solve the riddle by understanding the x86 assembly code: xchg_rax\nConclusion #\rIn this blog post, we\u0026rsquo;ve explored the fundamentals of x86 architecture and assembly language, delving into the inner workings of low-level programming and computer systems. We\u0026rsquo;ve covered essential topics such as registers, memory addressing modes, arithmetic and logic operations, control flow instructions, memory management, and the x86 instruction set, providing you with a solid foundation in x86 assembly language programming.\nBy understanding x86 architecture and assembly language, you gain valuable insights into how computers work at a low level, enabling you to write efficient and optimized code that takes full advantage of a CPU\u0026rsquo;s capabilities. Whether you\u0026rsquo;re a beginner or an experienced programmer, learning assembly language can enhance your programming skills and deepen your understanding of computer systems and software development.\nWe hope this guide has inspired you to explore the world of x86 assembly language further and experiment with writing your own assembly language programs.\nHappy Hacking! 🚀\nAdditional Resources #\rx86 - Wikipedia Introduction to x86 Assembly Language x86 Assembly Language Reference Manual XORPD - Assembly Language Adventure NASM - The Netwide Assembler Intel 64 and IA-32 Architectures Software Developer\u0026rsquo;s Manuals All Volume ","date":"1 September 2024","externalUrl":null,"permalink":"/posts/a-plunge-into-lower-level/","section":"Blogs","summary":"Exploring the Fundamentals of Low Level Architecture and Assembly Language","title":"A Plunge into Low Level","type":"posts"},{"content":"","date":"1 September 2024","externalUrl":null,"permalink":"/tags/assembly/","section":"Tags","summary":"","title":"Assembly","type":"tags"},{"content":"","date":"1 September 2024","externalUrl":null,"permalink":"/tags/tutorial/","section":"Tags","summary":"","title":"Tutorial","type":"tags"},{"content":"","externalUrl":null,"permalink":"/authors/","section":"Authors","summary":"","title":"Authors","type":"authors"},{"content":"","externalUrl":null,"permalink":"/categories/","section":"Categories","summary":"","title":"Categories","type":"categories"},{"content":"\rSome of my projects that I\u0026rsquo;ve worked on\rPwnage #\rA docker based binary exploitation setup\nnull Hades #\rSystem level threat hunting tool\nThreat-Olympus/hades\rSystem Level Threat Hunting\rGo 0\r0\rSyslog-ebpf #\rLog live syscalls over linux using eBPF\nh3athen/syslog-ebpf\rRust 0\r0\rRrep #\rA simple grep implementation in rust\n0xlilith/rrep\rgrep in rust but with more coolness\rRust 3\r0\rRAMP #\rA super fast port scanner in rust\n6Sixty6/ramp\rrust port scanner\rRust 8\r2\rRusty-Chan #\rDiscord bot written in rust\n0xlilith/rusty-chan\rDiscord Bot Built In Rust\rRust 0\r1\rSeek-TF #\rA CTFtime helper cli tool\nSacredShell/seektf\r( Seek-TF ) CTFtime helper cli\rRust 1\r0\rgosafe #\rCli tool to store passwords locally\n0xlilith/gosafe\rgenerate password and keep it safe\rGo 1\r0\rStivale2 #\rA bare bone kernel implementation\n0xlilith/stivale-two\rStivale2 bare bone kernel implementation\rC 1\r0\r","externalUrl":null,"permalink":"/projects/","section":"Aryan Gurung","summary":"","title":"Projects","type":"page"},{"content":"\rSome useful links and posts\rMy #\rMy OSCP+ Notes Videos #\rSo You Think You Know Git - FOSDEM 2024 ","externalUrl":null,"permalink":"/resources/","section":"Aryan Gurung","summary":"","title":"Resources","type":"page"},{"content":"","externalUrl":null,"permalink":"/series/","section":"Series","summary":"","title":"Series","type":"series"}] \ No newline at end of file +[{"content":"\rHere\u0026rsquo;s a sleeping picture of my cat Salem [say.luhm]\r","date":"11 December 2024","externalUrl":null,"permalink":"/","section":"Aryan Gurung","summary":"","title":"Aryan Gurung","type":"page"},{"content":"","date":"11 December 2024","externalUrl":null,"permalink":"/tags/blog/","section":"Tags","summary":"","title":"Blog","type":"tags"},{"content":"\rThis is where I write about my life, learning and research\r","date":"11 December 2024","externalUrl":null,"permalink":"/posts/","section":"Blogs","summary":"","title":"Blogs","type":"posts"},{"content":"","date":"11 December 2024","externalUrl":null,"permalink":"/tags/pwn/","section":"Tags","summary":"","title":"Pwn","type":"tags"},{"content":"Having a good environment is a must when you want to do binary exploitaton. Here I will show you how to set up a simple environment using Ubuntu and WSL2 so you can straight up jump into finding and writing your exploits.\nAgenda #\rThings we will be setting up:\nUbuntu inside our Windows WSL2 Pwntools library for writing exploits PwnDbg for debugging and finding vulnerability on programms Setting up Ubuntu on WSL2 #\rChange WSL version to 2\nwsl --set-default-version 2 Searching for our distribution in the online marketplace\nwsl --list --online Installing our distribution with a suitable version. Here I will be instaling Ubuntu 24.04 which comes under their LTS\nwsl --install -d Ubuntu-24.04 After the installation, it will prompt you to set up a user with a password. After which it will drop you to your user shell and you should be able to see something like this. Configuring 32-bit environment #\rSince the distribution we installed is of 64-bit, we must set it up to run 32-bit programs as well. Its very common in CTFs that we receive 32-bit binaries.\nInstalling all the necessary packages and libraries.\nsudo dpkg --add-architecture i386 sudo apt-get update sudo apt install build-essential sudo apt install gcc-multilib Setting up PwnTools library #\rPwntools is a CTF framework and exploit development library. Written in Python, it is designed for rapid prototyping and development, and intended to make exploit writing as simple as possible.\nsudo apt-get update sudo apt-get install python3 python3-pip python3-dev git libssl-dev libffi-dev build-essential python3 -m pip install --upgrade pip python3 -m pip install --upgrade pwntools Working around the PIP upgrade error #\rThere are many solutions to it. The best and the recommended one is to set up a virtual environment. The second would be to use the --break-system-packages tag with our pip command and the third is to set up a config so that we dont have to pass the tag everytime we use pip.\nNOTE! I would still recommend to set up an virtual environment!\rLets set up a config for our pip\nmkdir .config mkdir .config/pip touch .config/pip/pip.conf edit pip.conf\n[global] break-system-packages = true Now we should be able to continue our installing without any errors. We can confirm our installation by loading the library into Python Setting up PwnDbg #\rPwnDbg is a GDB plug-in that makes debugging with GDB suck less, with a focus on features needed by low-level software developers, hardware hackers, reverse-engineers and exploit developers.\nFirst lets start by installing gdb\nsudo apt install gdb Installing and setting up PwnDbg\ngit clone https://github.com/pwndbg/pwndbg cd pwndbg ./setup.sh Resources #\rPwnTools - http://pwntools.com/ PwnDbg - https://pwndbg.re/ How to install Linux on Windows with WSL Windows Subsystem for Linux FAQ #\rWhat to do after this? #\rWell, I would suggest installing a code exitor such as VSCode on your host machine for you to write exploits or you can be a chad and install neovim on your linux.\nAfter that you can set up a disassembler and decompiler of your choice. There are many to choose from but these are some of my picks:\nGhidra by NSA (yes the NSA) IDA by Hex Rays Binary Ninja by Vector 35 Cutter by Rizin Now that you are all set, the only thing left is to start hacking and writing exploits\n","date":"11 December 2024","externalUrl":null,"permalink":"/posts/win11-pwn-env/","section":"Blogs","summary":"Setting up a binary exploitation environment on Windows 11 using WSL2","title":"PWN environment setup on Win11 using WSL2","type":"posts"},{"content":"","date":"11 December 2024","externalUrl":null,"permalink":"/tags/","section":"Tags","summary":"","title":"Tags","type":"tags"},{"content":"","date":"11 December 2024","externalUrl":null,"permalink":"/tags/tutorial/","section":"Tags","summary":"","title":"Tutorial","type":"tags"},{"content":"\rEvery year, the flare-on offers reverse engineering enthusiasts a unique set of puzzles that push our skills and creativity to new limits.\rThis year it was no different. I’ll be writing down a short blog about my experience tackling this years challenges.\nTimeline #\rSeptember 27th 2024 at 6:30 AM\rStarting of Flare-on\rSeptember 27th, 5:09:55 PM\rSolved Challenge 1 - frog\rOctober 1st, 4:46:42 AM\rSolved Challenge 2 - checksum\rNovember 1st, 9:23:14 AM\rSolved Challenge 3 - aray\rNovember 6th, 6:07:38 AM\rSolved Challenge 4 - Meme Maker 3000\rNovember 8th 2024 at 8pm\rEnding of Flare-on\rChallenge 1 - frog #\rWe were given a game written in python using the pygames library.\nThe logic of the game and the encryption was simple to understand and didn\u0026rsquo;t take me much to get the flag.\nChallenge 2 - checksum #\rFor me this was the most chellenging one out of all the challenges I solved. We had to reverse an executable written in Go.\nThe first step was to reverse engineer the hash used to solve the checksum, and the second step involved finding the path where the flag image was generated.\nChallenge 3 - aray #\rWe had to deal with yara rule constraints into solving the challenge through patience and scripting. At the end of solving, my script turned out to be of 407 lines.\nChallenge 4 - Meme Maker 3000 #\rLast of the challenge that I managed to solve was Meme Maker 300 which was a Javascript Obfuscattion challenge.\nI quickly deobfuscated and clened up the code as I began to understand the logic. After playing with the browser counsole couple to times, I managed to understand the logic for the required conditions and got the flag.\nGoodbye #\rThat wraps up my journey, having solved 4 out of 10 challenges.\nI might have solved more if I had been consistent but I’m happy with my performance this year improving over my last years results. Along the way, I got the chance to learn and explore new techniques growing as a reverse engineer.\nSo, this is a seeya and not a goodbye. Will come back stronger and better next year.\n:)\n","date":"8 November 2024","externalUrl":null,"permalink":"/posts/flare-on-11-diary/","section":"Blogs","summary":"My 2024 flare-on 11 journey","title":"Dear Diary, My Flare-On 11","type":"posts"},{"content":"","date":"8 November 2024","externalUrl":null,"permalink":"/tags/flare-on/","section":"Tags","summary":"","title":"Flare-On","type":"tags"},{"content":"","date":"8 November 2024","externalUrl":null,"permalink":"/tags/reverse-engineering/","section":"Tags","summary":"","title":"Reverse-Engineering","type":"tags"},{"content":"\rExploring the Fundamentals of Low Level Architecture and Assembly Language\rIntroduction #\rWelcome to the world of x86 architecture and assembly language. This blog post will explore the fundamentals of this long-standing architecture, which remains crucial in modern computing. We\u0026rsquo;ll delve into how computers work at a low level, uncovering the inner workings of the systems we use every day.\nWhether you\u0026rsquo;re a beginner or a seasoned programmer, this guide will provide you with valuable insights and practical examples to enhance your understanding of x86 assembly language. Join us as we unravel its intricacies, demystify its operations, and equip you with the tools to write efficient and effective code. By the end of this exploration, you\u0026rsquo;ll have a solid foundation in x86 architecture, empowering you to tackle more complex programming challenges with confidence. Let\u0026rsquo;s dive in!\nWhat is x86 Architecture? #\rx86 architecture is a family of instruction set architectures (ISAs) or complex instruction set computer (CISC) based on the Intel 8086 microprocessor. It has evolved over the years to include a wide range of processors, including the Intel Pentium, Core, and Xeon series, as well as AMD processors such as the Athlon and Ryzen series. x86 architecture is known for its widespread use in personal computers, servers, and embedded systems, making it one of the most popular ISAs in the world.\nThe x86 architecture is a complex and feature-rich ISA that provides a broad set of instructions for performing various operations, such as arithmetic, logic, data movement, and control flow. It supports a wide range of data types, addressing modes, and memory access methods, making it a versatile and powerful platform for software development.\nWhy Learn Assembly Language? #\rAssembly language is a low-level programming language that provides a direct correspondence between the instructions executed by a computer\u0026rsquo;s CPU and the operations performed by a program. By learning assembly language, you gain a deeper understanding of how computers work at a fundamental level, enabling you to write more efficient and optimized code.\nUnderstanding assembly language is essential for a variety of reasons:\nPerformance Optimization: Assembly language allows you to write highly optimized code that takes full advantage of a CPU\u0026rsquo;s capabilities. By writing code at a low level, you can fine-tune performance critical sections of your program to achieve maximum efficiency.\nDebugging and Reverse Engineering: Assembly language is often used in debugging and reverse engineering tasks to analyze and understand the behavior of programs. By examining the assembly code generated by a compiler, you can gain insights into how a program works and identify potential issues.\nEmbedded Systems Development: Assembly language is commonly used in embedded systems development, where performance, size, and power consumption are critical factors. By writing code directly in assembly language, you can control the hardware at a low level and optimize your programs for resource-constrained environments.\nOperating Systems Development: Assembly language is essential for developing operating systems, bootloaders, and device drivers, where direct hardware access and control are required. By writing code in assembly language, you can interact with hardware components, manage system resources, and implement low-level functionality.\nGetting Started with x86 Assembly Language #\rTo get started with x86 assembly language, you\u0026rsquo;ll need an understanding of the basic concepts and instructions that form the foundation of the language. In the following sections, we\u0026rsquo;ll cover essential topics such as registers, memory addressing modes, arithmetic and logic operations, control flow instructions, and more.\nRegisters #\rRegisters are small, fast storage locations within the CPU that are used to hold data temporarily during program execution. The x86 architecture provides a set of general-purpose registers, segment registers, and control registers that serve different purposes and have specific functions. Here are some of the key registers in x86 assembly language:\nGeneral-Purpose Registers: The x86 architecture provides several general-purpose registers, including EAX, EBX, ECX, EDX, ESI, and EDI, which can be used to store data, perform arithmetic and logic operations, and hold memory addresses.\nSegment Registers: The x86 architecture includes segment registers such as CS, DS, ES, FS, GS, and SS, which are used to manage memory segmentation and access different segments of memory.\nControl Registers: The x86 architecture also includes control registers such as CR0, CR2, CR3, and CR4, which are used to control various aspects of the CPU\u0026rsquo;s operation, such as paging, caching, and system configuration.\nHere is a list of CPU registers for x86-64 and lower\nMemory Addressing Modes #\rMemory addressing modes define how memory operands are accessed and manipulated in x86 assembly language instructions. The x86 architecture supports a variety of memory addressing modes, including direct addressing, register addressing, immediate addressing, indirect addressing, indexed addressing, and base-indexed addressing. These addressing modes provide flexibility and versatility in accessing memory locations.\nArithmetic and Logic Operations #\rThe x86 architecture provides a rich set of arithmetic and logic operations that can be performed on data stored in registers or memory. These operations include addition, subtraction, multiplication, division, bitwise AND, OR, XOR, and shift operations, which allow you to manipulate data and perform calculations efficiently.\nControl Flow Instructions #\rControl flow instructions in x86 assembly language allow you to control the flow of program execution by making decisions, looping, and branching based on conditions. These instructions include conditional jumps, unconditional jumps, call and return instructions, loop instructions, and interrupt instructions, which enable you to implement complex control structures and algorithms.\nMemory Management in x86 Assembly Language #\rMemory management is a critical aspect of x86 assembly language programming, as it involves allocating, accessing, and releasing memory resources efficiently. In x86 assembly language, memory management tasks are typically performed using instructions such as MOV, LEA, PUSH, POP, XCHG, CMP, and JMP, which allow you to manipulate memory contents, transfer data between memory locations and registers, and control program flow based on memory conditions.\nStack Operations #\rThe stack is a special region of memory used for storing temporary data, function parameters, return addresses, and local variables during program execution. In x86 assembly language, stack operations are performed using instructions such as PUSH, POP, CALL, and RET, which allow you to push data onto the stack, pop data off the stack, call functions, and return from functions, respectively. The stack plays a crucial role in managing program state and function calls in x86 assembly language programs.\nMemory Segmentation #\rMemory segmentation is a memory management technique used in x86 architecture to divide the memory address space into segments of variable sizes. Each segment is identified by a segment selector and an offset, which together form a linear address that points to a specific memory location. Memory segmentation provides a flexible and efficient way to organize memory resources and manage memory access in x86 assembly language programs.\nInstruction Set #\rThe x86 instruction set is a collection of instructions that define the operations that can be performed by the CPU. The x86 instruction set includes a wide range of instructions for arithmetic, logic, data movement, control flow, and system operations, which allow you to write programs that perform complex tasks efficiently. Understanding the x86 instruction set is essential for writing efficient and optimized assembly language code that takes full advantage of the CPU\u0026rsquo;s capabilities.\nExample Program #\rTo demonstrate the concepts discussed in this blog post, let\u0026rsquo;s write some simple x86 assembly language program. We will use all the things we have learned so far to create a basic program that performs arithmetic operations and control flow instructions.\nWriting assembly language programs can be challenging at first, but with practice and patience, you can become proficient in writing efficient and optimized code that runs on x86 architecture. Let\u0026rsquo;s get started!\nsection .data msg db \u0026#39;Hello, World!\u0026#39;, 0 section .text global _start _start: ; Print the message mov eax, 4 mov ebx, 1 mov ecx, msg mov edx, 13 int 0x80 ; Exit the program mov eax, 1 xor ebx, ebx int 0x80 In this example program, we define a message in the .data section, then use the mov instruction to load the message address into the ecx register. We then use the mov instruction to load the system call number for writing to standard output into the eax register, and the file descriptor for standard output into the ebx register. Finally, we use the int 0x80 instruction to make the system call to write the message to standard output. We then use the mov instruction to load the system call number for exiting the program into the eax register, and the exit status into the ebx register, before making the system call to exit the program.\nsection .data num1 dd 10 num2 dd 20 sum dd 0 section .text global _start _start: ; Add the numbers mov eax, [num1] add eax, [num2] mov [sum], eax ; Exit the program mov eax, 1 xor ebx, ebx int 0x80 In this example program, we define two numbers num1 and num2 in the .data section, and a sum sum to store the result of the addition. We then use the mov instruction to load the value of num1 into the eax register, add the value of num2 to eax, and store the result in sum. We then use the mov instruction to load the system call number for exiting the program into the eax register, and the exit status into the ebx register, before making the system call to exit the program.\nsection .text global _start _start: ; Initialize the counter mov ecx, 10 loop: ; Print the counter mov eax, 4 mov ebx, 1 mov edx, 1 int 0x80 ; Decrement the counter loop loop ; Exit the program mov eax, 1 xor ebx, ebx int 0x80 In this example program, we use a loop to print the numbers from 10 to 1. We initialize the counter ecx to 10, then use a loop to print the value of the counter, decrement the counter, and repeat the process until the counter reaches 0. We then use the mov instruction to load the system call number for exiting the program into the eax register, and the exit status into the ebx register, before making the system call to exit the program.\nsection .text global _start _start: ; Initialize the Fibonacci sequence mov eax, 0 mov ebx, 1 ; Print the first two numbers mov edx, 1 int 0x80 mov edx, 1 int 0x80 ; Generate the Fibonacci sequence mov ecx, 10 loop: ; Calculate the next number add eax, ebx mov ebx, eax ; Print the next number mov edx, 1 int 0x80 ; Decrement the counter loop loop ; Exit the program mov eax, 1 xor ebx, ebx int 0x80 In this example program, we generate the Fibonacci sequence by adding the previous two numbers to get the next number. We initialize the sequence with 0 and 1, then use a loop to calculate and print the next number in the sequence. We repeat this process until we have generated 10 numbers in the Fibonacci sequence, then exit the program.\nExercise #\rVisit the following website and see if you can solve the riddle by understanding the x86 assembly code: xchg_rax\nConclusion #\rIn this blog post, we\u0026rsquo;ve explored the fundamentals of x86 architecture and assembly language, delving into the inner workings of low-level programming and computer systems. We\u0026rsquo;ve covered essential topics such as registers, memory addressing modes, arithmetic and logic operations, control flow instructions, memory management, and the x86 instruction set, providing you with a solid foundation in x86 assembly language programming.\nBy understanding x86 architecture and assembly language, you gain valuable insights into how computers work at a low level, enabling you to write efficient and optimized code that takes full advantage of a CPU\u0026rsquo;s capabilities. Whether you\u0026rsquo;re a beginner or an experienced programmer, learning assembly language can enhance your programming skills and deepen your understanding of computer systems and software development.\nWe hope this guide has inspired you to explore the world of x86 assembly language further and experiment with writing your own assembly language programs.\nHappy Hacking! 🚀\nAdditional Resources #\rx86 - Wikipedia Introduction to x86 Assembly Language x86 Assembly Language Reference Manual XORPD - Assembly Language Adventure NASM - The Netwide Assembler Intel 64 and IA-32 Architectures Software Developer\u0026rsquo;s Manuals All Volume ","date":"1 September 2024","externalUrl":null,"permalink":"/posts/a-plunge-into-lower-level/","section":"Blogs","summary":"Exploring the Fundamentals of Low Level Architecture and Assembly Language","title":"A Plunge into Low Level","type":"posts"},{"content":"","date":"1 September 2024","externalUrl":null,"permalink":"/tags/assembly/","section":"Tags","summary":"","title":"Assembly","type":"tags"},{"content":"","externalUrl":null,"permalink":"/authors/","section":"Authors","summary":"","title":"Authors","type":"authors"},{"content":"","externalUrl":null,"permalink":"/categories/","section":"Categories","summary":"","title":"Categories","type":"categories"},{"content":"\rSome of my projects that I\u0026rsquo;ve worked on\rPwnage #\rA docker based binary exploitation setup\nnull Hades #\rSystem level threat hunting tool\nThreat-Olympus/hades\rSystem Level Threat Hunting\rGo 0\r0\rSyslog-ebpf #\rLog live syscalls over linux using eBPF\nh3athen/syslog-ebpf\rRust 0\r0\rRrep #\rA simple grep implementation in rust\n0xlilith/rrep\rgrep in rust but with more coolness\rRust 3\r0\rRAMP #\rA super fast port scanner in rust\n6Sixty6/ramp\rrust port scanner\rRust 8\r2\rRusty-Chan #\rDiscord bot written in rust\n0xlilith/rusty-chan\rDiscord Bot Built In Rust\rRust 0\r1\rSeek-TF #\rA CTFtime helper cli tool\nSacredShell/seektf\r( Seek-TF ) CTFtime helper cli\rRust 1\r0\rgosafe #\rCli tool to store passwords locally\n0xlilith/gosafe\rgenerate password and keep it safe\rGo 1\r0\rStivale2 #\rA bare bone kernel implementation\n0xlilith/stivale-two\rStivale2 bare bone kernel implementation\rC 1\r0\r","externalUrl":null,"permalink":"/projects/","section":"Aryan Gurung","summary":"","title":"Projects","type":"page"},{"content":"\rSome useful links and posts\rMy #\rMy OSCP+ Notes Videos #\rSo You Think You Know Git - FOSDEM 2024 ","externalUrl":null,"permalink":"/resources/","section":"Aryan Gurung","summary":"","title":"Resources","type":"page"},{"content":"","externalUrl":null,"permalink":"/series/","section":"Series","summary":"","title":"Series","type":"series"}] \ No newline at end of file diff --git a/public/index.xml b/public/index.xml index 4aa347e..28e9c7e 100644 --- a/public/index.xml +++ b/public/index.xml @@ -9,7 +9,17 @@ hello@heathen.in (Aryan Gurung) hello@heathen.in (Aryan Gurung) © 2024 Aryan Gurung - Fri, 08 Nov 2024 00:00:00 +0000 + Wed, 11 Dec 2024 00:00:00 +0000 + + PWN environment setup on Win11 using WSL2 + http://localhost:1313/posts/win11-pwn-env/ + Wed, 11 Dec 2024 00:00:00 +0000 + hello@heathen.in (Aryan Gurung) + http://localhost:1313/posts/win11-pwn-env/ + Setting up a binary exploitation environment on Windows 11 using WSL2 + + + Dear Diary, My Flare-On 11 http://localhost:1313/posts/flare-on-11-diary/ diff --git a/public/posts/a-plunge-into-lower-level/index.html b/public/posts/a-plunge-into-lower-level/index.html index 5efa73c..8cf7968 100644 --- a/public/posts/a-plunge-into-lower-level/index.html +++ b/public/posts/a-plunge-into-lower-level/index.html @@ -596,17 +596,6 @@
- - - - - - -
- - - -
diff --git a/public/posts/flare-on-11-diary/index.html b/public/posts/flare-on-11-diary/index.html index cf6a824..1a381f5 100644 --- a/public/posts/flare-on-11-diary/index.html +++ b/public/posts/flare-on-11-diary/index.html @@ -600,17 +600,6 @@
- - - - - - -
- - - -
diff --git a/public/posts/index.html b/public/posts/index.html index c7bd11e..6ad1c97 100644 --- a/public/posts/index.html +++ b/public/posts/index.html @@ -668,6 +668,147 @@

+ + +
+ +
+
+ +
PWN environment setup on Win11 using WSL2
+ + + +
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + ·3 mins + + + + +
+ + + + + +
+ + + + + + + + + + + + + + + + Pwn + + + + + + + + Blog + + + + + + + + Tutorial + + + + + + + +
+ + + + +
+ +
+ Setting up a binary exploitation environment on Windows 11 using WSL2 +
+ +
+ + + + + + + + + + + + + + + + + + + + + diff --git a/public/posts/index.xml b/public/posts/index.xml index aa73d16..71c307c 100644 --- a/public/posts/index.xml +++ b/public/posts/index.xml @@ -9,7 +9,17 @@ hello@heathen.in (Aryan Gurung) hello@heathen.in (Aryan Gurung) © 2024 Aryan Gurung - Fri, 08 Nov 2024 00:00:00 +0000 + Wed, 11 Dec 2024 00:00:00 +0000 + + PWN environment setup on Win11 using WSL2 + http://localhost:1313/posts/win11-pwn-env/ + Wed, 11 Dec 2024 00:00:00 +0000 + hello@heathen.in (Aryan Gurung) + http://localhost:1313/posts/win11-pwn-env/ + Setting up a binary exploitation environment on Windows 11 using WSL2 + + + Dear Diary, My Flare-On 11 http://localhost:1313/posts/flare-on-11-diary/ diff --git a/public/posts/win11-pwn-env/featured.png b/public/posts/win11-pwn-env/featured.png new file mode 100644 index 0000000..36553fc Binary files /dev/null and b/public/posts/win11-pwn-env/featured.png differ diff --git a/public/posts/win11-pwn-env/featured_hu12059272893085827353.png b/public/posts/win11-pwn-env/featured_hu12059272893085827353.png new file mode 100644 index 0000000..cbc056c Binary files /dev/null and b/public/posts/win11-pwn-env/featured_hu12059272893085827353.png differ diff --git a/public/posts/win11-pwn-env/featured_hu12450813906614915158.png b/public/posts/win11-pwn-env/featured_hu12450813906614915158.png new file mode 100644 index 0000000..03cffe0 Binary files /dev/null and b/public/posts/win11-pwn-env/featured_hu12450813906614915158.png differ diff --git a/public/posts/win11-pwn-env/for_honored_guest.png b/public/posts/win11-pwn-env/for_honored_guest.png new file mode 100644 index 0000000..36553fc Binary files /dev/null and b/public/posts/win11-pwn-env/for_honored_guest.png differ diff --git a/public/posts/win11-pwn-env/img/Pasted image 20241209090017.png b/public/posts/win11-pwn-env/img/Pasted image 20241209090017.png new file mode 100644 index 0000000..019a85a Binary files /dev/null and b/public/posts/win11-pwn-env/img/Pasted image 20241209090017.png differ diff --git a/public/posts/win11-pwn-env/img/Pasted image 20241209090045.png b/public/posts/win11-pwn-env/img/Pasted image 20241209090045.png new file mode 100644 index 0000000..a8384a0 Binary files /dev/null and b/public/posts/win11-pwn-env/img/Pasted image 20241209090045.png differ diff --git a/public/posts/win11-pwn-env/img/Pasted image 20241209090109.png b/public/posts/win11-pwn-env/img/Pasted image 20241209090109.png new file mode 100644 index 0000000..a25b303 Binary files /dev/null and b/public/posts/win11-pwn-env/img/Pasted image 20241209090109.png differ diff --git a/public/posts/win11-pwn-env/img/Pasted image 20241209091105.png b/public/posts/win11-pwn-env/img/Pasted image 20241209091105.png new file mode 100644 index 0000000..5c197dd Binary files /dev/null and b/public/posts/win11-pwn-env/img/Pasted image 20241209091105.png differ diff --git a/public/posts/win11-pwn-env/img/Pasted image 20241209091403.png b/public/posts/win11-pwn-env/img/Pasted image 20241209091403.png new file mode 100644 index 0000000..3e25971 Binary files /dev/null and b/public/posts/win11-pwn-env/img/Pasted image 20241209091403.png differ diff --git a/public/posts/win11-pwn-env/img/Pasted image 20241209091547.png b/public/posts/win11-pwn-env/img/Pasted image 20241209091547.png new file mode 100644 index 0000000..26c1685 Binary files /dev/null and b/public/posts/win11-pwn-env/img/Pasted image 20241209091547.png differ diff --git a/public/posts/win11-pwn-env/img/Pasted image 20241209091733.png b/public/posts/win11-pwn-env/img/Pasted image 20241209091733.png new file mode 100644 index 0000000..dc9bf51 Binary files /dev/null and b/public/posts/win11-pwn-env/img/Pasted image 20241209091733.png differ diff --git a/public/posts/win11-pwn-env/img/Pasted image 20241209092006.png b/public/posts/win11-pwn-env/img/Pasted image 20241209092006.png new file mode 100644 index 0000000..ca7d3f1 Binary files /dev/null and b/public/posts/win11-pwn-env/img/Pasted image 20241209092006.png differ diff --git a/public/posts/win11-pwn-env/img/Pasted image 20241209092036.png b/public/posts/win11-pwn-env/img/Pasted image 20241209092036.png new file mode 100644 index 0000000..c77a8a1 Binary files /dev/null and b/public/posts/win11-pwn-env/img/Pasted image 20241209092036.png differ diff --git a/public/posts/win11-pwn-env/img/Pasted image 20241209092615.png b/public/posts/win11-pwn-env/img/Pasted image 20241209092615.png new file mode 100644 index 0000000..7854ce6 Binary files /dev/null and b/public/posts/win11-pwn-env/img/Pasted image 20241209092615.png differ diff --git a/public/posts/win11-pwn-env/img/Pasted image 20241209092706.png b/public/posts/win11-pwn-env/img/Pasted image 20241209092706.png new file mode 100644 index 0000000..866aa88 Binary files /dev/null and b/public/posts/win11-pwn-env/img/Pasted image 20241209092706.png differ diff --git a/public/posts/win11-pwn-env/img/Pasted image 20241209093218.png b/public/posts/win11-pwn-env/img/Pasted image 20241209093218.png new file mode 100644 index 0000000..d6841b4 Binary files /dev/null and b/public/posts/win11-pwn-env/img/Pasted image 20241209093218.png differ diff --git a/public/posts/win11-pwn-env/img/Pasted image 20241209115301.png b/public/posts/win11-pwn-env/img/Pasted image 20241209115301.png new file mode 100644 index 0000000..65853a4 Binary files /dev/null and b/public/posts/win11-pwn-env/img/Pasted image 20241209115301.png differ diff --git a/public/posts/win11-pwn-env/img/Pasted image 20241209115504.png b/public/posts/win11-pwn-env/img/Pasted image 20241209115504.png new file mode 100644 index 0000000..76ba788 Binary files /dev/null and b/public/posts/win11-pwn-env/img/Pasted image 20241209115504.png differ diff --git a/public/posts/win11-pwn-env/img/Pasted image 20241209115611.png b/public/posts/win11-pwn-env/img/Pasted image 20241209115611.png new file mode 100644 index 0000000..9f1c01d Binary files /dev/null and b/public/posts/win11-pwn-env/img/Pasted image 20241209115611.png differ diff --git a/public/posts/win11-pwn-env/index.html b/public/posts/win11-pwn-env/index.html new file mode 100644 index 0000000..f6d62a4 --- /dev/null +++ b/public/posts/win11-pwn-env/index.html @@ -0,0 +1,1318 @@ + + + + + + + + + + PWN environment setup on Win11 using WSL2 · heathen.in + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+ +
+
+ +
+ + +
+ + + + + + + + + + + + + + + +
+
+
+ + +
+
+ + + + + +
+
+ + + +
+
+ + + +
+ + +
+ +
    + + + + + + + + + +
  1. + Blogs/ +
    2. + + + + +
+ + + +

+ PWN environment setup on Win11 using WSL2 +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + ·3 mins· + + + + + + + + + + + + + + + + + + + + + +
+ + + + + +
+ + + + + + + + + + + + + + + + Pwn + + + + + + + + Blog + + + + + + + + Tutorial + + + + + + + +
+ + + + +
+ + + + + + + + + + + + + + +
+ + + + + + + + + + Aryan Gurung + + +
+ +
+ Author +
+
+ Aryan Gurung +
+ + +
security researcher and programmer
+ +
+
+
+
+ + + + + + +
+ + + + +
+ +
+ +
+
+ + +
+ + Table of Contents + +
+ +
+
+ + +
+
+ + +
+ + + + +
+

Having a good environment is a must when you want to do binary exploitaton. Here I will show you how to set up a simple environment using Ubuntu and WSL2 +so you can straight up jump into finding and writing your exploits.

+ + +

Agenda +
+ + + # + + +

+

Things we will be setting up:

+
    +
  • Ubuntu inside our Windows WSL2
    • +
  • Pwntools library for writing exploits
    • +
  • PwnDbg for debugging and finding vulnerability on programms
    • +
+ + +

Setting up Ubuntu on WSL2 +
+ + + # + + +

+

Change WSL version to 2

+
wsl --set-default-version 2
+
+
+

Searching for our distribution in the online marketplace

+
wsl --list --online
+
+
+

Installing our distribution with a suitable version. Here I will be instaling Ubuntu 24.04 which comes under their LTS

+
 wsl --install -d Ubuntu-24.04
+
+
+

After the installation, it will prompt you to set up a user with a password. After which it will drop you to your user shell +and you should be able to see something like this. +

+ + +

Configuring 32-bit environment +
+ + + # + + +

+

Since the distribution we installed is of 64-bit, we must set it up to run 32-bit programs as well. Its very common in CTFs that we receive 32-bit binaries.

+

Installing all the necessary packages and libraries.

+
sudo dpkg --add-architecture i386 
+sudo apt-get update
+
+
+
sudo apt install build-essential
+
+
+
sudo apt install gcc-multilib
+
+ + +

Setting up PwnTools library +
+ + + # + + +

+

Pwntools is a CTF framework and exploit development library. Written in Python, it is designed for rapid prototyping and development, and intended to make exploit writing as simple as possible.

+
sudo apt-get update
+sudo apt-get install python3 python3-pip python3-dev git libssl-dev libffi-dev build-essential
+python3 -m pip install --upgrade pip
+python3 -m pip install --upgrade pwntools
+
+ + +

Working around the PIP upgrade error +
+ + + # + + +

+ +

There are many solutions to it. The best and the recommended one is to set up a virtual environment. +The second would be to use the --break-system-packages tag with our pip command and +the third is to set up a config so that we dont have to pass the tag everytime we use pip.

+ + + + + + + + +
+ + + + + + + + + + + + + + NOTE! I would still recommend to set up an virtual environment! +
+ +

Lets set up a config for our pip

+
mkdir .config
+mkdir .config/pip
+touch .config/pip/pip.conf
+

edit pip.conf

+
[global]
+break-system-packages = true
+

Now we should be able to continue our installing without any errors. + +

+
+

We can confirm our installation by loading the library into Python +

+ + +

Setting up PwnDbg +
+ + + # + + +

+

PwnDbg is a GDB plug-in that makes debugging with GDB suck less, with a focus on features needed by low-level software developers, hardware hackers, reverse-engineers and exploit developers.

+

First lets start by installing gdb

+
sudo apt install gdb
+
+
+

Installing and setting up PwnDbg

+
git clone https://github.com/pwndbg/pwndbg 
+cd pwndbg 
+./setup.sh
+
+ + + +

Resources +
+ + + # + + +

+ + + +

FAQ +
+ + + # + + +

+ + +

What to do after this? +
+ + + # + + +

+

Well, I would suggest installing a code exitor such as VSCode on your host machine for you to write exploits or you can be a chad and install neovim on your linux.

+

After that you can set up a disassembler and decompiler of your choice. There are many to choose from but these are some of my picks:

+ +

Now that you are all set, the only thing left is to start hacking and writing exploits

+ + + + +
+ + + + + + + +
+ + + + + + + + + + + + + + +
+
+ + + + +
+
+ + +
+ + + + + + +
+ + + +

+ © + 2024 + Aryan Gurung +

+ + + + + +
+ + + + + + +
+ + +
+ + + + + diff --git a/public/projects/index.html b/public/projects/index.html index 8da9adb..66fa8b3 100644 --- a/public/projects/index.html +++ b/public/projects/index.html @@ -589,15 +589,6 @@
- - - - - - - - -
diff --git a/public/resources/index.html b/public/resources/index.html index 833e72c..6e8306e 100644 --- a/public/resources/index.html +++ b/public/resources/index.html @@ -589,15 +589,6 @@
- - - - - - - - -
diff --git a/public/sitemap.xml b/public/sitemap.xml index 68c1a2d..1a76d3e 100644 --- a/public/sitemap.xml +++ b/public/sitemap.xml @@ -4,13 +4,19 @@ http://localhost:1313/ - 2024-11-08T00:00:00+00:00 + 2024-12-11T00:00:00+00:00 daily 0.5 http://localhost:1313/posts/ - 2024-11-08T00:00:00+00:00 + 2024-12-11T00:00:00+00:00 + daily + 0.5 + + + http://localhost:1313/posts/win11-pwn-env/ + 2024-12-11T00:00:00+00:00 daily 0.5 diff --git a/public/tags/blog/index.html b/public/tags/blog/index.html index e3472d6..8553e40 100644 --- a/public/tags/blog/index.html +++ b/public/tags/blog/index.html @@ -631,6 +631,147 @@

Blog + + + + + + + + + +
+ +
+
+ +
PWN environment setup on Win11 using WSL2
+ + + +
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + ·3 mins + + + + +
+ + + + + +
+ + + + + + + + + + + + + + + + Pwn + + + + + + + + Blog + + + + + + + + Tutorial + + + + + + + +
+ + + + +
+ +
+ Setting up a binary exploitation environment on Windows 11 using WSL2 +
+ +
+ + + + + + + + + + + + + + + + + + + + diff --git a/public/tags/blog/index.xml b/public/tags/blog/index.xml index 3f97b58..745b116 100644 --- a/public/tags/blog/index.xml +++ b/public/tags/blog/index.xml @@ -9,7 +9,17 @@ hello@heathen.in (Aryan Gurung) hello@heathen.in (Aryan Gurung) © 2024 Aryan Gurung - Fri, 08 Nov 2024 00:00:00 +0000 + Wed, 11 Dec 2024 00:00:00 +0000 + + PWN environment setup on Win11 using WSL2 + http://localhost:1313/posts/win11-pwn-env/ + Wed, 11 Dec 2024 00:00:00 +0000 + hello@heathen.in (Aryan Gurung) + http://localhost:1313/posts/win11-pwn-env/ + Setting up a binary exploitation environment on Windows 11 using WSL2 + + + Dear Diary, My Flare-On 11 http://localhost:1313/posts/flare-on-11-diary/ diff --git a/public/tags/index.html b/public/tags/index.html index 31f0d72..48216f1 100644 --- a/public/tags/index.html +++ b/public/tags/index.html @@ -630,7 +630,7 @@

· - 1 + 2

@@ -649,6 +649,22 @@

1 +

+

+ +
+

+ Pwn + + · + + 1 + +

@@ -678,7 +694,7 @@

· - 1 + 2

diff --git a/public/tags/index.xml b/public/tags/index.xml index fc8869b..1f524ef 100644 --- a/public/tags/index.xml +++ b/public/tags/index.xml @@ -9,17 +9,37 @@ hello@heathen.in (Aryan Gurung) hello@heathen.in (Aryan Gurung) © 2024 Aryan Gurung - Fri, 08 Nov 2024 00:00:00 +0000 + Wed, 11 Dec 2024 00:00:00 +0000 Blog http://localhost:1313/tags/blog/ - Fri, 08 Nov 2024 00:00:00 +0000 + Wed, 11 Dec 2024 00:00:00 +0000 hello@heathen.in (Aryan Gurung) http://localhost:1313/tags/blog/ + + Pwn + http://localhost:1313/tags/pwn/ + Wed, 11 Dec 2024 00:00:00 +0000 + hello@heathen.in (Aryan Gurung) + http://localhost:1313/tags/pwn/ + + + + + + Tutorial + http://localhost:1313/tags/tutorial/ + Wed, 11 Dec 2024 00:00:00 +0000 + hello@heathen.in (Aryan Gurung) + http://localhost:1313/tags/tutorial/ + + + + Flare-On http://localhost:1313/tags/flare-on/ @@ -50,15 +70,5 @@ - - Tutorial - http://localhost:1313/tags/tutorial/ - Sun, 01 Sep 2024 00:00:00 +0000 - hello@heathen.in (Aryan Gurung) - http://localhost:1313/tags/tutorial/ - - - - diff --git a/public/tags/pwn/index.html b/public/tags/pwn/index.html new file mode 100644 index 0000000..37c7855 --- /dev/null +++ b/public/tags/pwn/index.html @@ -0,0 +1,886 @@ + + + + + + + + + + Pwn · heathen.in + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+ +
+
+ +
+ + +
+ + + + + + + + + + + + + + + +
+
+
+ + +
+
+ + + + + +
+
+ + + +
+
+ + + +
+ +

Pwn

+
+ + + + + + + + + + + + + + + + + + + + + + +
+ + +
+ + +
+
+ +
+ +
+ + + + + + + + + + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
+
+ +
PWN environment setup on Win11 using WSL2
+ + + +
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + ·3 mins + + + + +
+ + + + + +
+ + + + + + + + + + + + + + + + Pwn + + + + + + + + Blog + + + + + + + + Tutorial + + + + + + + +
+ + + + +
+ +
+ Setting up a binary exploitation environment on Windows 11 using WSL2 +
+ +
+ + + + +
+ + + + + + + + + +
+ + + + + + +
+ + + +

+ © + 2024 + Aryan Gurung +

+ + + + + +
+ + + + + + +
+ + +
+ + + + + diff --git a/public/tags/pwn/index.xml b/public/tags/pwn/index.xml new file mode 100644 index 0000000..28010fa --- /dev/null +++ b/public/tags/pwn/index.xml @@ -0,0 +1,24 @@ + + + + Pwn on heathen.in + http://localhost:1313/tags/pwn/ + Recent content in Pwn on heathen.in + Hugo -- gohugo.io + en + hello@heathen.in (Aryan Gurung) + hello@heathen.in (Aryan Gurung) + © 2024 Aryan Gurung + Wed, 11 Dec 2024 00:00:00 +0000 + + PWN environment setup on Win11 using WSL2 + http://localhost:1313/posts/win11-pwn-env/ + Wed, 11 Dec 2024 00:00:00 +0000 + hello@heathen.in (Aryan Gurung) + http://localhost:1313/posts/win11-pwn-env/ + Setting up a binary exploitation environment on Windows 11 using WSL2 + + + + + diff --git a/public/tags/pwn/page/1/index.html b/public/tags/pwn/page/1/index.html new file mode 100644 index 0000000..c2c4a16 --- /dev/null +++ b/public/tags/pwn/page/1/index.html @@ -0,0 +1,10 @@ + + + + http://localhost:1313/tags/pwn/ + + + + + + diff --git a/public/tags/tutorial/index.html b/public/tags/tutorial/index.html index 88eb4ea..09d71d9 100644 --- a/public/tags/tutorial/index.html +++ b/public/tags/tutorial/index.html @@ -631,6 +631,147 @@

Tuto + + + + + + + + + +
+ +
+
+ +
PWN environment setup on Win11 using WSL2
+ + + +
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + ·3 mins + + + + +
+ + + + + +
+ + + + + + + + + + + + + + + + Pwn + + + + + + + + Blog + + + + + + + + Tutorial + + + + + + + +
+ + + + +
+ +
+ Setting up a binary exploitation environment on Windows 11 using WSL2 +
+ +
+ + + + + + + + + + + + + + + + + + + + diff --git a/public/tags/tutorial/index.xml b/public/tags/tutorial/index.xml index 912a3ec..5ab515c 100644 --- a/public/tags/tutorial/index.xml +++ b/public/tags/tutorial/index.xml @@ -9,7 +9,17 @@ hello@heathen.in (Aryan Gurung) hello@heathen.in (Aryan Gurung) © 2024 Aryan Gurung - Sun, 01 Sep 2024 00:00:00 +0000 + Wed, 11 Dec 2024 00:00:00 +0000 + + PWN environment setup on Win11 using WSL2 + http://localhost:1313/posts/win11-pwn-env/ + Wed, 11 Dec 2024 00:00:00 +0000 + hello@heathen.in (Aryan Gurung) + http://localhost:1313/posts/win11-pwn-env/ + Setting up a binary exploitation environment on Windows 11 using WSL2 + + + A Plunge into Low Level http://localhost:1313/posts/a-plunge-into-lower-level/ diff --git a/resources/_gen/images/posts/win11-pwn-env/featured_hu12059272893085827353.png b/resources/_gen/images/posts/win11-pwn-env/featured_hu12059272893085827353.png new file mode 100644 index 0000000..cbc056c Binary files /dev/null and b/resources/_gen/images/posts/win11-pwn-env/featured_hu12059272893085827353.png differ diff --git a/resources/_gen/images/posts/win11-pwn-env/featured_hu12450813906614915158.png b/resources/_gen/images/posts/win11-pwn-env/featured_hu12450813906614915158.png new file mode 100644 index 0000000..03cffe0 Binary files /dev/null and b/resources/_gen/images/posts/win11-pwn-env/featured_hu12450813906614915158.png differ