Tuesday, September 30, 2008

An effective exploit environment?

In order to get quick dev done in a mixed environment, and cater to my script driven, vi focused existance, I've created this frankenstien vista-cygwin monster. I realize just how involved this system is every time someone asks me to show them how to turn windows into a productive exploit dev environment.

Previously, I've posted a pretty solid windbd cheat sheet, along with a layout for the screen. Today, I'll provide my config file and show you how to load it easily. First, you can associate .WEW windbg desktop files to windbg by running windbg with the -IAS tag (as admin on vista). Now, to start windbg, you can simply double click on your WEW file. As for post-mortem, you can just load the file when it breaks.

As far as development goes, my primary tools are cygwin, the SDK, and vim. My cygwin install involves at least the following binaries:


Without rxvt, you're stuck running bash inside the standard terminal, which oddly, can't be resized inthe horizontal dimension. Pain in the tail. So I grab rxvt, and modify the cygwin.bat script to instead be:

@echo off
chdir C:\cygwin\bin rxvt.exe --font Terminal -fg white -bg black -sl 3000 -e bash -login 2>NUL

Now, you'll fire up a real, usable terminal! Next, I grab vim because without it I'm crippled. This will vary from person to person of course. Last, I nab openssh, because using winscp is a pain. I'll also set up an ssh server on the windows machine. You can find a good walkthrough for setting this up here: http://pigtail.net/LRP/printsrv/cygwin-sshd.html

It works like a charm on vista as well - my platform of choice now. Finally I've got perl/ruby, nc, and nasm to round out my general tool chain. Perl and ruby will get you through writing the majority of exploits in the awbo series in short order. Nc will be useful for when we get into exploitation over the network, and I like having nasm. It's like a safety blanket.
Add to Technorati Favorites Digg! This
Post a Comment