Setting Up An Exploit Development Lab

Key Takeaways

[Music] hey guys hack exploit here back again with another video and welcome back to the exploit development series now in the previous video we talked about generating shell code with the metasploit framework or msf venom as it's uh so called and in this video we're going to be looking at setting up our exploit development lab so the purpose of this video is to essentially get you all up and running so you can start developing your own exploits and work with shell code so we're going to be looking at installing your debuggers and your compilers etc etc so this video is going to be about two to three configurations depending on playing this as we go so uh you can consider this a complete uh lab setup for the purpose of exploit development so i'm going to be using kali as my attacker operating system or you can use any other penetration testing distribution so you can use kali parrot uh backtrack or whatever you want to use and then i'm going to be using ubuntu as my linux target so you can set up an ubuntu an ubuntu instance this is ubuntu 16.04 i believe if i'm not wrong and i'm running uh and i'm running uh the latest version of kali i know it tells you that i'm running 2017.3 uh but i just keep on upgrading this virtual machine as i move along so it's running the latest packages and for our windows target uh virtual machine i'm using windows 7 and i'll be showing you how to set that up in the next set of videos so this video is going to be focusing on primarily setting up your attacker operating system and your linux target uh so without any further ado let's get started so on your attacker operating system uh the most important thing that you need to have is your new compiler your new c compiler or gcc as it's commonly referred to as all right so to install gcc is really very simple that's if you are using a different distribution that doesn't have it installed if you are running cali or parrot gcc should be installed and let me just open up the help menu right over here and if you just scroll to the top you can go ahead and look at all the options available in regards to this tool now of course we'll be taking a look at all of this and some of you might or already have experience with this tool and that's fantastic so we'll be looking at how to use the new compiler now if if you do not know how to install it it's really very simple make sure you're using the latest uh make sure you're using the latest um you're using the latest sources list so that you are able to get this and this is available in the kali sources so for some reason if you don't have it in your kali installation it's very simple so you can use the sudo apt-get install gcc command and that's going to install the new c compiler for you as you can see i already have it installed and it's gonna install all the dependencies for you uh that you need for this tool etc and you can then move along uh the next thing that you will need is you will need a python installation uh preferably a python 2 installation and i'll get to this uh as we move along later in later in the series when we talk about x-play development so we'll be looking at that as well so make sure you have python preferably python 2 although python 3 should work for this and i will be updating you on that all right and the final thing that you need is you need to have the metasploit framework or the metasploit console installed and you have to make sure that your database is updated completely as we will be looking at the different exploits and how they work so that we can create our own all right so make sure you have the metasploit framework or the console installed on your penetration testing distribution or if you choose to use any other linux distribution all right so this is going to be our attacker operating system and once you have all of that ready we are pretty much good to go on that front uh now when you talk about configuring our target linux operating system here which is what we're going to be using to attack so this is going to be our base uh linux system that we will be attacking uh so we need to essentially install a few things here we need to install a debugger and the the the debugger that we are using is the edb debugger and i'll explain why we aren't using the immunity debugger for linux as we move along but for now just make sure you have a debug installed and of course for those of you who are experienced in this you pretty much already have your own favorites so make sure you have that installed so if you want to install edb debugger it's really very simple i'll be posting the links in the description so you can go ahead and check them out for yourself and by the way since this is going to be our target operating system you can sort of minimize the resources that you do uh give to this operating system so you can probably reduce the amount of ram that you have allocated to it and that's for the people who are using computers that do not have a lot of ram so you can give it about you know 5 12 to 10 24 megabytes um you know so a half a gigabyte to a gigabyte of ram that should be good uh but of course you will need uh you will need a bit as you set it up because ubuntu as you know does not work very well especially the later versions in low with low amounts of ram so uh when setting up i'll be posting the github rep uh the github repo and i'll be posting the wiki right over here that will help you get it installed on ubuntu now of course you can configure your own target with any linux uh kernel or any linux distribution uh so you can use debian if you want and the process will be pretty much the same so as you can see edb the edb is essentially a cross-platform arc uh where we have 32-bit uh 64-bit debucker which is what we want and uh now essentially when it comes down to installing it you can go ahead and look at the screenshots right over here and as you can see it works on as you can see it works on linux and it isn't available on any other operating system and as far as i know as you can see the windows ports are underway with varying degrees of functionality so yeah this is pretty much a linux exclusive at the at the moment and i'll be keeping you updated with that as well so when it comes down to the installation of edb debugger what i would recommend if this is your first time is not to just go ahead and clone the repository because you do have to compile and build it is you need to go into the uh the compile page which i will post in the description so you want to make sure you want to make sure you select the correct compilation uh guide here for the different distribution that you you may be using so you have debian uh you have fedora and you have ubuntu all right so the first thing you want to do if you are running ubuntu is you need to make sure you have the dependencies installed and that can be done right over here by simply copying this command here and that is used to step down or to essentially add further arguments which in this case is essentially installing everything right over here so you can simply just paste that and i'll do that right now although i do have all of the packages installed let me just enter my password right over here and you want to just go ahead and let that install so give that a few seconds it shouldn't take too much time there we are and i have all the dependencies installed that's the most important thing now when it comes down to building and running edb you want you want to essentially clone the repository so you can go ahead and clone it to whatever directory you want i already have mine on my desktop here so if i just go two steps back here on my desktop and let me just list the files in here you can see i have the edb debugger directory right over here so once you've cloned it you want to change your directory into the edb debugger folder and you hit enter and once that's done you essentially want to create a new folder called build which i already have done right over here there we are build right over there and after you've created it you want to change your directory into the build directory right over here and once that is done you want to then perform a cmake on it which will start the compilation process and then after that's done you want to hit make and once that's done that's going to give you your executable here so if i list it right over here you can see we have the edb executable here which can be launched directly directly from the terminal now i do recommend that you run this from root so uh sudo bash let me just run that or you can you can essentially uh sudo the uh the executable itself so once that's done uh if i just list the files one more time you can see it still exists so i'm just going to run edb and that what that is going to essentially uh make sure it provides is give us the entire interface that edp comes with so just give that a few seconds to launch as you can see that is edp version one and once that is started you can go ahead and start uh looking at the uh the various interfaces that it does give us so you have your registers bookmarks etc and the data damp and you have your debugger error console the error console here and you can also analyze the stack we'll be looking at all of this so don't worry if this is new to you all right so for example i can essentially open the edb executable here and we can go ahead and analyze it or debug it directly from here so if i just go to my desktop right over here and go into edb debugger and go to the build folder and i look for the edb executable and open it up right over here in adb or the edb debugger you can see right over here we have the executable running and we can go ahead and debug it and understand how it is essentially running and this is very important because we'll be looking at how uh you know certain programs have certain vulnerabilities and we'll be taking a look at how code can be inserted etc etc all right so once you have your edb debugger installed on linux we pretty much are good to go on the linux front and anything further than this i'll be explaining as we move along so that i don't confuse you you know before we actually move uh in the right direction now as i mentioned uh i am still looking at a definitive solution for the uh for actually creating a windows target uh primarily what you will need is you will need a debugger on that as well and they're the most recommended one that i do recommend for windows based operating systems is the immunity debugger most of you already know about that and you will need a the new c compiler which is uh provided by the codeblocks ide i believe so i'll be showing you how to set that up when we start uh working on linux uh sorry windows exploits all right so that is pretty much what i wanted to cover in this video so i just wanted to get you guys up and running with your environment and making sure you have all the tools that we'll need so that we avoid any confusion or any uh any sort of misunderstandings as we move along that being said that is going to be it for this video guys thank you so much for watching and thank you so much for the support on the channel we have finally hit 200 000 subscribers and that means a lot to me because again that also is another form of responsibility which means i am liable to you guys and my job now is to provide you with the best information and the best videos in terms of quality and information and knowledge as as as i can so again once again thank you so much for watching this video if you have any questions or suggestions let me know in the comment section on my social networks or on my website and i'll be sure to get back to you on any of those platforms so i'll be seeing you in the next video you