09 Feb 2020

Debugging Notes - GDP Cheatsheet

Debugging Notes: GDB Cheatsheet

info reg : display the register state.

inforeg

info func : display the functions in the program

inforeg

disass functionname : disassemble a function.

disassfunc

break *0x080484d4 : set a breakpoint at an interesting location. In this example the “checkpass” function looks interesting. We use r to let the program run up to the breakpoint.

break

We can confirm that the instruction pointer is in fact pointing to the address configured in our breakpoint:

inforegbp

info break : displays the breakpoints we have set.

del {breakpoint number from info break} : to remove a breakpoint.

x/20w $esp : display 20 words starting at the stack pointer.

inspectstack

x/32b $esp : display in bytes

inspectstackbytes

x/s 0x80488a6 : display string at the specified address.

In this example, i used x/i {address} see something interesting being moved into the EAX register in a function id found with info func. Because the challenge is password related this makes me wonder if the developer is moving the password into a register to compare it to the user input:

inspectstring

run < <(python -c 'print "A" * 612 + "\x6f\x85\x04\x08"') : start the program with input piped from python. (Important to note there is a space between the < characters)

Note in this case, this is the eventual answer to this debug challenge and you can see that it would ultimately redirect execution to the access granted function that displays the password (the flag is {dropbear}).

pythoninput

Some other misc commands: print $esp : print a register of your choosing. print system : system address

set diasassembly-flavor intel : change to intel (usual in Windows) set diasassembly-flavor att : change to intel (usual in Linux)

Thanks!
Chad Duffey

Security Engineer