Skip to content

Instantly share code, notes, and snippets.

@TheFlash2k

TheFlash2k/pwn-setup.sh

Last active February 11, 2024 22:25
Show Gist options
  • Save TheFlash2k/4cc604942cc506646e77fecce0ab00d4 to your computer and use it in GitHub Desktop.
Save TheFlash2k/4cc604942cc506646e77fecce0ab00d4 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
pwn-setup.sh
#!/bin/bash
username=$(cat /etc/passwd | grep 1000 | cut -d ':' -f1)
if [[ -z $username ]]; then $username="root"; fi
sudo dpkg --add-architecture i386
sudo apt-get update
sudo apt update
sudo apt install -y libc6:i386 libncurses5:i386 libstdc++6:i386 snapd gcc g++ build-essential python3 python3-pip gpg ruby strace ltrace ruby-dev liblzma-dev liblzo2-dev zlib1g-dev nasm bless unzip p7zip-full cmake libcapstone-dev autoconf g++-multilib gcc-multilib curl wget git python2 docker.io docker-compose patchelf gdb dos2unix elfutils bat screen tmux libseccomp-dev
sudo ln $(which batcat) /usr/bin/bat
curl https://bootstrap.pypa.io/pip/2.7/get-pip.py --output /tmp/get-pip.py
sudo python2 /tmp/get-pip.py
echo "[*] Installing GDB Plugins"
git clone https://github.com/pwndbg/pwndbg /opt/pwndbg
cd /opt/pwndbg
./setup.sh
git clone https://github.com/longld/peda.git /opt/peda
mkdir /opt/gef/
wget -O /opt/gef/gef.py https://github.com/hugsy/gef/raw/main/gef.py
cat >> ~/.gdbinit <<EOF
define init-peda
source /opt/peda/peda.py
end
document init-peda
Initializes the PEDA (Python Exploit Development Assistant for GDB) framework
end
define init-pwndbg
source /opt/pwndbg/gdbinit.py
end
document init-pwndbg
Initializes PwnDBG
end
define init-gef
source /opt/gef/gef.py
end
document init-gef
Initializes GEF (GDB Enhanced Features)
end
EOF
tools=( "peda" "pwndbg" "gef" )
for tool in ${tools[@]}; do
echo "exec gdb -q -ex init-$tool \"\$@\"" | sudo tee /usr/bin/gdb-$tool
echo "exec gdb -q -ex init-$tool \"\$@\"" | sudo tee /usr/bin/$tool
sudo chmod +x /usr/bin/gdb-$tool /usr/bin/$tool
done
# Changing perms of /opt to $username
sudo chown -r $username:$username /opt/
echo "[*] Enabling coredump..."
sudo sysctl -w kernel.core_pattern=core.%p
echo "[*] Pasting in script for aslr controlling..."
echo 'IyEvYmluL2Jhc2gKCiMgRGVmYXVsdCBNb2RlOiAyCiMgTU9ERVM6CiMJMCAtIGRpc2FibGUKIyAgICAgICAxIC0gc3RhY2sgYW5kIGNvZGUgc2VnbWVudAojICAgICAgIDIgLSBzdGFjaywgY29kZSBhbmQgZGF0YSBzZWdtZW50IChkZWZhdWx0KQoKIyBPcHRpb25zOgojIGFzbHIgb24gIyAyCiMgYXNsciBzdGFjayAjIDEKIyBhc2xyIG9mZiAjIDAKCmZ1bmN0aW9uIHVzYWdlKCkgewoJZWNobyAiVXNhZ2U6IGFzbHIgPG1vZGU+IFtvZmZ8c3RhY2t8b25dIgoJZWNobyAtZSAiQXZhaWxhYmxlIG1vZGVzOlxuXHRvZmYgICA9PiAwXG5cdHN0YWNrID0+IDFcblx0b24gICAgPT4gMiIKfQoKZnVuY3Rpb24gZ2V0X21vZGUoKXsKCWlmIFtbIC16ICQxIF1dOyB0aGVuIHJldHVybiAwOyBmaQoJaWYgW1sgJDEgLWVxIDAgXV07IHRoZW4gZWNobyAtbiAiT2ZmIgoJZWxpZiBbWyAkMSAtZXEgMSBdXTsgdGhlbiBlY2hvIC1uICJPbiBbTGltaXRlZF0iCgllbGlmIFtbICQxIC1lcSAyIF1dOyB0aGVuIGVjaG8gLW4gIk9uIgoJZWxzZSBlY2hvIC1uICJVbmtub3duIjsgZmkKfQoKY3VycmVudD0kKHN5c2N0bCAtYSAtLXBhdHRlcm4gInJhbmRvbWl6ZSIgfCByZXYgfCBjdXQgLWQgJyAnIC1mIDEpCgojIGVjaG8gMCB8IHN1ZG8gdGVlIC9wcm9jL3N5cy9rZXJuZWwvcmFuZG9taXplX3ZhX3NwYWNlCgppZiBbWyAteiAkMSBdXTsgdGhlbiBlY2hvICJbKl0gQ3VycmVudCBhc2xyIG1vZGU6ICRjdXJyZW50IFskKGdldF9tb2RlICRjdXJyZW50KV0iOyBleGl0IDA7IGZpCgpfbW9kZT0iJDEiCmlmIFtbICIkX21vZGUiID09ICJvZmYiIF1dOyB0aGVuCgltb2RlPTAKZWxpZiBbWyAiJF9tb2RlIiA9PSAic3RhY2siIF1dOyB0aGVuCgltb2RlPTEKZWxpZiBbWyAiJF9tb2RlIiA9PSAib24iIF1dOyB0aGVuCgltb2RlPTIKZWxzZQoJZWNobyAiSW52YWxpZCBtb2RlIFwiJG1vZGVcIiIKCXVzYWdlCglleGl0IDEKZmkKCmlmIFtbICRtb2RlIC1lcSBjdXJyZW50IF1dOyB0aGVuCgllY2hvICJbeF0gQXNsciBtb2RlIGlzIGFscmVhZHkgc2V0IHRvICQoZ2V0X21vZGUgJGN1cnJlbnQpIFskY3VycmVudF0iCmVsc2UKCWVjaG8gIlsqXSBDaGFuZ2luZyBtb2RlIGZyb20gJChnZXRfbW9kZSAkY3VycmVudCkgdG8gJChnZXRfbW9kZSAkbW9kZSkiCglfbz0kKGVjaG8gJG1vZGUgfCBzdWRvIHRlZSAvcHJvYy9zeXMva2VybmVsL3JhbmRvbWl6ZV92YV9zcGFjZSkKCWlmIFtbICRfbyAtZXEgJG1vZGUgXV07IHRoZW4KCQllY2hvICdbK10gRG9uZSEnCgllbHNlCgkJZWNobyAiWypdIEFuIGVycm9yIG9jY3J1cmVkOiAkX28iCgkJZXhpdCAxCglmaQpmaQo=' | base64 -d > /opt/to_path/aslr
wget https://github.com/io12/pwninit/releases/download/3.3.0/pwninit -O /opt/to_path/pwninit
## Pip Packages
pip3 install argparse pwntools prompt_toolkit ropper ROPGadget angr IPython
wget -O /opt/to_path/func_addr https://gist.githubusercontent.com/TheFlash2k/198bb805b3591e27b9bf9fc17bee4c4a/raw/6242bf555161a7c398a28402af95b1af3aaea1ee/func_addr.py
chmod +x /opt/to_path/*
## Installing tools:
#### Rust:
curl https://sh.rustup.rs -sSf | sudo sh
####### Ninja:
wget https://github.com/ninja-build/ninja/releases/download/v1.11.1/ninja-linux.zip -O /tmp/ninja.zip
unzip /tmp/ninja.zip
sudo mv /tmp/ninja /usr/bin/ninja && sudo chmod +x /usr/bin/ninja
####### RP++
git clone https://github.com/0vercl0k/rp /opt/rp
cd /opt/rp/src/build
chmod u+x ./build-release.sh && ./build-release.sh
sudo mv /opt/rp/src/build/rp-lin /usr/bin/rp++
#### kexec-tools
git clone https://github.com/horms/kexec-tools /opt/kexec-tools
cd /opt/kexec-tools
./bootstrap
sudo ./configure --prefix=/usr/local
sudo make install
#######
## installing cutter:
## for ubuntu 20
echo 'deb http://download.opensuse.org/repositories/home:/RizinOrg/xUbuntu_20.04/ /' | sudo tee /etc/apt/sources.list.d/home:RizinOrg.list
curl -fsSL https://download.opensuse.org/repositories/home:RizinOrg/xUbuntu_20.04/Release.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/home_RizinOrg.gpg > /dev/null
## for 22:
# echo 'deb http://download.opensuse.org/repositories/home:/RizinOrg/xUbuntu_22.04/ /' | sudo tee /etc/apt/sources.list.d/home:RizinOrg.list
# curl -fsSL https://download.opensuse.org/repositories/home:RizinOrg/xUbuntu_22.04/Release.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/home_RizinOrg.gpg > /dev/null
## Adding repos:
## installing hexeditor:
sudo add-apt-repository ppa:chipmunk.sm/ppa
sudo apt update
sudo apt install -y cutter-re hexeditor
curl -fsSL https://code-server.dev/install.sh | sh
## Snap-based
sudo snap install sublime-text --classic
sudo snap install code --classic
sudo snap install ghidra --classic
## installing gem-based projects:
sudo gem install heapinfo one_gadget seccomp-tools
## Tools from github:
git clone https://github.com/niklasb/libc-database /opt/libc-database
sudo ln -s /opt/libc-database /home/pwn/.libc-database
git clone https://github.com/mariuszskon/autorop /opt/autorop
cd /opt/autorop
sudo python3 setup.py install
git clone https://github.com/matrix1001/heapinspect /opt/heapinspect
git clone https://github.com/matrix1001/nadbg /opt/nadbg
git clone https://github.com/Boyan-MILANOV/ropium /opt/ropium && cd /opt/ropium
make
make test
sudo make install
## Repos:
git clone https://github.com/Adamkadaban/LearnPwn ~/Documents/LearnPwn
git clone https://github.com/Bretley/how2exploit_binary ~/Documents/how2exploit_binary
git clone https://github.com/enovella/exploitrainings ~/Documents/exploitrainings
git clone https://github.com/alanvivona/pwnshop ~/Documents/pwnshop
git clone https://github.com/rosehgal/BinExp ~/Documents/BinExp
git clone https://github.com/lumenthi/rainfall ~/Documents/rainfall
git clone https://github.com/C-Chafik/override ~/Documents/override
git clone https://github.com/pmihsan/Security-Attacks ~/Documents/Security-Attacks
git clone https://github.com/ommadawn46/stack-bof ~/Documents/stack-bof
git clone https://github.com/bkerler/exploit_me ~/Documents/exploit_me
git clone https://github.com/Crypto-Cat/CTF ~/Documents/Crypto-Cat
git clone https://github.com/guyinatuxedo/nightmare/ ~/Documents/nightmare
git clone https://github.com/guyinatuxedo/ctf ~/Documents/guyinatuxedo-ctf
git clone https://github.com/ir0nstone/pwn-notes ~/Documents/pwn-notes
git clone https://github.com/LMS57/TempleOfPwn/ ~/Documents/TempleOfPwn
git clone https://github.com/scwuaptx/HITCON-Training ~/Documents/HITCON-Training
cd ~/Documents/Crypto-Cat
ls | grep -v "pwn" | xargs rm -rf
mv pwn/* . && rm -rf pwn .git/ .gitignore
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment