首先--前言
下载终端预览软件,颜值高,在 Microsoft store里下载就行了,所幸软件大小是可以接受范围,因为会默认装在 C 盘内,按网上更改下一次软件安装地点在我的电脑上是无效的,所以我没有在 Microsoft store 下载子系统,微软提供了手动下载子系统包的方法,旧版 WSL 的手动安装步骤 | Microsoft Docs,在上面直接下载.appx文件即可,下载完以后放到自己想放的文件夹,然后修改后缀名为.zip,解压缩以后点击对应的ubuntu.exe即可。
这里点一下最基本的报错:权限不足:
Permission denied,使用sudo或chmod赋予权限即可
重复配置易遇到的问题
两个问题,一样的解决方法!!!!
显示xxxx报错,然后输入一个键退出了,好像有啥错误代码,代码是一串地址,后门是几个问号。
ubuntu.exe 打开闪退
利用wsl --list --verbose查看当前电脑上子系统信息
然后看到一个或多个 running 状态的 wsl(表示配置好了)
运行wsl --unregister Ubuntu-16.04,这里更改成上面查到的相应版本的 NAME 即可,将其注销,然后再运行 Ubuntu16.04.exe 进行安装即可
成功之后打开终端预览,找到 ubuntu 进行注册。
参考大佬博客进行配置
我这里使用的是看雪大佬的博客,写的非常好,基本都可以配置成功[原创]CTF_Pwn环境搭建-Pwn-看雪论坛-安全社区|安全招聘|bbs.pediy.com,但有点小问题下面会进行说明:
ubuntu18.04 的基础配置:
python3:3.6.7
vim
git
安装 python2,直接输入python2即可,系统会自动给出代码:
sudo apt install python-minimal这里出现了一个问题,是由于DNS未配置以及软件源配置导致的下载进度贼慢以及易出错
遇到含有:Temporary failure resolving 'archive.ubuntu.com 之类的
#打开配置文件
sudo vim /etc/resolv.conf
#添加相关解析
nameserver 114.114.114.114
nameserver 8.8.8.8
#关掉重启复原,不关掉下次重启又变成默认了,在这上面吃了好几次苦头了
sudo vim /etc/wsl.conf: #打开
[network] #添加
generateResolvConf = false
#后来发现上面的没啥用,找到了这样一条回答
编辑 /etc/systemd/resolved.conf 这个文件,把 DNS 那一行解开注释
#我也不知道上面有没有用,后来我还把文件全删掉重新建立赋予777权限试了一下。
ubuntu18.04 更改设置镜像源
#先备份原来的源
sudo cp /etc/apt/sources.list /etc/apt/sources.list.backup
#然后修改源
sudo vim /etc/apt/sources.list
#按d进行删除,再粘贴下列源地址:
#阿里源
deb http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
#网易源
deb http://mirrors.163.com/ubuntu/ bionic main restricted universe multiverse
deb http://mirrors.163.com/ubuntu/ bionic-security main restricted universe multiverse
deb http://mirrors.163.com/ubuntu/ bionic-updates main restricted universe multiverse
deb http://mirrors.163.com/ubuntu/ bionic-proposed main restricted universe multiverse
deb http://mirrors.163.com/ubuntu/ bionic-backports main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ bionic main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ bionic-security main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ bionic-updates main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ bionic-proposed main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ bionic-backports main restricted universe multiverse
#清华源
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic main restricted universe multiverse
deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-updates main restricted universe multiverse
deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-updates main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-backports main restricted universe multiverse
deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-backports main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-security main restricted universe multiverse
deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-security main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-proposed main restricted universe multiverse
deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-proposed main restricted universe multiverse
##中科大源
deb https://mirrors.ustc.edu.cn/ubuntu/ bionic main restricted universe multiverse
deb-src https://mirrors.ustc.edu.cn/ubuntu/ bionic main restricted universe multiverse
deb https://mirrors.ustc.edu.cn/ubuntu/ bionic-updates main restricted universe multiverse
deb-src https://mirrors.ustc.edu.cn/ubuntu/ bionic-updates main restricted universe multiverse
deb https://mirrors.ustc.edu.cn/ubuntu/ bionic-backports main restricted universe multiverse
deb-src https://mirrors.ustc.edu.cn/ubuntu/ bionic-backports main restricted universe multiverse
deb https://mirrors.ustc.edu.cn/ubuntu/ bionic-security main restricted universe multiverse
deb-src https://mirrors.ustc.edu.cn/ubuntu/ bionic-security main restricted universe multiverse
deb https://mirrors.ustc.edu.cn/ubuntu/ bionic-proposed main restricted universe multiverse
deb-src https://mirrors.ustc.edu.cn/ubuntu/ bionic-proposed main restricted universe multiverse
#更新一下
sudo apt-get update
sudo apt-get upgrade在更新的时候容易出现报错
E: Could not get lock /var/lib/dpkg/lock-frontend - open (11: Resource temporarily unavailable)
E: Unable to acquire the dpkg frontend lock (/var/lib/dpkg/lock-frontend), is another process using it?
直接删掉就行了
sudo rm /var/lib/dpkg/lock-frontendE: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)
E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?
再删
sudo rm /var/lib/dpkg/lockThe following packages were automatically installed and are no longer required:
libdumbnet1 libfreetype6
Use 'sudo apt autoremove' to remove them.
E: Could not get lock /var/cache/apt/archives/lock - open (11: Resource temporarily unavailable)
E: Unable to lock directory /var/cache/apt/archives/
按照它的提示操作
sudo apt autoremoveE: Could not get lock /var/cache/apt/archives/lock - open (11: Resource temporarily unavailable)
E: Unable to lock directory /var/cache/apt/archives/
不要慌,胜利就在前方,继续删除
sudo rm /var/cache/apt/archives/lock然后就可以正常进行更新了,5分钟作用就可以更新保存完毕了,再进行基础配件的安装。
安装pip
#更新软件包列表
sudo apt update
#为python2及其依赖安装pip
sudo apt install python-pip
#查询版本
pip --version
#为Python 3安装pip
sudo apt install python3-pip继续安装 python
直接使用它给出来的三个命令
sudo apt install python3
sudo apt install python
sudo apt install python-minimal这里很多人用不习惯 python2的话,可以进一步配置:
!!!!!!注意!!!千万不要将系统自带的python3.6环境卸载,否则将面临很大的隐患,可能得像我一样重新装系统。!!!!!!
#添加PPA(Personal Package Archive 个人包档案)
sudo add-apt-repository ppa:jonathonf/python-3.8
#检查apt-get更新,通过软链命令安装Python3.8
sudo apt-get update
sudo apt-get install python3.8
#更换系统默认的软链命令
sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.6 1
sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.8 2
#Python版本的切换
sudo update-alternatives --config python3
#升级好Python版本后,需要升级pip命令版本,否则安装时也还会报错
python3 -m pip install --upgrade pip
==>Successfully installed pip-22.1接下来是设置python软链接
#查看当前系统默认python版本
python --version
#查看python3
whereis python3
#删除原有python2的软连接
sudo rm /usr/bin/python
#新建python3的软连接
sudo ln -s /usr/bin/python3.8 /usr/bin/python
#重新查看默认的python版本
python --version安装pwntools
博客上是python2版本的,我们使用python3,直接上pwntools文档上查看下下载方式:
apt-get update
apt-get install python3 python3-pip python3-dev git libssl-dev libffi-dev build-essential
python3 -m pip install --upgrade pip
python3 -m pip install --upgrade pwntools在更新的时候又报错了
Traceback (most recent call last):
File "/usr/lib/cnf-update-db", line 8, in
from CommandNotFound.db.creator import DbCreator
File "/usr/lib/python3/dist-packages/CommandNotFound/db/creator.py", line 11, in
import apt_pkg
ModuleNotFoundError: No module named 'apt_pkg'
Reading package lists... Done
E: Problem executing scripts APT::Update::Post-Invoke-Success 'if /usr/bin/test -w /var/lib/command-not-found/ -a -e /usr/lib/cnf-update-db; then /usr/lib/cnf-update-db > /dev/null; fi'
E: Sub-process returned an error code
解决方法:
# 创建一个软链接
cd /usr/lib/python3/dist-packages
sudo ln -s apt_pkg.cpython-36m-x86_64-linux-gnu.so apt_pkg.so切换了国内源的话速度会非常快!!
安装pwntools最后一步又报错了
distutils.errors.DistutilsExecError: command 'x86_64-linux-gnu-gcc' failed with exit status 1
大概是因为模块对系统库的依赖有问题,可以执行以下命令更新:
sudo apt-get update
sudo apt-get install libffi-dev g++ libssl-dev然后:
The following packages were automatically installed and are no longer required:
libdumbnet1 libfreetype6
Use 'sudo apt autoremove' to remove them.
sudo apt autoremove然而并没有什么用,重新安装pwntools的时候还是报错了,网上说是依赖没有装全,再装一下试试:
sudo apt-get install build-essential python3-dev libssl-dev libffi-dev libxml2 libxml2-dev libxslt1-dev zlib1g-dev然后进行安装就成功了,虽然有WARNING,但是这个东西约等于没错。
检验是否安装成功
打开 python,输入from pwn import *看看是否有报错即可。
gdb
gdb安装
直接输入gdb看看有没有安装,发现没有并给出了安装命令
sudo apt install gdb再次gdb试试,发现成功!
peda/pwngdb/gef
这是常见的gdb的三个插件,配合gdb使用可以提升调试效率。
pwndbg
git clone https://github.com/pwndbg/pwndbg
cd pwndbg
./setup.shpeda
git clone https://github.com/longld/peda.git ~/peda
echo "source ~/peda/peda.py" >> ~/.gdbinit
echo "DONE! debug your program with gdb and enjoy"gef
方法一:
wget -q -O- https://github.com/hugsy/gef/raw/master/gef.sh | sh
方法二:
wget -q -O ~/.gdbinit-gef.py https://github.com/hugsy/gef/raw/master/gef.py
echo source ~/.gdbinit-gef.py >> ~/.gdbinit
备用方法:
wget -q -O "$HOME/.gdbinit-gef.py" https://github.com/hugsy/gef/raw/master/gef.py
test -f "$HOME/.gdbinit" && mv "$HOME/.gdbinit" "$HOME/.gdbinit.old"
echo "source $HOME/.gdbinit-gef.py" > "$HOME/.gdbinit"因为在同一时刻只能使用一种插件,而且在解决不同类型的题目时使用不同的插件,因此需要配置三种插件的快捷切换。aptx4869_li师傅给出了一款 GDB 控制插件,在这之前注释掉.gdbinit文件:
vim ~/.gdbinit
#把原本的 source 注释掉,现在的状态是没有选择插件。
#加一个可以识别的字符串,随便啥都行,做个标志而已
# this place is controled by user's shell下面就是控制脚本:
#!/bin/bash
function Mode_change {
name=$1
gdbinitfile=~/.gdbinit #这个路径按照你的实际情况修改
# gdbinitfile=/root/Desktop/mode
peda="source ~/peda/peda.py" #这个路径按照你的实际情况修改
gef="source ~/.gdbinit-gef.py" #这个路径按照你的实际情况修改
pwndbg="source ~/pwndbg/gdbinit.py" #这个路径按照你的实际情况修改
sign=$(cat $gdbinitfile | grep -n "#this place is controled by user's shell")
#此处上面的查找内容要和你自己的保持一致
pattern=":#this place is controled by user's shell"
number=${sign%$pattern}
location=$[number+2]
parameter_add=${location}i
parameter_del=${location}d
message="TEST"
if [ $name -eq "1" ];then
sed -i "$parameter_del" $gdbinitfile
sed -i "$parameter_add $peda" $gdbinitfile
echo -e "Please enjoy the peda!\n"
elif [ $name -eq "2" ];then
sed -i "$parameter_del" $gdbinitfile
sed -i "$parameter_add $gef" $gdbinitfile
echo -e "Please enjoy the gef!\n"
elif [ $name -eq "3" ];then
sed -i "$parameter_del" $gdbinitfile
sed -i "$parameter_add $pwndbg" $gdbinitfile
echo -e "Please enjoy the pwndbg!\n"
else
sed -i "$parameter_del" $gdbinitfile
echo -e "Please enjoy pure gdb!"
fi
}
echo -e "Please choose one mode of GDB?\n1.peda 2.gef 3.pwndbg 4.pure_gdb"
read -p "Input your choice:" num
if [ $num -eq "1" ];then
Mode_change $num
elif [ $num -eq "2" ];then
Mode_change $num
elif [ $num -eq "3" ];then
Mode_change $num
elif [ $num -eq "4" ];then
Mode_change $num
else
echo -e "Error!\nPleasse input right number!"
fi
gdb $1 $2 $3 $4 $5 $6 $7 $8 $9
还有安装方法:
echo $PATH
# 找一个系统变量指向的路径即可,我这里是/usr/local/sbin
cd /usr/local/sbin
# 安一个文件
sudo touch gdb.sh
# 赋予权限
sudo chmod -R 777 gdb.sh
# 将脚本放进去即可
vim gdb.sh
ctrl + v如果之后使用不了,将.gdbinit照下列设计
#.gdbinit
set disassembly intel
#this place is controled by user's shell
#source ~/peda/peda.py
#source /home/hack/.gdbinit-gef.py
#source ~/pwndbg/gdbinit.py要用哪个就把哪个前面的注释符号去掉就行。
很神奇的事情,有天晚上发现上面的脚本使用不了搞了两个多小时都无济于事,准备放弃了,然后将.gdbinit照上面改完以后突然又可以用了。。。
hack@QC-20210627LTVJ:~$ gdb.sh
Please choose one mode of GDB?
1.peda 2.gef 3.pwndbg
Input your choice:1
Please enjoy the peda!
GNU gdb (Ubuntu 8.1.1-0ubuntu1) 8.1.1
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word".
gdb-peda$
[5]+ Stopped gdb.sh
hack@QC-20210627LTVJ:~$ gdb.sh
Please choose one mode of GDB?
1.peda 2.gef 3.pwndbg
Input your choice:2
Please enjoy the gef!
GNU gdb (Ubuntu 8.1.1-0ubuntu1) 8.1.1
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word".
GEF for linux ready, type `gef' to start, `gef config' to configure
93 commands loaded for GDB 8.1.1 using Python engine 3.6
[*] 3 commands could not be loaded, run `gef missing` to know why.
gef➤
[6]+ Stopped gdb.sh
hack@QC-20210627LTVJ:~$ gdb.sh
Please choose one mode of GDB?
1.peda 2.gef 3.pwndbg
Input your choice:3
Please enjoy the pwndbg!
GNU gdb (Ubuntu 8.1.1-0ubuntu1) 8.1.1
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word".
pwndbg: loaded 198 commands. Type pwndbg [filter] for a list.
pwndbg: created $rebase, $ida gdb functions (can be used with print/break)
pwndbg>
[7]+ Stopped gdb.sh报错
Cloning into 'pwndbg'...
fatal: unable to access 'https://github.com/pwndbg/pwndbg/': Could not resolve host: github.com
就是网络错误,国内对github的访问太慢了,科学上网进行克隆。这边我瞎配置一段时间后错误,看到网上的文章自检出来了:
1、看看你的git配置
git config --global -l如果有,将其从
~/.gitconfig文件中删除,然后重试。取消设置环境变量
env|grep -i proxy
遇到下面报错也别慌,是网速原因:
Cloning into 'ROPgadget'...
fatal: unable to access 'https://github.com/JonathanSalwan/ROPgadget.git/': gnutls_handshake() failed: The TLS connection was non-properly terminated.
多尝试几遍就行了。
32位程序支持
必装的,不然等你碰到ELF.32bit运行不出来的时候有你傻眼的:
apt-get install libc6-dev-i386arm的pwn环境qemu
sudo apt-get install qemu
sudo apt-get install qemu-system qemu-user-static binfmt-support安装依赖:
sudo apt-get install -y gcc-arm-linux-gnueabi
sudo apt-get install qemu libncurses5-dev gcc-arm-linux-gnueabi build-essential gdb-arm-none-eabi synaptic gcc-aarch64-linux-gnu eclipse-cdt gitLibcSearcher
泄露libc库中函数的偏移的库,建议安装,可以节省时间,提高效率。
sudo pip install capstone
git clone https://github.com/lieanu/LibcSearcher.git
cd LibcSearcher
python setup.py developROPgadget和one_gadget
ROPgadget是用来找gadget的,one_gadget用来寻找libc库中的execve('/bin/sh', NULL, NULL)可以一个gadget就可以getshell,建议安装。
# 先安装Capstone,它是一个轻量级的多平台架构支持的反汇编架构。
sudo apt-get install python-capstone
#安装ROPgadget
git clone https://github.com/JonathanSalwan/ROPgadget.git
#进入
cd ROPgadget
# 下载好ROPgadget解压,并进入文件夹中
python setup.py install
#安装one_gadget
sudo apt install ruby
gem install one_gadget最后:
sudo apt-get update
sudo apt-get upgrade以上就是wsl下ubuntu18.04LTS的pwn环境配置细节,感谢观看!
