ubuntu配置记录(原 wsl搞崩了,重装) Surager

wsl重装

序言

今天打misc红包题,最后一关pwn给我了,我随手写了个脚本(高看了自己,以为自己ret2libc可以轻松拿下),然后命名为pwn.py,运行,然后,boom!pwntools给搞崩了。然后我以为重新安装就行了,于是:

pip uninstall pwntools

sudo pip install pwntools -i https://pypi.tuna.tsinghua.edu.cn/simple some-package

然后出现no moudle named pwn,我直接傻了。幸好没对虚拟机下手这么快,不然就直接GG。

反正Kali linux用着实在龙鸣,借此机会重装一个ubuntu。

一定不要乱命名!一定不要乱命名!一定不要乱命名!

安装 Windows Subsystem for Linux

wsl最好到官网下载,这样可以安装到非系统盘,占空间比较少。

https://docs.microsoft.com/en-au/windows/wsl/install-manual

下载.appx,把后缀名改成.zip,解压后运行。

如果安装到系统盘想迁移出来,也行,有个工具:

[https://github.com/DDoSolitary/LxRunOffline/releases(https://github.com/DDoSolitary/LxRunOffline/releases)

具体使用方法如下:

.\LxRunOffline list # 查看已经安装的linux子系统

.\LxRunOffline move -n Ubuntu-18.04 -d E:\ubuntu18 # -n+系统名 -d+迁移地址
# 时间较长,耐心等待。

.\LxRunOffline get-dir Ubuntu-18.04 查看地址

基本工具安装

换系统源

先把源给换了:

surager@KaliWindows:~$ sudo vi /etc/apt/sources.list

surager@KaliWindows:~$ sudo apt-get update

清华源:

deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic main restricted universe multiverse   
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-updates main restricted universe multiverse 
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-updates main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-backports main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-backports main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-security main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-security main restricted universe multiverse

Ubuntu19.04(disco dingo)已经是个没人要的弃婴了,disco仓库全部被抛弃

所以我们必须要用旧版本的release仓库进行配置:

deb http://old-releases.ubuntu.com/ubuntu/ disco main restricted universe multiverse
deb http://old-releases.ubuntu.com/ubuntu/ disco-security main restricted universe multiverse
deb http://old-releases.ubuntu.com/ubuntu/ disco-updates main restricted universe multiverse
deb http://old-releases.ubuntu.com/ubuntu/ disco-proposed main restricted universe multiverse
deb http://old-releases.ubuntu.com/ubuntu/ disco-backports main restricted universe multiverse
deb-src http://old-releases.ubuntu.com/ubuntu/ disco main restricted universe multiverse
deb-src http://old-releases.ubuntu.com/ubuntu/ disco-security main restricted universe multiverse
deb-src http://old-releases.ubuntu.com/ubuntu/ disco-updates main restricted universe multiverse
deb-src http://old-releases.ubuntu.com/ubuntu/ disco-proposed main restricted universe multiverse
deb-src http://old-releases.ubuntu.com/ubuntu/ disco-backports main restricted universe multiverse

虽然慢点,但是为了配置libc2.29就忍了吧。

安装python

python2和3

surager@KaliWindows:~$ sudo apt install python
surager@KaliWindows:~$ sudo apt install python-pip
surager@KaliWindows:~$ sudo apt install python3
surager@KaliWindows:~$ sudo apt install python3-pip

换pip源

surager@KaliWindows:~$ mkdir .pip
surager@KaliWindows:~$ cd .pip/
surager@KaliWindows:~$ touch pip.conf
surager@KaliWindows:~$ vi pip.conf

填入以下内容:

[global]
timeout = 6000
index-url = https://pypi.tuna.tsinghua.edu.cn/simple
trusted-host = pypi.tsinghua.edu.cn

执行pip install之前先把依赖给安装了。

surager@KaliWindows:~$ sudo apt-get install python-dev libffi-dev build-essential virtualenvwrapper

安装git

surager@KaliWindows:~$ sudo apt install git

安装ruby

surager@KaliWindows:~$ sudo apt install ruby

安装gdb

surager@KaliWindows:~$ sudo apt install gdb
surager@KaliWindows:~$ sudo apt install gdb-multiarch

至此,几个基本工具搞好了。

环境搭建

二进制

surager@KaliWindows:~$ sudo pip install pwntools
surager@KaliWindows:~$ sudo apt-get install "binfmt*"
surager@KaliWindows:~$ sudo apt-get install qemu-user

wsl运行32位程序需要配置

surager@KaliWindows:~$ sudo apt install qemu-user-static
surager@KaliWindows:~$ sudo update-binfmts --install i386 /usr/bin/qemu-i386-static --magic '\x7fELF\x01\x01\x01\x03\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x03\x00\x01\x00\x00\x00' --mask '\xff\xff\xff\xff\xff\xff\xff\xfc\xff\xff\xff\xff\xff\xff\xff\xff\xf8\xff\xff\xff\xff\xff\xff\xff'
surager@KaliWindows:~$ sudo dpkg --add-architecture i386
surager@KaliWindows:~$ sudo apt update
surager@KaliWindows:~$ sudo apt install gcc:i386
surager@KaliWindows:~$ sudo apt install lib32ncurses5

gdb三大插件:

peda:
surager@KaliWindows:~$ git clone https://github.com/longld/peda.git ~/peda
surager@KaliWindows:~$ echo "source ~/peda/peda.py" >> ~/.gdbinit
gef:
surager@KaliWindows:~$ git clone https://github.com/hugsy/gef
surager@KaliWindows:~$ sh ~/gef/scripts/gef.sh
surager@KaliWindows:~$ cp ~/gef/gef.py ~/
surager@KaliWindows:~$ mv ~/gef.py ~/.gdbinit-gef.py
surager@KaliWindows:~$ echo source ~/.gdbinit-gef.py >> ~/.gdbinit
pwndbg:
surager@KaliWindows:~$ git clone https://github.com/pwndbg/pwndbg
surager@KaliWindows:~$ cd pwndbg/
surager@KaliWindows:~/pwndbg$ ./setup.sh

此时运行gdb,由于三个插件刚安装好,启动发生冲突。

Type "apropos word" to search for commands related to "word".
Traceback (most recent call last):
  File "/home/surager/pwndbg/gdbinit.py", line 36, in <module>
    import pwndbg # isort:skip
  File "/home/surager/pwndbg/pwndbg/__init__.py", line 19, in <module>
    import pwndbg.commands.aslr
  File "/home/surager/pwndbg/pwndbg/commands/aslr.py", line 24, in <module>
    def aslr(state=None):
  File "/home/surager/pwndbg/pwndbg/commands/__init__.py", line 298, in __call__
    return _ArgparsedCommand(self.parser, function)
  File "/home/surager/pwndbg/pwndbg/commands/__init__.py", line 267, in __init__
    super(_ArgparsedCommand, self).__init__(function, command_name=command_name, *a, **kw)
  File "/home/surager/pwndbg/pwndbg/commands/__init__.py", line 61, in __init__
    raise Exception('Cannot override non-whitelisted built-in command "%s"' % command_name)
Exception: Cannot override non-whitelisted built-in command "aslr"

写个脚本控制启动(gdb.sh):

#!/bin/bash
function Mode_change {
        name=$1
        gdbinitfile=~/.gdbinit

        peda="source ~/peda/peda.py"
        gef="source /home/surager/.gdbinit-gef.py"
        pwndbg="source /home/surager/pwndbg/gdbinit.py"
    
        sign=$(cat $gdbinitfile | grep -n "#this place is controled by user's shell")
        pattern=":#this place is controled by user's shell"
        number=${sign%$pattern}
        location=${number+2}
    
        parameter_add=${location}i
        parameter_del=${location}d
    
        message="TEST"
    
        if [ $name -eq "1" ];then
                sed -i "$parameter_del" $gdbinitfile
                sed -i "$parameter_add $peda" $gdbinitfile
                echo -e "Please enjoy the peda!\n"
        elif [ $name -eq "2" ];then
                sed -i "$parameter_del" $gdbinitfile
                sed -i "$parameter_add $gef" $gdbinitfile
                echo -e "Please enjoy the gef!\n"
        elif [ $name -eq "3" ];then
                sed -i "$parameter_del" $gdbinitfile
                sed -i "$parameter_add $pwndbg" $gdbinitfile
                echo -e "Please enjoy the pwndbg!\n"
        fi

}

echo -e "Please choose one mode of GDB?\n1.peda    2.gef    3.pwndbg"

read -p "Input your choice:" num

if [ $num -eq "1" ];then
        Mode_change $num
elif [ $num -eq "2" ];then
        Mode_change $num
elif [ $num -eq "3" ];then
        Mode_change $num
else        
		echo -e "Error!\nPlease input right number!"
fi
gdb $1 $2 $3 $4 $5 $6 $7 $8 $9

之后放在环境变量里:

surager@KaliWindows:~$ echo $PATH
surager@KaliWindows:~$ sudo mv gdb.sh /usr/local/sbin

还需要编辑一下.gdbinit:

所有source前加'#'
后面加上#this place is controled by user's shell

测试一下:

surager@KaliWindows:~$ gdb.sh
Please choose one mode of GDB?
1.peda    2.gef    3.pwndbg
Input your choice:1
Please enjoy the peda!

gdb-peda$ q
surager@KaliWindows:~$ gdb.sh
Please choose one mode of GDB?
1.peda    2.gef    3.pwndbg
Input your choice:2
Please enjoy the gef!

GEF for linux ready, type `gef' to start, `gef config' to configure
77 commands loaded for GDB 8.1.0.20180409-git using Python engine 3.6
[*] 3 commands could not be loaded, run `gef missing` to know why.
gef➤  q
surager@KaliWindows:~$ gdb.sh
Please choose one mode of GDB?
1.peda    2.gef    3.pwndbg
Input your choice:3
Please enjoy the pwndbg!

pwndbg: loaded 180 commands. Type pwndbg [filter] for a list.
pwndbg: created $rebase, $ida gdb functions (can be used with print/break)
pwndbg> 

gdb中安装Pwngdb

pwngdb内有指令heapinfo,heapbase等等,而且貌似是一个初始化脚本,并不影响其他插件的使用(指的是pwngdb和pwndbg、peda、gef中的一个)

git clone https://github.com/scwuaptx/Pwngdb

之后在.gdbinit中进行配置。添加:

source ~/Pwngdb/pwngdb.py
source ~/Pwngdb/angelheap/gdbinit.py

define hook-run
python
import angelheap
angelheap.init_angelheap()
end
end

初始化后可以在任意一个插件中使用heapinfo等命令。

附完整版gdb.sh控制下的.gdbinit:

# The next line will be covered by the script `mygdb` in /usr/local/sbin, please ignore it.
source ~/pwndbg/gdbinit.py

#source /home/abc/.gdbinit-gef.py
#source /home/abc/pwndbg/gdbinit.py
#source ~/peda/peda.py

#This document is integrated by Surager.

source ~/Pwngdb/pwngdb.py
source ~/Pwngdb/angelheap/gdbinit.py

define hook-run
python
import angelheap
angelheap.init_angelheap()
end
end


#this place is controled by user's shell

安装ropper:

surager@KaliWindows:~$ sudo pip install filebytes
surager@KaliWindows:~$ sudo pip install capstone
surager@KaliWindows:~$ sudo pip install keystone-engine
surager@KaliWindows:~$ sudo pip install ropper

安装angr:

surager@KaliWindows:~$ sudo pip install angr

安装z3:

surager@KaliWindows:~$ sudo pip install z3

安装nasm:

surager@KaliWindows:~$ sudo apt install nasm

安装qemu:

surager@KaliWindows:~$ sudo apt install qemu

安装one_gadget:

surager@KaliWindows:~$ sudo gem install one_gadget

搞libcsearcher:

surager@KaliWindows:~$ git clone https://github.com/lieanu/LibcSearcher.git
surager@KaliWindows:~$ cd LibcSearcher
surager@KaliWindows:~/LibcSearcher$ sudo python setup.py develop

格式化字符串工具(不会用):

surager@KaliWindows:~$ pip install libformatstr

crypto

surager@KaliWindows:~$ sudo apt-get install libgmp-dev
surager@KaliWindows:~$ sudo apt-get install libmpfr-dev
surager@KaliWindows:~$ sudo apt-get install libmpc-dev
surager@KaliWindows:~$ pip install gmpy
surager@KaliWindows:~$ pip install gmpy2
surager@KaliWindows:~$ pip install sympy

Web

wsl配web很龙鸣,不弄。

Misc

surager@KaliWindows:~$ sudo apt install binwalk
surager@KaliWindows:~$ sudo apt install steghide
surager@KaliWindows:~$ sudo apt install foremost
surager@KaliWindows:~$ sudo apt install steghide
surager@KaliWindows:~$ sudo gem install zsteg

好玩的

ipython——方便的python shell:

surager@KaliWindows:~$ sudo apt install ipython ipython3

一箩筐:

surager@KaliWindows:~$ sudo apt install cmatrix sl hollywood sereenfetch linuxlogo cowsay libaa-bin 

名言诗句:

surager@KaliWindows:~$ sudo apt install fortune
surager@KaliWindows:~$ sudo apt install fortune-zh

复读:

surager@KaliWindows:~$ yes repeater
surager@KaliWindows:~$ sudo apt install aptitude