📔
eCPPTv2 Notes
  • About
  • 1-System Security
    • Architecture Fundamentals
      • Security Implementations
      • References
    • Assembler Debuggers and Tool Arsenal
      • Compiler
      • NASM
      • Tool Arsenal
      • References
    • Buffer Overflow
      • Finding Buffer Overflows
      • Exploiting Buffer Overflow
      • Security Implementations
      • References
    • Shellcoding
      • Types of Shellcode
      • Encoding of Shellcode
      • Debugging a Shellcode
      • Creating our First Shellcode
      • More Advanced Shellcode
      • Shellcode and Payload Generators
      • References
    • Cryptography and Password Cracking
      • Cryptography Hash Function
      • Public Key Infrastructure
      • Pretty Good Privacy (PGP)
      • Secure Shell (SSH)
      • Cryptographic Attack
      • Security Pitfalls
      • Windows 2000/XP/2k3/Vista/7/8 Passwords
      • References
    • MALWARE
      • Techniques Used by Malware
      • How Malware Spreads
      • Samples
      • References
  • 2-Network Security
    • Information Gathering
      • Search Engines
      • Social Media
      • Infrastructures
      • Tools
      • References
    • Scanning
      • Detect Live Hosts and Ports
      • Service and OS detection
      • Firewall/IDS Evasion
      • References
    • Enumeration
      • NetBIOS
      • SNMP
      • References
    • Sniffing and MitM Attacks
      • What is Sniffing
      • Sniffing in Action
      • Basic of ARP
      • Sniffing Tools
      • Man in the Middle Attacks
      • Attacking Tools
      • Intercepting SSL Traffic
      • References
    • Exploitation
      • Vulnerability Assessment
      • Low Hanging Fruits
      • Exploitation
      • References
    • Post Exploitation
      • Privilege Escalation and Maintaining Access
      • Pillaging / Data Harvesting
      • Mapping the internal network
      • Exploitation through Pivoting
      • References
    • Anonymity
      • Browsing Anonymously
      • Tunneling for Anonymity
      • References
    • Social Engineering
      • Types of Social Engineering
      • Samples of Social Engineering Attacks
      • Pretexting Samples
      • Tools
      • References
  • 3-Powershell for Pentesters
    • Introduction
      • Why PowerShell ?
      • References
    • PowerShell Fundamentals
      • Cmdlets
      • Modules
      • Scripts
      • Objects
      • References
    • Offensive PowerShell
      • Downloading & Execution
      • Obfuscation
      • Information Gathering & Recon
      • Post-Exploitation With Powershell
      • References
Powered by GitBook
On this page

Was this helpful?

  1. 1-System Security
  2. Assembler Debuggers and Tool Arsenal

Tool Arsenal

PreviousNASMNextReferences

Last updated 4 years ago

Was this helpful?

4. Tools Arsenal

4.1 Compilers

There are several options on how you can compile your C/C++ code. It is important tot note that different compilers may result in different outputs. You can use IDEs or command line.

IDEs:

  • Visual Studio

  • Orwell Dev-C++

  • Code::Blocks

Command line:

  • MinGW

  • example: gcc -m32 main.c -o main.o

4.2 Debuggers

A debugger is a program which runs other programs, in a way that we can exercise control over the program itself. In our specific case, the debugger will help us write exploits, analyze programs, reverse engineer binaries, and much more.

As we will see, the debugger allows us to:

  • Stop the program while it is running

  • Analyze the stack and its data

  • Inspect registers

  • Change the program or program variables and more

There are several options of debuggers:

4.3 Decompiling

In order to be a successful pentester, you need to have the knowledge to reverse a compiled application.

You can use objdump.exe that is bundled with gcc in order to decompile a compiled application.

example: objdump -d -Mintel main.exe > disasm.tx

(Windows, Linux, MacOS)

(Unix, Windows)

(Windows)

(Linux)

(Windows)

(Windows)

(MacOS, Linux)

gcc
Immunity Debugger
IDA
GDB
X64DBG
EDB
WinDBG
OllyDBG
Hopper