Pentesting – Exercise 1

I’m currently attending an intensive penetration testing course in Haaga-Helia summer semester. The course is held by Tero Karvinen (http://terokarvinen.com/) and it takes 1.5 weeks. Every day there’s 8 hours of lectures and these assignments.

In this first assignment, we were meant to create a Kali Linux bootable USB stick and then we needed to take some tool from a CTF walkthrough and then test it on our own system.

USB stick for Kali

I already had a USB including Kali, since I have it on my laptop. For the sake of the exercise, I thought I would still format my USB and reinstall Kali. However, even though our lecturer Tero told us to get a Xfce desktop environment, I still am going to get myself the Gnome one. I do prefer it over Xfce.

First of all, it is needed to download an image from Kali’s website and find a suitable one for yourself: https://www.kali.org/downloads/. I use the “Kali Linux 64 Bit” one, but everyone should decide what ever fits them the best. When the image has been downloaded, we can start the formatting and installation process.

On Linux, as I perform this, give fdisk command:

Fdisk shows the storage devices you have plugged to your system. For me, there was my laptop’s hard drive and then my USB stick. You can also check them with command lsblk:

These give enough indication that my USB is device sdb, so that is the one I am going to install the image to. I knew there was a possibility to perform this on the command line so I googled and found this page: https://docs.kali.org/downloading/kali-linux-live-usb-install. It shows the command I recognize to format the USB and for installing the image.

The command is dd if=kali-linux-2019.1a-amd64.iso of=/dev/sdb bs=512k. IF is for input file, OF is for output file and BS is for block size (the recommended size is 512k).

Now the USB stick should be bootable. It can now be tested.

Seems to be working!

CTF tool/program

The second and last assignment was to check some CTF walkthrough, from which we need to take some tool to install and test on our own systems. I decided to pick one of my favorite CTF youtubers’, Gynvael’s (https://youtube.com/user/GynvaelEN) walkthrough on Google CTF 2018 (https://youtube.com/watch?v=qDYwcIf0LZw). However, on CTFs people don’t always use that interesting programs, so I decided to pick the one, which is used probably the most, IDA. IDA is a reverse engineering tool, which is used to extract binaries in to Assembly code. IDA freeware version can be downloaded from here: https://www.hex-rays.com/products/ida/support/download_freeware.shtml.

There’s also an alternative, which is open source and is developed by CIA. It is called Ghidra (https://github.com/NationalSecurityAgency/ghidra). It is basically same as IDA, but there’s differences, to which I’m not going to go any further.

After IDA has been downloaded, it needs to be executable, so run chmod +x to it. After that the installer can be started:

Go through with the installer and install the binary. After the binary has been installed, it can be started:

I created just for this purpose a binary of Hello World in C. After the C-file is compiled, it has been turned in to a binary.

Here’s the code:

Now we can choose a new assembler file in IDA, input our brand new Hello World binary and choose ELF64 binary:

I will just use the default settings.

After this, IDA has decompiled our C binary in to Assembly code:

There’s some functions because of C’s int main() method and the return 0 part, but those can be ignored in this code. It assigns string to %rdi register and then calls puts, which prints the string to standard output. That’s Hello world decompiled!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s