- Listing information about a process running - info proc map
- Printing address of commands such as system - p system
- Not really gdb but is useful for finding offset of functions/strings in libc - strings -a -t x /libc/libc-2.xxxx.so | grep "/bin/sh"
- Loading symbols from a binary to find locations - objdump -t binary and also &target where target is a variable in the binary.
- Use dmesg to check the crash logs
- To find the offset we can use pwntools pwn cyclic 50 and pwn cyclic -l [address]
- Examine the dump core file with gdb use coredumpctl gdb [seg int number] and use context command to forward into the crash point in gdb.
- info var to dump all the variables in the binary.
- Another trick for finding offsets -> readelf -s libpivot32.so | grep funcname
- Finding base offsets:
# Calculating the addresses is achieved like:
#
# lib_base = foot_leak - foot_offset
# ret2_addr = p32(lib_base + ret2_offset)
-
Useful in ret2csu disassemble __libc_csu_init, disas _fini, x/10g &_DYNAMIC
-
Pwndb -
- vmmap - visual mapping of memory
- vis - inspect heap memory
- u - deference insturction present of an address
- dq mp_.sbrk_base 40 - when vis gets corrupted it heps to analyse heap