Pen testing is a dynamic process that requires practitioners to exploit an environment to expose security weaknesses. In order to do this safely and efficiently, pen testers enlist the help of different tools. This article series will focus on reversing and exploiting Windows using free and easy to get tools, such as IDA FREE, Radare, Windbg, X64dbg, or Ghidra.

We’ll begin with tool installation. From there, we’ll explore vulnerability theory, and then conclude with some  examples of exploitation.

Installation

First, let’s install the tools to set up our work environment.

IDA FREE

Freeware Download Page_rev2.png

 

Download the file idafree70_windows. Follow the installer instructions to get IDA FREE running on your machine quickly.

2_rev.png

 

RADARE

3_rev.png

 

Download the latest installer for Windows.

4_rev.png

 

Once installation has finished just include the path where radare was installed into the environment variables.

5_rev.png

 

Inside of the environment variables, go to the variable path and include these two lines (write your own paths if installed elsewhere):

C:\Users\<user_name>\AppData\Local\Programs\radare2

C:\Users\<user_name>\AppData\Local\Programs\radare2\bin

6_Rev.png

 

Windows should now recognize the command radare2 when prompted.

7_Rev.png

 

GHIDRA

8_Rev.png

 

Download the zip file and decompress it wherever you want. For example, you could use a Virtual Machine in VMWARE.

Once the tool is decompressed, install Java from the Oracle webpage. GHIDRA recommends version 11 for compatibility. (Once the installer has finished, include the java path where the java executable is located (usually the bin path) in the path environment variable as seen before.

Alternately, other users of GHIDRA recommend the version 11 of the OpenJDK.

9_Rev.png

10_Rev.png

 

While installing with the OpenJDK installer, it’s possible to automatically add it to the variable PATH:

11.png

 

Once Java is installed in your environment, you can begin to run GHIDRA.

12.png

 

Click the bat file, and GHIDRA will boot up:

13_Rev2.png

 

X64DBG

There are new snapshots of x64dbg almost everyday. Go to the sourceforge web page and install the latest version:

14_Rev.png

 

Once you have  unzipped the file, move it to the release folder:

15.png

 

When you run it with administrator privileges, a launcher appears for you to choose which version you would like to run or if you want to install the debugger in the system:

16.png

17_Rev.png

 

Snowman was originally part of x64dbg. Now it’s a plugin we can download and install, which will decompile our binaries. Download it and copy it inside of plugins folder.

18_Rev.png

 

The version with 32 bits goes to 32 bits plugins folder, and the 64 bits version goes to the 64 bits plugins folder.

19.png

20.png

WINDBG

If you have Windows 10, to install windbg you just have to go to the Microsoft store and search for WinDbg.

21_Rev.png

 

WinDbg Preview will install automatically. If you have the Windows 7, you’ll have to install a previous version.

There you have some older versions:

22.png

 

Next step, configure symbols for WINDBG, create the folder symbols in “C:\” and then go to environment variables and create the variable _NT_SYMBOL_PATH.

23.png

 

As value write:

SRV*c:\symbols*http://msdl.microsoft.com/download/symbols

With this we already have installed WINDBG PREVIEW.

25_Rev.png

 

HEXADECIMAL EDITOR

This free hexadecimal editor will allow you to edit binary files.

26_Rev.png

 

PYTHON

The newest version of Python 3 will help create the exploits for each exercise.

27_Rev.png

 

Download the latest version.

Find and select the option in the installer to aggregate Python.exe to the PATHenvironment variable  automatically.

Usually the installation path will be:

C:\Users\XXXXX\AppData\Local\Programs\Python\Python38

Python38 may be different in your case.

Once installed, you should be able to execute Python as needed.

28.png

 

 PYCHARM COMMUNITY

Pycharm will be our Integrated Development Environment (IDE) for Python.  Go to the jetbrains web page and select the latest version.

29_Rev.png

30.png

 

Select all of the above options, so it will be included in PATH environment variable. Once installed, create a new project:

31_Rev.png

 

Check the RUN->DEBUG configuration and verify that the “Base interpreter” option points to the correct Python interpreter.

32_Rev.png

 

Search in settings for ”project interpreter” and check that the correct version of Python is detected.

33_Rev.png

 

This will allow you to convert files to python and move them into Pycharm.

34.png

 

For example, pepe.txt has been converted into pepe.py. When you click  “Run,” the next screen should appear:

35.png

 

The console of the  pycharm screen should print:

36.png

 

Pycharm features autocomplete. For instance, if you point with the mouse to the word “os”, and press Ctrl and click, pycharm should take you to the code of “os” python library.

37.png

 

Now that you’ve installed the right tools for our exploiting environment, you’re ready to move on to part two, which  will begin with a little bit of theory about buffer overflow. From there, you’ll complete a few simple exercises.

Continue to part two >>