\documentclass[10pt,a4paper]{article} % Packages \usepackage{fancyhdr} % For header and footer \usepackage{multicol} % Allows multicols in tables \usepackage{tabularx} % Intelligent column widths \usepackage{tabulary} % Used in header and footer \usepackage{hhline} % Border under tables \usepackage{graphicx} % For images \usepackage{xcolor} % For hex colours %\usepackage[utf8x]{inputenc} % For unicode character support \usepackage[T1]{fontenc} % Without this we get weird character replacements \usepackage{colortbl} % For coloured tables \usepackage{setspace} % For line height \usepackage{lastpage} % Needed for total page number \usepackage{seqsplit} % Splits long words. %\usepackage{opensans} % Can't make this work so far. Shame. Would be lovely. \usepackage[normalem]{ulem} % For underlining links % Most of the following are not required for the majority % of cheat sheets but are needed for some symbol support. \usepackage{amsmath} % Symbols \usepackage{MnSymbol} % Symbols \usepackage{wasysym} % Symbols %\usepackage[english,german,french,spanish,italian]{babel} % Languages % Document Info \author{therealdash} \pdfinfo{ /Title (x86-32-shellcode-lab.pdf) /Creator (Cheatography) /Author (therealdash) /Subject (x86\_32 Shellcode-Lab Cheat Sheet) } % Lengths and widths \addtolength{\textwidth}{6cm} \addtolength{\textheight}{-1cm} \addtolength{\hoffset}{-3cm} \addtolength{\voffset}{-2cm} \setlength{\tabcolsep}{0.2cm} % Space between columns \setlength{\headsep}{-12pt} % Reduce space between header and content \setlength{\headheight}{85pt} % If less, LaTeX automatically increases it \renewcommand{\footrulewidth}{0pt} % Remove footer line \renewcommand{\headrulewidth}{0pt} % Remove header line \renewcommand{\seqinsert}{\ifmmode\allowbreak\else\-\fi} % Hyphens in seqsplit % This two commands together give roughly % the right line height in the tables \renewcommand{\arraystretch}{1.3} \onehalfspacing % Commands \newcommand{\SetRowColor}[1]{\noalign{\gdef\RowColorName{#1}}\rowcolor{\RowColorName}} % Shortcut for row colour \newcommand{\mymulticolumn}[3]{\multicolumn{#1}{>{\columncolor{\RowColorName}}#2}{#3}} % For coloured multi-cols \newcolumntype{x}[1]{>{\raggedright}p{#1}} % New column types for ragged-right paragraph columns \newcommand{\tn}{\tabularnewline} % Required as custom column type in use % Font and Colours \definecolor{HeadBackground}{HTML}{333333} \definecolor{FootBackground}{HTML}{666666} \definecolor{TextColor}{HTML}{333333} \definecolor{DarkBackground}{HTML}{A3A3A3} \definecolor{LightBackground}{HTML}{F3F3F3} \renewcommand{\familydefault}{\sfdefault} \color{TextColor} % Header and Footer \pagestyle{fancy} \fancyhead{} % Set header to blank \fancyfoot{} % Set footer to blank \fancyhead[L]{ \noindent \begin{multicols}{3} \begin{tabulary}{5.8cm}{C} \SetRowColor{DarkBackground} \vspace{-7pt} {\parbox{\dimexpr\textwidth-2\fboxsep\relax}{\noindent \hspace*{-6pt}\includegraphics[width=5.8cm]{/web/www.cheatography.com/public/images/cheatography_logo.pdf}} } \end{tabulary} \columnbreak \begin{tabulary}{11cm}{L} \vspace{-2pt}\large{\bf{\textcolor{DarkBackground}{\textrm{x86\_32 Shellcode-Lab Cheat Sheet}}}} \\ \normalsize{by \textcolor{DarkBackground}{therealdash} via \textcolor{DarkBackground}{\uline{cheatography.com/196544/cs/41321/}}} \end{tabulary} \end{multicols}} \fancyfoot[L]{ \footnotesize \noindent \begin{multicols}{3} \begin{tabulary}{5.8cm}{LL} \SetRowColor{FootBackground} \mymulticolumn{2}{p{5.377cm}}{\bf\textcolor{white}{Cheatographer}} \\ \vspace{-2pt}therealdash \\ \uline{cheatography.com/therealdash} \\ \end{tabulary} \vfill \columnbreak \begin{tabulary}{5.8cm}{L} \SetRowColor{FootBackground} \mymulticolumn{1}{p{5.377cm}}{\bf\textcolor{white}{Cheat Sheet}} \\ \vspace{-2pt}Not Yet Published.\\ Updated 16th November, 2023.\\ Page {\thepage} of \pageref{LastPage}. \end{tabulary} \vfill \columnbreak \begin{tabulary}{5.8cm}{L} \SetRowColor{FootBackground} \mymulticolumn{1}{p{5.377cm}}{\bf\textcolor{white}{Sponsor}} \\ \SetRowColor{white} \vspace{-5pt} %\includegraphics[width=48px,height=48px]{dave.jpeg} Measure your website readability!\\ www.readability-score.com \end{tabulary} \end{multicols}} \begin{document} \raggedright \raggedcolumns % Set font size to small. Switch to any value % from this page to resize cheat sheet text: % www.emerson.emory.edu/services/latex/latex_169.html \footnotesize % Small font. \begin{multicols*}{3} \begin{tabularx}{5.377cm}{x{1.94103 cm} x{3.03597 cm} } \SetRowColor{DarkBackground} \mymulticolumn{2}{x{5.377cm}}{\bf\textcolor{white}{GDB - Gnu Debugger - Initiation}} \tn % Row 0 \SetRowColor{LightBackground} gdb -q ./\textless{}file\textgreater{} & Start GDB in quiet mode \tn % Row Count 1 (+ 1) % Row 1 \SetRowColor{white} gdb -p \textless{}pid\textgreater{} & Attach to process-id \tn % Row Count 2 (+ 1) % Row 2 \SetRowColor{LightBackground} gdb -c \textless{}core\textgreater{} ./\textless{}file\textgreater{} & Load up a core file and the program \tn % Row Count 4 (+ 2) \hhline{>{\arrayrulecolor{DarkBackground}}--} \SetRowColor{LightBackground} \mymulticolumn{2}{x{5.377cm}}{Those commands are executed to start GDB.} \tn \hhline{>{\arrayrulecolor{DarkBackground}}--} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{5.377cm}{x{1.19002 cm} x{0.96117 cm} x{2.42581 cm} } \SetRowColor{DarkBackground} \mymulticolumn{3}{x{5.377cm}}{\bf\textcolor{white}{GDB - Commands - Run a program}} \tn % Row 0 \SetRowColor{LightBackground} run & r & Start the program \tn % Row Count 1 (+ 1) % Row 1 \SetRowColor{white} run testarg & r testarg & Start with an argument \tn % Row Count 3 (+ 2) \hhline{>{\arrayrulecolor{DarkBackground}}---} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{5.377cm}{x{1.73926 cm} p{0.68655 cm} x{2.15119 cm} } \SetRowColor{DarkBackground} \mymulticolumn{3}{x{5.377cm}}{\bf\textcolor{white}{GDB - Commands - Registers}} \tn % Row 0 \SetRowColor{LightBackground} info registers & i r & Show default registers \tn % Row Count 2 (+ 2) % Row 1 \SetRowColor{white} info registers all & i r a & Show all registers \tn % Row Count 4 (+ 2) % Row 2 \SetRowColor{LightBackground} info registers eax & i r eax & Show EAX register \tn % Row Count 6 (+ 2) \hhline{>{\arrayrulecolor{DarkBackground}}---} \SetRowColor{LightBackground} \mymulticolumn{3}{x{5.377cm}}{Commands for showing the content of registers.} \tn \hhline{>{\arrayrulecolor{DarkBackground}}---} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{5.377cm}{x{1.59264 cm} x{3.38436 cm} } \SetRowColor{DarkBackground} \mymulticolumn{2}{x{5.377cm}}{\bf\textcolor{white}{GDB - Commands - Examine}} \tn % Row 0 \SetRowColor{LightBackground} x \$eax & Examine address in EAX \tn % Row Count 1 (+ 1) % Row 1 \SetRowColor{white} x/i \$esp & Examine address at ESP interpret as instruction \tn % Row Count 3 (+ 2) % Row 2 \SetRowColor{LightBackground} x/s 0xffffffab & Examine address interpret as string \tn % Row Count 5 (+ 2) % Row 3 \SetRowColor{white} x/4s 0xffffffab & Print from that address 4 times \tn % Row Count 7 (+ 2) % Row 4 \SetRowColor{LightBackground} x/4xb & Examine in HEX repeat 4 times show in Bytes \tn % Row Count 9 (+ 2) % Row 5 \SetRowColor{white} disassemble / disas & Disassemble at current position \tn % Row Count 11 (+ 2) % Row 6 \SetRowColor{LightBackground} disas \_start & Disassemble from label \_start \tn % Row Count 13 (+ 2) % Row 7 \SetRowColor{white} print / p system & Print address of libc system \tn % Row Count 15 (+ 2) \hhline{>{\arrayrulecolor{DarkBackground}}--} \SetRowColor{LightBackground} \mymulticolumn{2}{x{5.377cm}}{Note: Examine needs valid addresses to function. Unit sizes: b, Bytes; h, Halfwords (two bytes);w, Words (four bytes); g, Giant words (eight bytes).} \tn \hhline{>{\arrayrulecolor{DarkBackground}}--} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{5.377cm}{x{1.19002 cm} x{0.9154 cm} x{2.47158 cm} } \SetRowColor{DarkBackground} \mymulticolumn{3}{x{5.377cm}}{\bf\textcolor{white}{GDB - Commands - Breakpoint}} \tn % Row 0 \SetRowColor{LightBackground} break \_start & b \_start & Set a breakpoint at the label \_start \tn % Row Count 2 (+ 2) % Row 1 \SetRowColor{white} break 5 & b 5 & Breakpoint at source line 5 \tn % Row Count 4 (+ 2) % Row 2 \SetRowColor{LightBackground} break \seqsplit{*0x44332211} & b \seqsplit{*0x44332211} & Breakpoint at address/offset \tn % Row Count 6 (+ 2) \hhline{>{\arrayrulecolor{DarkBackground}}---} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{5.377cm}{x{0.96117 cm} p{0.4577 cm} x{3.15813 cm} } \SetRowColor{DarkBackground} \mymulticolumn{3}{x{5.377cm}}{\bf\textcolor{white}{GDB - Commands - Stepping}} \tn % Row 0 \SetRowColor{LightBackground} step & s & Step per line of source. \tn % Row Count 1 (+ 1) % Row 1 \SetRowColor{white} stepi & si & Step per machine instruction \tn % Row Count 3 (+ 2) % Row 2 \SetRowColor{LightBackground} \seqsplit{continue} & c & Continue program execution \tn % Row Count 4 (+ 1) \hhline{>{\arrayrulecolor{DarkBackground}}---} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{5.377cm}{x{2.53827 cm} x{2.43873 cm} } \SetRowColor{DarkBackground} \mymulticolumn{2}{x{5.377cm}}{\bf\textcolor{white}{GDB - Commands - Set and Call}} \tn % Row 0 \SetRowColor{LightBackground} call (int) mprotect(0xDEADBEEF, 0x1000, 1) & Execute mprotect() in debugee context. \tn % Row Count 3 (+ 3) % Row 1 \SetRowColor{white} call strcpy(0xdeadbeef, "hacky") & Write hacky to addr 0xdeadbeef \tn % Row Count 5 (+ 2) % Row 2 \SetRowColor{LightBackground} set follow-fork-mode child & Follow newly created childs \tn % Row Count 7 (+ 2) % Row 3 \SetRowColor{white} set {\emph{(char {[}SIZE{]} }}) 0xdeadbeef = "my\_new\_array" & Write data to address \tn % Row Count 10 (+ 3) % Row 4 \SetRowColor{LightBackground} set \{int\}0xdeadbeef = 4 & Set value at address to 4 \tn % Row Count 12 (+ 2) % Row 5 \SetRowColor{white} set \$eax = 0xdeadbeef & Set value of register EAX to 0xdeadbeef \tn % Row Count 15 (+ 3) \hhline{>{\arrayrulecolor{DarkBackground}}--} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{5.377cm}{x{1.51041 cm} p{0.4577 cm} x{2.60889 cm} } \SetRowColor{DarkBackground} \mymulticolumn{3}{x{5.377cm}}{\bf\textcolor{white}{GDB-GEF - Overview}} \tn % Row 0 \SetRowColor{LightBackground} gdb-gef & & Start gdb-gef at commandline \tn % Row Count 2 (+ 2) % Row 1 \SetRowColor{white} gef help & & Show help of GEF \tn % Row Count 3 (+ 1) % Row 2 \SetRowColor{LightBackground} start & & Start program with auto breakpoints set \tn % Row Count 5 (+ 2) % Row 3 \SetRowColor{white} kill & & Kill current process \tn % Row Count 6 (+ 1) % Row 4 \SetRowColor{LightBackground} context & ctx & Show context \tn % Row Count 7 (+ 1) % Row 5 \SetRowColor{white} checksec & & Check security features \tn % Row Count 9 (+ 2) % Row 6 \SetRowColor{LightBackground} vmmap & & Show virtual memory map \tn % Row Count 11 (+ 2) % Row 7 \SetRowColor{white} \seqsplit{python-interactive} & pi & Start Python Interpreter \tn % Row Count 13 (+ 2) % Row 8 \SetRowColor{LightBackground} \seqsplit{python-interactive} 23*5 & pi 23*5 & Use python interpreter and calculate \tn % Row Count 15 (+ 2) \hhline{>{\arrayrulecolor{DarkBackground}}---} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{5.377cm}{x{2.63781 cm} x{2.33919 cm} } \SetRowColor{DarkBackground} \mymulticolumn{2}{x{5.377cm}}{\bf\textcolor{white}{GDB-GEF - Configuration}} \tn % Row 0 \SetRowColor{LightBackground} gef config & Show running configuration \tn % Row Count 2 (+ 2) % Row 1 \SetRowColor{white} gef config context & Configure GEF context \tn % Row Count 4 (+ 2) % Row 2 \SetRowColor{LightBackground} gef config \seqsplit{context.show\_opcode\_size} 8 & Set the opcode output to length of 8 \tn % Row Count 6 (+ 2) % Row 3 \SetRowColor{white} gef config context.layout "legend regs stack memory" & Set only for widgets as output \tn % Row Count 9 (+ 3) % Row 4 \SetRowColor{LightBackground} gef save & Save running configuration \tn % Row Count 11 (+ 2) \hhline{>{\arrayrulecolor{DarkBackground}}--} \SetRowColor{LightBackground} \mymulticolumn{2}{x{5.377cm}}{Extra configurations for GDB-GEF} \tn \hhline{>{\arrayrulecolor{DarkBackground}}--} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{5.377cm}{x{2.78712 cm} x{2.18988 cm} } \SetRowColor{DarkBackground} \mymulticolumn{2}{x{5.377cm}}{\bf\textcolor{white}{GCC - Overview}} \tn % Row 0 \SetRowColor{LightBackground} gcc -m32 \textless{}input\textgreater{} -o \textless{}output\textgreater{} & Compile source for x86\_32 arch. \tn % Row Count 2 (+ 2) % Row 1 \SetRowColor{white} gcc -m32 \textless{}input\textgreater{} -o \textless{}output\textgreater{} -z execstack & Compile with executable stack \tn % Row Count 4 (+ 2) % Row 2 \SetRowColor{LightBackground} gcc -m32 \textless{}input\textgreater{} -o \textless{}output\textgreater{} -g & Compile with debug symbols \tn % Row Count 6 (+ 2) \hhline{>{\arrayrulecolor{DarkBackground}}--} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{5.377cm}{x{2.33919 cm} x{2.63781 cm} } \SetRowColor{DarkBackground} \mymulticolumn{2}{x{5.377cm}}{\bf\textcolor{white}{NASM - Overview}} \tn % Row 0 \SetRowColor{LightBackground} nasm -f elf32 \textless{}input\textgreater{} -o \textless{}output\textgreater{}.o & Creates x86\_32 object file from assembly. \tn % Row Count 2 (+ 2) % Row 1 \SetRowColor{white} ld -m elf\_i386 \textless{}input\textgreater{}.o -o \textless{}output\textgreater{} & Create x86\_32 ELF from object file \tn % Row Count 4 (+ 2) \hhline{>{\arrayrulecolor{DarkBackground}}--} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{5.377cm}{x{2.38896 cm} x{2.58804 cm} } \SetRowColor{DarkBackground} \mymulticolumn{2}{x{5.377cm}}{\bf\textcolor{white}{OBJDUMP - Overview}} \tn % Row 0 \SetRowColor{LightBackground} objdump -d -M intel \textless{}file\textgreater{} & Dump the opcodes in Intel Syntax \tn % Row Count 2 (+ 2) % Row 1 \SetRowColor{white} objdump -s -j \textless{}section\textgreater{} \textless{}file\textgreater{} & Dump only named section \tn % Row Count 4 (+ 2) \hhline{>{\arrayrulecolor{DarkBackground}}--} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{5.377cm}{x{2.43873 cm} x{2.53827 cm} } \SetRowColor{DarkBackground} \mymulticolumn{2}{x{5.377cm}}{\bf\textcolor{white}{STRACE - Overview}} \tn % Row 0 \SetRowColor{LightBackground} strace \textless{}filename\textgreater{} & Starts program and tracing it \tn % Row Count 2 (+ 2) % Row 1 \SetRowColor{white} strace -p \textless{}pid\textgreater{} & Attaches at process-id \tn % Row Count 4 (+ 2) % Row 2 \SetRowColor{LightBackground} strace -o log.txt \textless{}filename\textgreater{} & Writes output into a logfile \tn % Row Count 6 (+ 2) % Row 3 \SetRowColor{white} strace -f \textless{}filename\textgreater{} & Also log child processes \tn % Row Count 8 (+ 2) \hhline{>{\arrayrulecolor{DarkBackground}}--} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{5.377cm}{x{1.9908 cm} x{2.9862 cm} } \SetRowColor{DarkBackground} \mymulticolumn{2}{x{5.377cm}}{\bf\textcolor{white}{PWNtools}} \tn % Row 0 \SetRowColor{LightBackground} pwn asm nop & Write NOP opcode \tn % Row Count 1 (+ 1) % Row 1 \SetRowColor{white} pwn asm nop 'mov eax, 1' & Write NOP and MOV opcode \tn % Row Count 3 (+ 2) % Row 2 \SetRowColor{LightBackground} pwn asm -f string nop & Outputs in \textbackslash{}x Notation \tn % Row Count 5 (+ 2) % Row 3 \SetRowColor{white} pwn disasm 909090 & Output the disassembly of three NOPs \tn % Row Count 7 (+ 2) \hhline{>{\arrayrulecolor{DarkBackground}}--} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{5.377cm}{x{3.03597 cm} x{1.94103 cm} } \SetRowColor{DarkBackground} \mymulticolumn{2}{x{5.377cm}}{\bf\textcolor{white}{PERL - Basics for exploits}} \tn % Row 0 \SetRowColor{LightBackground} perl -e '\{print "A"x"1024"\}' & Print 1024 times A \tn % Row Count 2 (+ 2) \hhline{>{\arrayrulecolor{DarkBackground}}--} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{5.377cm}{x{0.9954 cm} x{3.9816 cm} } \SetRowColor{DarkBackground} \mymulticolumn{2}{x{5.377cm}}{\bf\textcolor{white}{Student Files}} \tn % Row 0 \SetRowColor{LightBackground} \seqsplit{lessons/} & Assembler files, aimed at teaching x86\_32 basics \tn % Row Count 2 (+ 2) % Row 1 \SetRowColor{white} \seqsplit{shellcode/} & Collection of bad shellcodes, students have to improve \tn % Row Count 4 (+ 2) % Row 2 \SetRowColor{LightBackground} \seqsplit{skeletons/} & Skeleton Code files \tn % Row Count 6 (+ 2) % Row 3 \SetRowColor{white} \seqsplit{exploits/} & Exploits shellcode is ran against \tn % Row Count 8 (+ 2) % Row 4 \SetRowColor{LightBackground} tools/ & Support tools for the training \tn % Row Count 9 (+ 1) \hhline{>{\arrayrulecolor{DarkBackground}}--} \end{tabularx} \par\addvspace{1.3em} % That's all folks \end{multicols*} \end{document}