## Terminal 1. Copy file to local machine `scp <source>/target target 2. Copy directory to local machine ``scp -r <source>/folder folder` 3. View permissions `ls -al` 4. Copy from a folder to another `cp -rf folder/ /tmp/folder 5. `make` on the folder where all contents including shellcode are 6. `hd shellcode.bin` 7. Is ASLR enabled? `cat /proc/sys/kernel/randomize_va_space` 8. Tracing library calls made by a `target-function` `ltrace -o <filename-to-write-output> ./<target-function>` ## Shellcode 1. Invoke shell `/bin/sh` 2. `shellcraft -fa i386.linux.sh` -> View shellcode in assembly 3. `shellcraft -fa i386.linux.cat /proc/flag` -> View shellcode for cat proc/flag 4. `shellcraft -r i386.linux.sh` -> Run in current environment 5. `shellcraft -d i386.linux.cat /proc/flag` -> Debug using gdb 6. `shellcraft -fr i386.linux.sh | disasm` ### Make and test a shellcode 1. ; modify `readflag.S`, rebuild, and run your shellcode against `./target` 2. `$ ./make.sh` 3. `$ cat readflag.bin | ./target`