$plugins['authad'] = '0';
$plugins['authldap'] = '1';
$plugins['authmysql'] = '0';
$plugins['authpgsql'] = '0';
= Peda setup and usage =
== Setup ==
You can download peda using:
git clone https://github.com/longld/peda
To set it up add the following to your **~/.gdbinit** file and then run **gdb** as usual:
# Source all settings from the peda dir
source ~/peda/peda.py
# These are other settings I have found useful
# Intel syntax is more readable
set disassembly-flavor intel
# When inspecting large portions of code the scrollbar works better than 'less'
set pagination off
# Keep a history of all the commands typed. Search is possible using ctrl-r
set history save on
set history filename ~/.gdb_history
set history size 32768
set history expansion on
Making the following modification to ~/peda/lib/config.py is also recommended:
- "debug" : ("off", "show detail error of peda commands, e.g: on|off"),
+ "debug" : ("on", "show detail error of peda commands, e.g: on|off"),
== General usage and features==
* The list of commands can be read by typing **peda**
* Peda has wrappers over many gdb commands
* Here is **disas** versus **pdisas**: {{ :kb:toolset:disas_vs_pdisas.png?direct&700 |}}
* There are three commands to show context:
* **context reg** for the registers and flags
* **context code** for disassembling around the current instruction pointer
* **context stack** for examining the stack
* There is also a command for all at once: **context all** that is run by default whenever a breakpoint is hit: {{ :kb:toolset:context_all.png?direct&700 |}}
* As you can see, there is a lot of information available. Note that the addresses are color coded according to their origin: code/data/rodata
* Peda also features smart dereferencing (telescoping)
* Getting information about an address or register can be done with **xinfo**. The origin of the mapping is searched from another command: **vmmaps** {{ :kb:toolset:xinfo_vmmap.png?direct&700 |}}
* Displaying all strings in the address space is done using **strings**
* Searching for specific strings can be done with **find** {{ :kb:toolset:searching.png?direct&700 |}}
* Sometimes you need to find a pointer to a specific string. You can use **refsearch** {{ :kb:toolset:refsearch.png?direct&700 |}}
* Searching for specific instructions or chains of instructions is done using **asmsearch** (although it's not always accurate) {{ :kb:toolset:asmsearch.png?direct&700 |}}
== Exploit/ Reverse Engineering specifics ==
* Process info and security {{ :kb:toolset:process_info.png?direct&700 |}}
* ROP gadgets {{ :kb:toolset:dumprop.png?direct&700 |}}
* Tracing calls {{ :kb:toolset:tracecall.png?direct&700 |}}
* Tracing individual instructions: Peda can also infer the arguments to functions or the operands for comparisons and display them {{ :kb:toolset:traceinst.png?direct&700 |}}
* Creating exploit patterns and searching for them in memory and registers {{ :kb:toolset:pattern.png?direct&700 |}}
== More info ==
* There are many more features in peda apart from the ones described above (shellcode downloading, exploit generation, python script generation from the payload). For everything else check out the source code.
* You can also view the following resources from its authors:
* [[http://ropshell.com/peda/Linux_Interactive_Exploit_Development_with_GDB_and_PEDA_Slides.pdf | Slides from the BlackHat'12 presentation ]]
* [[http://www.youtube.com/watch?v=knC3B3RKARo | Full exploit demo video]]