🦸
PEN TESTING BOOK
  • 📘PENETRATION TESTING BOOK
  • ☮️PENTESTING PROCESS
    • 1️⃣Pre-Engagement
    • 2️⃣Intelligence Gathering / Reconnaissance
    • 3️⃣Threat Modeling
    • 4️⃣Vulnerability Assessment
    • 5️⃣Exploitation
    • 6️⃣Post-Exploitation
    • 7️⃣Reporting
  • 🪟Windows Privilege Escalation
    • 🛠️Windows Exploit Suggester
    • 🏄‍♂️Windows-Privilege-Escalation
  • 🐧Linux Privilege Escalation
    • 🏄‍♀️LInux-Privilege-Escalation
  • 🐧Linux Exploit Development Tools
    • 🔧Exploit Development Tools
  • 🕸️Web Application Pentesting
    • 📈graphql injection
    • 🐱cross site scripting
    • 💉Command Injection
    • 🗃️file upload vulnerability
    • 🍶flask
    • 🦕idor
    • 📂local file inclusion
    • 🚛Sensitive Data Exposure Cheat Sheet
    • 🐴wordpress pentesting
    • ❌xxe attack
    • 🔓Authentication Bypass
    • 🕸️Webshells
    • 🏂SSRF
    • 🐈‍⬛Git Exposure
    • ✖️XSS WAF Bypass
    • XPath Injection
  • 🔁Reverse Engineering
    • 🐲intro to ghidra
  • 🦹‍♂️Network Pentesting 101
    • ☢️Router Setup
      • Vyatta Router VM Setup Guide
    • 🔢Enumeration
      • 22, 161, 162 - SSH, SNMP
    • 🧙Brute Force Attacks
      • Brute Forcing Cheat sheet
    • 🛂Post Exploitation
    • Firewall Pentesting
  • 🔅Internet of Things
    • 📳Enumerating IoT Devices
    • 😷Dissecting Embedded Devices
    • 👨‍💻Exploiting Embedded Devices
    • 🎮Dynamic Analysis with Emulation
    • ☮️Firmware Analysis
      • Firmware Analysis
      • Bootloader testing
    • Drone Pentesting
      • Common Attacks
      • Threat Categories
    • Hacking Vending Machines
  • 🚔Automotive Pentesting
    • 🔌Virtual CAN
      • Dump Traffic
  • 🗳️Container Pentesting
    • 🐳docker pentesting
    • 🐋docker container escape
    • 🐋Docker CVE's
    • ☸️kubernetes pentesting
  • 🌆SMART CITY PENTESTING
    • ♾️Protocols
      • LoRa-WAN
  • 🪦ACTIVE DIRECTORY PENTESTING
    • 🌌Active Directory Post Exploitation
  • ☄️Command and Control
    • 🌩️C2 In The Cloud
    • 🔁C2 HTTP Redictor
    • ☸️Havoc C2
    • ⛎Sliver C2
    • 🦄Mythic C2
  • 🦋PENTESTING CISCO DEVICES
    • 🔦Cisco-Torch : Enumeration
    • 🔓Password Attack (Type 5)
  • RED TEAMING
    • 🦕Initial Access
      • ⚔️Weaponization
    • 🔥Frameworks
      • Atomic Red Team
      • MITRE Caldera
Powered by GitBook
On this page
  • Intro To Ghidra
  • Installation and QuickStart
  • Create a Project
  • Analysis
  • Code Browser
  • Lab 4-2: Binary Diffing and Patch Analysis
  • References

Was this helpful?

  1. Reverse Engineering

intro to ghidra

PreviousXPath InjectionNextRouter Setup

Last updated 1 year ago

Was this helpful?

Intro To Ghidra

Installation and QuickStart

sudo apt-get update && sudo apt-get install -y openjdk-11-jdk

unzip <ghidra.zip> -d ~

cd ~/ghidra

./ghidraRun

Create a Project

  • Click on File | New or Ctrl+N

  • Click File | Import to import the executables

  • Click on Ok

  • Double Click the Target file to launch the code browser and start the analysis

Analysis

  • Function Analyzer Assigns addresses and names to functions based on their symbol reference or by detecting function prologues and epilogues in the code disassembly.

  • Stack Analyzer Infers stack variable sizes and references based on stack base and pointer operations at the beginning of the function.

  • Operand Analyzer Assigns and resolves address and symbol references based on scalar operands.

  • Data Reference Analyzer Resolves addresses and references to data values and obvious data types based on their memory section location and operands in the code.

Code Browser

  • Main menu: All the main options are available from this menu.

  • Toolbar: Here you will find a group of icon buttons you can use as shortcuts for common functionality.

  • Program Trees: This provides tree lists of all the memory segments defined by the binary and will vary depending on the binary format and loader.

  • Symbol Tree: Here you can quickly navigate through all the symbols defined by the debugging information or resolved by the initial analysis. These symbols are separated by type: imports, exports, functions, labels, classes, and namespaces.

  • Data Type: Manager Built-in, generic, binary- provided, and user-defined data types will be available here. You can easily navigate to operations on values and references by their data type.

  • Listing: The program’s code disassembly and data references are listed here. You can easily explore program logic, references, and address offsets. Special comments and named values generated by the Ghidra loader and analyzer are displayed here as well. -Decompile: This window displays a C language representation of the function selected on the Listing window. This decompilation eases the process of analyzing large and complex assembly code blocks.

  • Console – Scripting: Results and outputs from scripts and plug-ins are shown here.

Lab 4-2: Binary Diffing and Patch Analysis

Install BinDiffHelper Extension

Install Gradle build automation tool

wget https://services.gradle.org/distributions/gradle-6.5-milestone-2-bin.zip && sudo unzip gradle-6.5-milestone-2-bin.zip -d /opt

Clone and compile the BinExport2 plug-in

git clone --single --depth=1 --branch=master  https://github.com/google/binexport ~/binexport && cd ~/binexport/java/BinExport && /opt/gradle-6.5-milestone-2/bin/gradle -PGHIDRA_INSTALL_DIR=~/ghidra_9.3.2_PUBLIC

Download and Install BinDiff

wget https://storage.googleapis.com/bindiff-releases/bindiff_6_amd64.deb

sudo dpkg -i bindiff_6_amd64.deb || sudo apt-get install -f

Clone and Compile BinDiffHelper plug-in

cd ~/ && git clone --single --depth=1 --branch=master https://github.com/ubfx/BinDiffHelper && cd ~/BinDiffHelper && /opt/gradle-6.5-milestone-2/bin/gradle -PGHIDRA_INSTALL_DIR=~/ghidra_9.3.2_PUBLIC

References

🔁
🐲
Download Ghidra
Ghidra Cheatsheet