Posted Updated Docs3 minutes read (About 458 words)

DIPD Document

4xpl0r3r/DIPD: Debug with IDA and Pwntools in Docker (DIPD) (github.com)

About

With this, you can debug a program in docker and make use of both IDA and Pwntools

SAFT QUICK POWERFUL(IDA)

Get Started

1
git clone https://github.com/4xpl0r3r/DIPD.git
  1. Install docker, docker-compose, and IDA (You can deploy them in separated hosts, but the network between them must be OK)
  2. move the binary to debug/ directory and rename the binary to todebug
  3. run the command docker-compose up in the root directory of this project

Access to the STDIO of binary

1
nc docker.ip 23458

IDA Pro Debugger Arguments (version 7.6)

  • Type: Remote Linux Debugger (Attach)
  • Hostname: docker.ip (the IP of your host which running docker)
  • Port: 23946
  • No password need

Caution

  • You have to run the binary by netcat or pwntools before attaching the process, or you can’t see the desired process in your IDA
  • You have to run the docker in a 64bit arch Linux to support both 32bit(i386) and 64bit(amd64) debug

Demo

Start the DIPD

1
docker-compose up

image-20210826060049976

Run and connect to the STDIO of your binary

1
nc docker.ip 23458

Now, your binary should have been running

Let’s use our IDA and start the IDA Debugger

image-20210826060028343

Input Information and click “OK”

image-20210826060059572

Now you can see the processes in your docker, choose ./todebug and click “OK”

image-20210826060110022

Now, you should have got into IDA debug view without any error and exception.

file - docker-compose.yml

image

You can choose the base image as you like, here are some useful options

1
2
3
4
i386/ubuntu:16.04
i386/ubuntu:18.04
amd64/ubuntu:16.04
amd64/ubuntu:18.04

You have to run your docker in 64bit Arch to support both i386 and amd64, or the only option is i386

Other arguments

Just have a look at the annotation over there

directory - files

directory - debs

the apt packages for socat, used for fast install and offline support

files - linux_server[64]

IDA Debug Server v7.6

If you don’t want to use IDA v7.6, just replace them with yours

file - init.sh

This file is used for initializing the debug environment, you can modify it to make any adjustment

directory - debug

Just place the binary you want to debug here

If you have an application isn’t having only 1 ELF file, just copy them all to this directory

If you don’t want to change the name of your elf file, you could change the argument debug_name in docker-compose.yml

DIPD Document

https://www.4xpl0r3r.com/Docs/DIPD-Document/

Author

4xpl0r3r

Posted on

2021-08-26

Updated on

2022-01-27

Licensed under

#

Comments

follow.it

Links

Categories

Recents

Archives

Tags

Antivirus Evasion1
Blue Teaming1
C#1
C&C++1
C21
CTF1
CVE3
CodeQL1
Environment1
Format String1
JNDI2
Java2
Linux1
Memory Forensics1
Network1
OffSec1
PWN1
PowerShell1
Priv-Escalation1
Red Teaming1
Troubleshooting1
×