Red Teaming and Malware Analysis
  • About
  • Red Teaming
  • Cheat Sheet
    • Web
      • Misc
      • File Upload bypass
      • Authentication bypass
      • SQL Injection
      • XSS
      • XXE
      • Reverse-shell
      • Webshell
      • (De)Serialization
    • Active Directory
    • Services by port
      • Enum
      • 5060 - SIP
      • 25 - SMTP
      • 135 - RPC
      • 445 - SMB
      • 11211 - PHPMemCached
      • ldap
    • Hardening
    • Stuff
      • Basic tips/scripts
      • OpenBSD & NetBSD
      • File Transfer
      • Pivoting
  • Active Directory 101
    • Dumping Active Directory DNS using adidnsdump
    • PrintNightmare
    • From DFSCoercer to DA
  • Fuzzing and Web
    • Server Side Template Injection (SSTI)
    • Finding SSRF (all scope)
    • Format String Exploitation
    • Cache Poisoning using Nuclei
  • Initial Foothold
    • Browser In The Browser (BITB) Attack
    • Phishing with Office
      • Weaponizing XLM 4.0 macros
  • Privilege Escalation (Privesc)
    • AV/EDR Bypass
      • Bypass AV/EDR using Safe Mode
      • Resources
    • UAC bypass
    • Process migration like meterpreter
  • Lateral Movement (Pivoting)
    • From Windows VPN + Kali VPN + DC
      • By using Proxifier
  • Persistence
  • Command and Control (C&C)
    • CobaltStrike 101
      • Pivoting DMZ: weevely + ngrok + CS Pivot COMBO via Linux
      • Extras + Plugins
      • Resources
  • Data Exfiltration
    • Extracting certs/private keys from Windows using mimikatz and intercepting calls with burpsuite
  • CVE & Exploits / CTF
    • Privilege Escalation
    • Serialization
    • CVEs
      • CHIYU IoT devices
      • Chamilo-lms-1.11.x - From XSS to account takeover && backdoor implantation
    • CVE - Submission Guides
  • Tools
    • Intel
    • OSINT
    • DNS
    • WEB
      • API and WS Hacking
      • Web Discovery
      • Web Fuzzing
      • Path Traversal
      • GraphQL
      • JWT
    • Infrastructure and Network
      • Scan and Discovery
        • Network mapper
      • Automated Scanners
      • Misc
      • Active Directory
        • Burpsuite with Kerberos Auth
      • Cloud & Azure
      • Command and Control (C&C)
      • (De)serialization
      • Lateral Movement
      • Powershell
    • Privilege Escalation
    • Exfiltration
    • Persistence
    • Password & Cracking
      • Wordlists
      • Tips
      • Rainbow Crackalack
    • Static Code Analysis
    • Reporting
  • Resources
  • Pwnage
    • WiFi
      • HOSTAPD-WPE
      • Rogue APP
      • WPA3 Downgrade attack
    • NRF
    • rubber ducky
  • Malware Analysis
  • Unpacking
  • Basic tips
  • Malware instrumentation with frida
  • Tools
    • Debuggers / Disassemblers
    • Decompilers
    • Detection and Classification
    • Deobfuscation
    • Debugging and Reverse Engineering
    • Memory
    • File Analysis
    • Emulators
    • Network Traffic Analysis
    • Other
    • Online Tools
  • Resources
    • DFIR FTK Imager
    • Convert IP Range into CIDR
    • Parsing Large Raw Files and Excluding Country IP Address Ranges
    • Windows Logs Automation
      • amcache.hve
    • Windows EventViewer Analysis | DFIR
    • Prevent Windows shutdown after license expire
    • Firewall raw Logs
  • Mobile
    • Tools
    • Reverse iOS ipa
      • Jailbreak
      • Install Frida iPhone 5S
      • Frida instrumentation
      • Resources / Extra features
    • Reverse Android APKs
      • Android Dynamic Analysis
      • Bypass root + Frida
      • SSL unpining frida + Fiddler/Burp
      • Backdooring/patch APKs
    • Basic tips
    • Resources
  • IoT / Reverse / Firmware
    • Basic tips
      • Repair NTFS dirty disks
    • Reverse IoT devices
      • Reverse TP-Link Router TL-WR841N
      • Reverse Trendnet TS-S402 firmware
      • Full emulate Netgear WNAP320
      • Reverse ASUS RT-AC5300
      • Reverse LinkOne devices
    • Tools
      • Qemu + buildroot 101
      • Kernel
    • Resources
Powered by GitBook
On this page
  • Compile arm kernel and execute it via qemu
  • Buildroot and QEMU – the quickest recipe for your own Linux
  • buildroot essential commands that will safe your life
  • qemu essential commands that will safe you
  • Qemu + virtual tap

Was this helpful?

  1. IoT / Reverse / Firmware
  2. Tools

Qemu + buildroot 101

Compile arm kernel and execute it via qemu

sudo apt-get install qemu-system-arm
tar -xvzf buildroot-2020.02.3.tar.gz
sudo apt-get install libncurses5-dev libncursesw5-dev

make menuconfig
make list-defconfigs
make qemu_arm_versatile_defconfig

export PATH=$PATH:/home/embeddedcraft/buildroot-2020.02.3/output/host/bin
arm-buildroot-linux-uclibcgnueabi-gcc hello.c -o hello
sudo mount -t ext2 -o rw,loop rootfs.ext2 /mnt/try
sudo cp hello /mnt/try/root/

qemu-system-arm -M versatilepb -kernel vmlinuz-3.2.0-4-versatile -initrd initrd.img-3.2.0-4-versatile -hda debian_wheezy_armel_standard.qcow2 -append "root=/dev/sda1"  -net nic -net user,hostfwd=tcp::7777-:22

tar zcf squashfs-root.tar.gz squashfs-root 
scp -P 7777 ./squashfs-root.tar.gz root@127.0.0.1:/root

Buildroot and QEMU – the quickest recipe for your own Linux

get buildroot version from the official website
$ tar -xvzf buildroot-2021.xxx.tar.gz
$ cd buildroot/
$ make qemu_arm_versatile_defconfig
$ make menuconfig
$ qemu-system-arm -M versatilepb -kernel output/images/zImage -dtb output/images/versatile-pb.dtb -drive file=output/images/rootfs.ext2,if=scsi -append "root=/dev/sda console=ttyAMA0,115200" -nographic

source: https://pressreset.net/2013/09/buildroot-and-qemu-the-quickest-recipe-for-your-own-linux/

buildroot essential commands that will safe your life

make menuconfig
make HOSTCC=gcc-4.4
make MAKEINFO=true
make -j8

qemu essential commands that will safe you

qemu-system-arm -machine help
qemu-system-arm -machine vexpress -cpu help

sudo qemu-system-arm \
    -M vexpress-a9 \
    -kernel ./zImage_arch \
    -dtb ./vexpress-v2p-ca9.dtb \
    --nographic \
    -append "root=/dev/mmcblk0 rw roottype=ext4 console=ttyAMA0" \
    -drive if=sd,driver=raw,cache=writeback,file=./arch_rootfs.ext4 \
    -net nic,macaddr=$macaddr \
    -net tap,vlan=0,ifname=tap0 \
    -snapshot

    
qemu-system-arm -M        vexpress-a9                                                    \
                -cpu      cortex-a9                                                      \
                -m        1024                                                           \
                -nographic                                                               \
                -kernel   $BRIMAGES/zImage                                               \
                -drive    file=$BRIMAGES/rootfs.ext2,index=0,media=disk,format=raw,if=sd \
                -dtb      $BRIMAGES/vexpress-v2p-ca9.dtb                                 \
                -net      nic                                                            \
                -net      user,hostfwd=tcp::2222-:22,hostfwd=tcp::9000-:9000             \
                -append   "rw console=ttyAMA0 console=tty root=/dev/mmcblk0"

                
qemu-system-arm -M versatilepb -kernel vmlinuz-3.2.0-4-versatile -initrd initrd.img-3.2.0-4-versatile -hda debian_wheezy_armel_standard.qcow2 -append "root=/dev/sda1"  -net nic -net user,hostfwd=tcp::7777-:22    

qemu-system-arm -M versatilepb -kernel output/images/zImage -dtb output/images/versatile-pb.dtb -drive file=output/images/rootfs.ext2,if=scsi -append "root=/dev/sda console=ttyAMA0,115200" -nographic

qemu-system-arm -M versatilepb -kernel zImage -dtb versatile-pb.dtb -drive file=rootfs.ext2,if=scsi,format=raw -append "root=/dev/sda console=ttyAMA0,115200" -serial stdio -net nic,model=rtl8139 -net user

Qemu + virtual tap

sudo brctl addbr virbr0
sudo ifconfig virbr0 192.168.122.1/24 up

sudo tunctl -t tap0
sudo ifconfig tap0 192.168.122.11/24 up
sudo brctl addif virbr0 tap0

sudo qemu-system-mipsel -M malta -kernel vmlinux-3.2.0-4-4kc-malta -hda debian_wheezy_mipsel_standard.qcow2 -append "root=/dev/sda1 console=tty0" -net nic,vlan=0 -net tap,vlan=0,ifname=tap0 -nographic

ifconfig eth0 192.168.122.12/24 up

Another option is portforwarding:

sudo qemu-system-mipsel -M malta -kernel vmlinux-3.2.0-4-4kc-malta -hda debian_wheezy_mipsel_standard.qcow2 -append "root=/dev/sda1 console=tty0" -net user,hostfwd=tcp::80-:80,hostfwd=tcp::443-:443,hostfwd=tcp::2222-:22 -net nic -nographic

ssh -p 2222 root@127.0.0.1
scp -r ./data  root@192.168.122.12:/root/

PreviousToolsNextKernel

Last updated 3 years ago

Was this helpful?

Logo[原创][分享]buildroot构建MIPS64调试环境-智能设备-看雪论坛-安全社区|安全招聘|bbs.pediy.com[原创][分享]buildroot构建MIPS64调试环境-智能设备-看雪论坛-安全社区|安全招聘|bbs.pediy.com