##前置遇到了很多问题,这里做一个记录,部分步骤没有截图
I have encountered a lot of problems, here is a record, some steps have no screenshots
qemu
sudo apt-get install qemu-
qemu-<两下tab>会弹出qemu可以模拟的所有平台(All platforms that QEMU can be simulated will pop up) ### busybox 官网:https://busybox.net/  进入busybox目录 Enter the busybox directory ```shell make menuconfig
Q : HOSTCC scripts/basic/fixdep
/bin/sh: 1: gcc: not found
scripts/Makefile.host:90: recipe for target ‘scripts/basic/fixdep’ failed
make[1]: *** [scripts/basic/fixdep] Error 127
Makefile:532: recipe for target ‘scripts_basic’ failed
make: *** [scripts_basic] Error 2A : 此报错是因为缺少gcc(This error is due to the lack of GCC)
sudo apt install gccQ : $ make ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf- menuconfig
HOSTCC scripts/kconfig/mconf.o
:0:12: fatal error: curses.h: 没有那个文件或目录
compilation terminated.
scripts/Makefile.host:108: recipe for target ‘scripts/kconfig/mconf.o’ failed
make[1]: *** [scripts/kconfig/mconf.o] Error 1
Makefile:541: recipe for target ‘menuconfig’ failed
make: *** [menuconfig] Error 2A : 这是因为ubuntu缺少ncurses devel套件,安装即可(This is because Ubuntu lacks NCURSES Devel kit, just install it)
sudo apt-get install libncurses5-dev
接着会进入settings
Then you will enter settings
-
勾选
Build static binary(no shared libs),因为动态链接需要额外的动态链接库,这样会使得系统文件变得很大(Check the `Build Static binary (no shared libs), because the dynamic link requires an additional dynamic link library, which will make the system file a large) -
安装目录
(Destination path for "make install"(NEW))我设置的是./rootfs(Install the directory(Destination Path for" Make Install "(New)./ROOTFS) -
保存退出(Save and exit)
make -j4make install 接着就会在busybox中看到生成的rootfs文件夹
Then you will see the generated rootfs folder
到这里做基本的内核pwn题基本的环境已经够了
It’s enough to do the basic environment of the core PWN question here.
:Could not access KVM Kernel module
qemu-system-x86_64 -initrd rootfs.cpio -kernel bzImage -append 'console=ttyS0 root=/dev/ram oops=panic panic=1' -enable-kvm -monitor /dev/null -m 64M --nographic -smp cores=1,threads=1 -cpu kvm64,+smep因为虚拟机缺少kvm,在run boot.sh的时候可以先将boot.sh的source_code里的-enable-kvm去掉,boot.sh就可以运行了
Because the virtual machine lacks KVM, when run boot.sh, you can first remove the source_code of boot.sh first.
重新打包系统文件(Re -pack the system file)
find . | cpio -o -H newc > ../rootfs.cpio当然也可以写个pack.sh
Of course you can also write a Pack.sh
#!/bin/sh
cp -r rootfs rootfs_tmp
cp -r etc rootfs_tmp/
cp init rootfs_tmp/
cp babydriver.ko rootfs_tmp/
gcc -g -static exp.c -o exp
cp exp rootfs_tmp/
chmod +x rootfs_tmp/init
chmod g-w -R rootfs_tmp/
chmod o-w -R rootfs_tmp/
sudo chown -R root rootfs_tmp/
sudo chgrp -R root rootfs_tmp/
sudo chmod u+s rootfs_tmp/bin/busybox
cd rootfs_tmp
find . | cpio -o -H newc > ../rootfs.cpio
cd ..
sudo rm -rf rootfs_tmp