ComputerSecurityStudent (CSS) [Login] [Join Now]




|WINDOWS >> Damn Vulnerable Windows >> WXP-SP2 IE6 >> Current Page |Views: 21113

(Damn Vulnerable Windows XP: Lesson 8)

{ How to install OllyDbg v1.10 x86 Debugger }


Section 0. Background Information
  1. What is Damn Vulnerable Windows XP?
    • This is a Windows XP Virtual Machine that provides a practice environment to conduct ethical penetration testing, vulnerability assessment, exploitation and forensics investigation.
    • The Microsoft Software License Terms for the IE VMs are included in the release notes.
    • By downloading and using this software, you agree to these license terms.

  2. What is OllyDbg v1.10 x86 Debugger?
    • OllyDbg (named after its author, Oleh Yuschuk) is an x86 debugger that emphasizes binary code analysis, which is useful when source code is not available. It traces registers, recognizes procedures, API calls, switches, tables, constants and strings, as well as locates routines from object files and libraries.
    • OllyDbg is often used for reverse engineering of programs.  It is often used by crackers to crack software made by other developers. For cracking and reverse engineering, it is often the primary tool because of its ease of use and availability; any 32-bit executable can be used by the debugger and edited in bitcode/assembly in realtime.  It is also useful for programmers to ensure that their program is running as intended, and for malware analysis purposes.
     
  3. OllyDbg v1.10 x86 Debugger License Agreement
  4. Pre-Requisite
  5. Lesson Purpose
    • This is a Pre-Requisite Lesson that will be used to illustrate future buffer overflow analysis.

  6. Lab Notes
    • In this lab we will do the following:
      1. Download OllyDbg v1.10 x86 Debugger
      2. Install OllyDbg v1.10 x86 Debugger
     
  7. Legal Disclaimer
    • As a condition of your use of this Web site, you warrant to computersecuritystudent.com that you will not use this Web site for any purpose that is unlawful or that is prohibited by these terms, conditions, and notices.
    • In accordance with UCC § 2-316, this product is provided with "no warranties, either express or implied." The information contained is provided "as-is", with "no guarantee of merchantability."
    • In addition, this is a teaching website that does not condone malicious behavior of any kind.
    • You are on notice, that continuing and/or using this lab outside your "own" test environment is considered malicious and is against the law.
    • © 2016 No content replication of any kind is allowed without express written permission.

 

Section 1: Log into Damn Vulnerable WXP-SP2
  1. Open VMware Player on your windows machine.
    • Instructions:
      1. Click the Start Button
      2. Type "vmware player" in the search box
      3. Click on VMware Player

     

  2. Edit Virtual Machine Settings
    • Instructions:
      1. Click on Damn Vulnerable WXP-SP2
      2. Edit Virtual Machine Settings
    • Note:
      • Before beginning a lesson it is necessary to check the following VM settings.

     

  3. Set Network Adapter
    • Instructions:
      1. Click on Network Adapter
      2. Click on the radio button "Bridged: Connected directly to the physical network".
      3. Click the OK Button

     

  4. Start Up Damn Vulnerable WXP-SP2.
    • Instructions:
      1. Start Up your VMware Player
      2. Play virtual machine

     

  5. Logging into Damn Vulnerable WXP-SP2.
    • Instructions:
      1. Click on Administrator
      2. Password: Supply Password
        •  (See Note)
      3. Press <Enter> or Click the Arrow
    • Note(FYI):
      1. Password was created in (Lab 1, Section 1, Step 8)

     

  6. Open the Command Prompt
    • Instructions:
      1. Click the Start Button
      2. All Programs --> Accessories --> Command Prompt

     

  7. Obtain Damn Vulnerable WXP-SP2's IP Address
    • Instructions:
      1. ipconfig
      2. Record Your IP Address
    • Note(FYI):
      • In my case, Damn Vulnerable WXP-SP2's IP Address 192.168.1.116.
      • This is the IP Address of the Victim Machine.

 

Section 2: Install OllyDbg v1.10 x86
  1. Open Firefox
    • Instructions:
      1. Click the Start Button
      2. All Programs --> Mozilla Firefox

     

  2. Download OllyDbg 1.10
    • Instructions:
      1. Navigate to the following URL
        • http://www.ollydbg.de/download.htm
      2. Click on Download OllyDbg 1.10
      3. Click on Save File Radio Button
      4. Click the OK Button

     

  3. Open Downloads Folder (Part 1)
    • Instructions:
      1. Tools --> Downlaods

     

  4. Open Downloads Folder (Part 2)
    • Instructions:
      1. Right Click on odbg110.zip
      2. Click on Open Containing Folder

     

  5. Extract the odbg110 file
    • Instructions:
      1. Right Click on odbg110
      2. Touch 7-Zip
      3. Click on Extract to odbg110\

     

  6. Open the oddbg110 folder
    • Instructions:
      1. Right on the odbg110 folder
      2. Select Open

     

  7. Create a OLLDBG Desktop Icon
    • Instructions:
      1. Right on OLLDBG
      2. Touch Send To
      3. Select Desktop (create shortcut)

     

  8. Show Desktop
    • Instructions:
      1. Right Click on Blue Taskbar
      2. Select Show the Desktop

     

  9. Run OLLYDBG
    • Instructions:
      1. Right Click on the OLLYDBG Desktop Icon
      2. Select Open

     

  10. Old DLL
    • Instructions:
      1. Select the No Button
    • Note(FYI):
      • You can select either Yes or No here.  Selecting No did not appear to have any bearing on debugging analysis of the buffer overflow lessons.

 

Section 4: Configure OllyDbg Font Appearance
  1. Configuration Appearance (Part 1)
    • Instructions:
      1. Options --> Appearance

     

  2. Configuration Appearance (Part 2)
    • Instructions:
      1. Click the Change Button

     

  3. Configuration Font
    • Instructions:
      1. Select 9 Font Size
      2. Click the OK Button in the Font Window
      3. Click the OK Button in the Appearance Window
    • Note(FYI):
      • This is necessary unless you have really exceptional vision.
      • Do not close OllyDbg

     

Section 5: Proof of Lab
  1. Open the Command Prompt
    • Instructions:
      1. Click the Start Button
      2. All Programs --> Accessories --> Command Prompt

     

  2. Proof of Lab
    • Instructions:
      1. tasklist 2>NULL| find /i "ollydbg"
      2. date /t
      3. echo "Your Name"
        • Put in your actual name in place of "Your Name"
        • e.g., echo "John Gray"
    • Note(FYI):
      • Command #1, Use (tasklist) to show all the running processes.  Use (find) and ignore case (/i) to display only the processes that contain the string (ollydbg). 
    • Proof of Lab Instructions
      1. Press the <Ctrl> and <Alt> key at the same time.
      2. Press the <PrtScn> key.
      3. Paste into a word document
      4. Upload to Moodle


Help ComputerSecurityStudent
pay for continued research,
resources & bandwidth