Skip to content

peternguyen93/pwning-tools

BranchesTags

Repository files navigation

pwning-tools

Author : peternguyen

License : here

Version : 2.0 beta

Requirements:

  • capstone
  • keystone
  • pyelftools

Installation:

  • $./install.sh

Description :

  • pwning-tools is a minimal library including many feature that help CTFer create a simple, fast exploit payload in CTF competition.
  • pwning-tools support parsing elf file to extract some usefull information such as : GOT, PLT and other symbol by passing elf file into elf argument:
>>> from Pwn import *
>>> p = Pwn(elf='./silver_bullet')
>>> p.elf.got
{'usleep': 134524888, 'strncat': 134524924, 'stdin': 134524960, '__gmon_start__': 134524896, 'puts': 134524892, 'stdout': 134524964, 'read': 134524880, 'memset': 134524916, 'atoi': 134524920, 'exit': 134524900, 'printf': 134524884, '__libc_start_main': 134524908, 'strlen': 134524904, 'setvbuf': 134524912}
  • pwning-tools support interact with network socket and process (only work in Linux):
>>> from Pwn import *
>>> p = Pwn(elf='./silver_bullet',lazy='target 4444') # for socket
>>> p = PwnProc(elf='./silver_bullet') # for interact with process
  • pwning-tools provides some method that help pwner easier to find libc symbol when they have leak address
>>> from Pwn import *
>>> p = Pwn()
>>> offset,offset2 = p.get_libc_offset(0x7ffff7a84e30,'puts',is_get_base=True)
>>> print hex(offset)
0x297f0
>>> base_address = 0x7ffff7a84e30 - offset2
>>> print hex(base_address)
0x7ffff7a15000
>>> offset = p.get_libc_offset(0x7ffff7a84e30,'puts')
>>> print hex(offset)
0x297f0
  • pwning-tools provides a method in PwnProc that help pwner can convert script running with pwning-tools in to standalone script can run separate in target server.
>>> p = PwnProc(elf='./hunting')
>>> # some pwn code
>>> p.export('./standalone_hunting.py')
  • pwning-tool provides Shellcode that have some default shellcode for pwning also support some function that help pwner can quickly write shellcode in python script.

pwning-tools also support you quickly write shellcode base on keystone-engine.

from Pwn import *
asm('''
	push 0x1
	pop eax
	int 0x80
''','x86') # for quickly use only for intel x86, x86_64
asm_x86('''
	push 0x1
	pop eax
	int 0x80
''')

Port to python3

About

A small library that help CTFer quickly write payload

Resources

Readme

License

GPL-3.0 license
Activity

Stars

24 stars

Watchers

4 watching

Forks

6 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages