A python library for finding libc offsets based on leaked addresses. It utilizes the libc-database API.
pip3 install pwnc
The documentation for this project is very light. For example usecases you can
view my writeups for pwn challenges where I used pwnc
.
Retrieve a libc in the form of a bytestring. Provide known symbol names mapped to their addresses in memory. Not all symbol names are stored in the database. Checkout libc-database for information on which symbols are stored.
>>> import pwnc
>>> known_addresses = {"strncpy": "0x7fffffff0db0",
"strcat": "0x7fffffffd800"}
>>> libc_bytestring = pwnc.get_libc(known_addresses)
>>> libc_bytestring[:4]
b'\x7fELF'
>>>
This method returns all known symbol offsets for a libc. Provide a dictionary of symbol names mapped to their in memory offsets
>>> import pwnc
>>> known_addresses = {"strncpy": "0x7fffffff0db0",
"strcat": "0x7fffffffd800"}
>>> symbols = pwnc.query(known_addresses)
>>> for sym in symbols.items():
... print(f"{sym[0]} = {hex(sym[1])}")
...
__libc_start_main_ret = 0x21b97
dup2 = 0x110ab0
printf = 0x64f00
puts = 0x80a30
read = 0x110180
str_bin_sh = 0x1b40fa
system = 0x4f4e0
write = 0x110250