Skip to content

peternguyen93/pwning-tools

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
1 branch 0 tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
Pwn
 
 
.gitignore
 
 
LICENSE
 
 
README.md
 
 
aslr.sh
 
 
install.sh
 
 
pwnlib_snippets.sublime-snippet
 
 
requirements.txt
 
 
sct
 
 
pwning-tools Author : peternguyen License : here Version : 2.0 beta Requirements: Installation: Description :

README.md

pwning-tools

Author : peternguyen

License : here

Version : 2.0 beta

Requirements:

  • capstone
  • keystone
  • pyelftools

Installation:

  • $./install.sh

Description :

  • pwning-tools is a minimal library including many feature that help CTFer create a simple, fast exploit payload in CTF competition.
  • pwning-tools support parsing elf file to extract some usefull information such as : GOT, PLT and other symbol by passing elf file into elf argument:
>>> from Pwn import *
>>> p = Pwn(elf='./silver_bullet')
>>> p.elf.got
{'usleep': 134524888, 'strncat': 134524924, 'stdin': 134524960, '__gmon_start__': 134524896, 'puts': 134524892, 'stdout': 134524964, 'read': 134524880, 'memset': 134524916, 'atoi': 134524920, 'exit': 134524900, 'printf': 134524884, '__libc_start_main': 134524908, 'strlen': 134524904, 'setvbuf': 134524912}
  • pwning-tools support interact with network socket and process (only work in Linux):
>>> from Pwn import *
>>> p = Pwn(elf='./silver_bullet',lazy='target 4444') # for socket
>>> p = PwnProc(elf='./silver_bullet') # for interact with process
  • pwning-tools provides some method that help pwner easier to find libc symbol when they have leak address
>>> from Pwn import *
>>> p = Pwn()
>>> offset,offset2 = p.get_libc_offset(0x7ffff7a84e30,'puts',is_get_base=True)
>>> print hex(offset)
0x297f0
>>> base_address = 0x7ffff7a84e30 - offset2
>>> print hex(base_address)
0x7ffff7a15000
>>> offset = p.get_libc_offset(0x7ffff7a84e30,'puts')
>>> print hex(offset)
0x297f0
  • pwning-tools provides a method in PwnProc that help pwner can convert script running with pwning-tools in to standalone script can run separate in target server.
>>> p = PwnProc(elf='./hunting')
>>> # some pwn code
>>> p.export('./standalone_hunting.py')
  • pwning-tool provides Shellcode that have some default shellcode for pwning also support some function that help pwner can quickly write shellcode in python script.

pwning-tools also support you quickly write shellcode base on keystone-engine.

from Pwn import *
asm('''
	push 0x1
	pop eax
	int 0x80
''','x86') # for quickly use only for intel x86, x86_64
asm_x86('''
	push 0x1
	pop eax
	int 0x80
''')

Port to python3

About

A small library that help CTFer quickly write payload

Resources

Readme

License

GPL-3.0 license

Stars

24 stars

Watchers

3 watching

Forks

6 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages