Skip to content
Automatic exploit generation for simple linux pwn challenges.
Python
Branch: master
Clone or download
Latest commit 4c168e1 Aug 10, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
plugins plugins Aug 10, 2019
.gitignore
LICENSE initial Aug 4, 2019
README.md update Aug 10, 2019
exploit.py win function option fixed Aug 9, 2019
leak.py added canary bruteforcing & fixed some things Aug 8, 2019
requirements.txt initial Aug 4, 2019
ropstar.py plugins Aug 10, 2019
utils.py update Aug 10, 2019

README.md

Ropstar

Exploits simple linux bof challenges involving alsr, nx and to some extend format strings. You can let it get you a shell or specify a win function that is called.

asciicast

Install

  • The program expects a local installation of libcdatabase in /home/user/tools/libcdatabase. To run local exploits make sure you add your local libc to libcdatabase (32-bit & 64-bit versions). Also in ~/tools you need a clone of ROPgadget (used for static binary exploitation).

Examples

The examples assume you create a 'work' subdirectory in the project folder where you copy the target binary into and run the program from.

Exploit local binary:

python ../ropstar.py <name>

Run remote challenge

python ../ropstar.py <name> -rhost <address> -rport <port>

Limitations

  • a lot, this a just a PoC
  • we assume we can write enough bytes to put our payload after the return pointer overwrite - this is not always the case, so we fail on some binaries

Tested on

You can’t perform that action at this time.