GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → 0xb0bb → Karkinos

0xb0bb / Karkinos

Licence: mit
A thorough library database to assist with binary exploitation tasks.

Programming Languages

python
139335 projects - #7 most used programming language

Labels

databasectfexploitationbinarylibc

Projects that are alternatives of or similar to Karkinos

how-to-exploit-a-double-free
How to exploit a double free vulnerability in 2021. Use After Free for Dummies
Stars: ✭ 1,165 (+585.29%)
Mutual labels:  binary, ctf, exploitation
Binary Exploitation
Good to know, easy to forget information about binaries and their exploitation!
Stars: ✭ 47 (-72.35%)
Mutual labels:  binary, ctf, exploitation
Exploit me
Very vulnerable ARM/AARCH64 application (CTF style exploitation tutorial with 14 vulnerability techniques)
Stars: ✭ 665 (+291.18%)
Mutual labels:  ctf, exploitation
Shellen
🌸 Interactive shellcoding environment to easily craft shellcodes
Stars: ✭ 799 (+370%)
Mutual labels:  ctf, exploitation
Libc Database
Build a database of libc offsets to simplify exploitation
Stars: ✭ 1,122 (+560%)
Mutual labels:  libc, ctf
Sqlmap
Automatic SQL injection and database takeover tool
Stars: ✭ 21,907 (+12786.47%)
Mutual labels:  database, exploitation
Pwndra
A collection of pwn/CTF related utilities for Ghidra
Stars: ✭ 417 (+145.29%)
Mutual labels:  ctf, exploitation
Write Ups
📚 VoidHack CTF write-ups
Stars: ✭ 45 (-73.53%)
Mutual labels:  ctf, exploitation
On Pwning
My solutions to some CTF challenges and a list of interesting resources about pwning stuff
Stars: ✭ 87 (-48.82%)
Mutual labels:  ctf, exploitation
One gadget
The best tool for finding one gadget RCE in libc.so.6
Stars: ✭ 1,306 (+668.24%)
Mutual labels:  libc, ctf
Ssrfmap
Automatic SSRF fuzzer and exploitation tool
Stars: ✭ 1,344 (+690.59%)
Mutual labels:  ctf, exploitation
Ceras
Universal binary serializer for a wide variety of scenarios https://discord.gg/FGaCX4c
Stars: ✭ 374 (+120%)
Mutual labels:  binary, database
Heapwn
Linux Heap Exploitation Practice
Stars: ✭ 344 (+102.35%)
Mutual labels:  ctf, exploitation
Mbe
Course materials for Modern Binary Exploitation by RPISEC
Stars: ✭ 4,674 (+2649.41%)
Mutual labels:  ctf, exploitation
empirectf
EmpireCTF – write-ups, capture the flag, cybersecurity
Stars: ✭ 122 (-28.24%)
Mutual labels:  ctf, exploitation
Search Libc
Web wrapper of niklasb/libc-database
Stars: ✭ 124 (-27.06%)
Mutual labels:  libc, ctf
libc-db
libc database (file in packages, hash, package files, symbols). Raw binary libc available on https://github.com/BestPig/libc-bin)
Stars: ✭ 21 (-87.65%)
Mutual labels:  libc, ctf
xgadget
Fast, parallel, cross-variant ROP/JOP gadget search for x86/x64 binaries.
Stars: ✭ 33 (-80.59%)
Mutual labels:  binary, exploitation
Ropper
Display information about files in different file formats and find gadgets to build rop chains for different architectures (x86/x86_64, ARM/ARM64, MIPS, PowerPC, SPARC64). For disassembly ropper uses the awesome Capstone Framework.
Stars: ✭ 1,218 (+616.47%)
Mutual labels:  binary, exploitation
Arissploit
Arissploit Framework is a simple framework designed to master penetration testing tools. Arissploit Framework offers simple structure, basic CLI, and useful features for learning and developing penetration testing tools.
Stars: ✭ 114 (-32.94%)
Mutual labels:  database, exploitation
View All Similar Projects ➔

Karkinos

A large library database to assist in binary exploitation on Linux. This tool can help identify unknown libraries by providing the location of known symbols, it can help locate the name of packages that contain a given library and it can find the debugging version of a library you are working with.

Once the library is identified you can dump useful information such as symbols (both exported symbols and special useful calculated locations that are useful for exploitation), gadgets for ROP chains or one shot (AKA magic gadgets or one gadgets) and their constraints.

The usage is inspired by the excellent libc-database.

It supports many architectures including:

  • x86 (i386 / amd64)
  • arm (arm / arm64)
  • mips (mips / mips64)
  • ppc (ppc / ppc64)
  • sparc (sparc / sparc64)
  • sh4
  • hppa
  • m68k

There are many libraries indexed over many distributions spanning many years. The libraries indexed are:

  • glibc
  • libstdc++

Install

Clone the repository or download an extract somewhere, within that folder you can access the tool by running:

$ ./kark.py --help

On the first run it will attempt to extract the databases from the compressed files, you will need to have the xz binary installed and availible through the PATH env var.

Usage

usage: kark.py [-h] [--libdb {glibc,libstdc++}] [--distro DISTRO]
               [--arch {x86,amd64,i386,arm,arm64,mips,mips64,ppc,ppc64,sparc,sparc64,m68k,hppa,sh4}]
               [--endian {little,big}]
               {find,dump,info,update} ...

description:
  karkinos is a library database to assist with exploitation by helping to
  identify libraries from known offsets or to dump useful offsets from those
  identified libraries. Each database indexes symbols, gadgets and where
  possible one shot gadgets (AKA magic gadgets or one gadgets).

architectures indexed:
  - x86   (amd64, i386)
  - arm   (arm,   arm64)
  - mips  (mips,  mips64)
  - ppc   (ppc,   ppc64)
  - sparc (sparc, sparc64)
  - m68k
  - hppa
  - sh4

libraries indexed:
  - glibc
  - libstdc++

commands:
  - find        find a library by symbol offsets, file, build id or file hash
  - dump        dump symbols/gadgets for a given library
  - info        print some information about a specific library
  - update      check for updates to the database
  - version     display version information and exit

positional arguments:
  {find,dump,info,update}
                        command to execute
  args                  arguments for specific command, see examples

optional arguments:
  -h, --help            show this help message and exit
  --libdb {glibc,libstdc++}
                        the library database to use
  --distro DISTRO       the linux distribution to filter in symbol search
  --arch {x86,amd64,i386,arm,arm64,mips,mips64,ppc,ppc64,sparc,sparc64,m68k,hppa,sh4}
                        architecture to filter in symbol search
  --endian {little,big}
                        endianess to filter in symbol search

examples:
  ./kark.py find fgets b20 puts 9c0 fwrite 8a0
  ./kark.py find 50390b2ae8aaa73c47745040f54e602f
  ./kark.py find b417c0ba7cc5cf06d1d1bed6652cedb9253c60d0
  ./kark.py find /lib/x86_64-linux-gnu/libc.so.6
  ./kark.py --arch arm --endian big find system 440
  ./kark.py --distro ubuntu fgets b20 puts 9c0
  ./kark.py dump centos_glibc-2.12-1.107.el6_4.2.x86_64
  ./kark.py dump opensuse_glibc-2.19-16.9.1.i686 fgets system str_bin_sh
  ./kark.py info ubuntu_libc6-udeb_2.27-3ubuntu1_amd64
  ./kark.py update

Screenshots

Karkinos

TODO

  • Make the database faster (queries are far from optimised)
  • Make the database smaller (schema is not optimal)
  • Clean the code up (was hobbled together very quickly)
  • More gadgets, more one shot gadgets
  • Make usable as a library (remove output, reorganise code)

Contact

@0xb0bb

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].