niklasb / Libc Database
Licence: mit
Build a database of libc offsets to simplify exploitation
Stars: ✭ 1,122
Programming Languages
shell
77523 projects
Projects that are alternatives of or similar to Libc Database
Pwn Sandbox
A sandbox to protect your pwn challenges being pwned in CTF AWD.
Stars: ✭ 81 (-92.78%)
Mutual labels: ctf, ctf-tools, pwn
libc-db
libc database (file in packages, hash, package files, symbols). Raw binary libc available on https://github.com/BestPig/libc-bin)
Stars: ✭ 21 (-98.13%)
Mutual labels: libc, pwn, ctf
One gadget
The best tool for finding one gadget RCE in libc.so.6
Stars: ✭ 1,306 (+16.4%)
Mutual labels: libc, ctf, pwn
pwnscripts
Very simple script(s) to hasten binary exploit creation
Stars: ✭ 66 (-94.12%)
Mutual labels: pwn, ctf, ctf-tools
soma
Cross-platform CTF problem container manager
Stars: ✭ 23 (-97.95%)
Mutual labels: pwn, ctf, ctf-tools
Crypton
Library consisting of explanation and implementation of all the existing attacks on various Encryption Systems, Digital Signatures, Key Exchange, Authentication methods along with example challenges from CTFs
Stars: ✭ 995 (-11.32%)
Mutual labels: ctf, ctf-tools
Stegcracker
Steganography brute-force utility to uncover hidden data inside files
Stars: ✭ 396 (-64.71%)
Mutual labels: ctf, ctf-tools
Name That Hash
🔗 Don't know what type of hash it is? Name That Hash will name that hash type! 🤖 Identify MD5, SHA256 and 3000+ other hashes ☄ Comes with a neat web app 🔥
Stars: ✭ 540 (-51.87%)
Mutual labels: ctf, ctf-tools
Security Tools
Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.
Stars: ✭ 509 (-54.63%)
Mutual labels: ctf, ctf-tools
Ctfsubmitter
A flag submitter service with distributed attackers for attack/defense CTF games.
Stars: ✭ 56 (-95.01%)
Mutual labels: ctf, ctf-tools
Spellbook
Micro-framework for rapid development of reusable security tools
Stars: ✭ 53 (-95.28%)
Mutual labels: ctf, ctf-tools
Hyperpwn
A hyper plugin to provide a flexible GDB GUI with the help of GEF, pwndbg or peda
Stars: ✭ 387 (-65.51%)
Mutual labels: ctf, pwn
Pwndra
A collection of pwn/CTF related utilities for Ghidra
Stars: ✭ 417 (-62.83%)
Mutual labels: ctf, pwn
Gef
GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging features for exploit developers & reverse engineers ☢
Stars: ✭ 4,197 (+274.06%)
Mutual labels: ctf, pwn
Ciphey
⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
Stars: ✭ 9,116 (+712.48%)
Mutual labels: ctf, ctf-tools
Shellen
🌸 Interactive shellcoding environment to easily craft shellcodes
Stars: ✭ 799 (-28.79%)
Mutual labels: ctf, pwn
Web interface
libc-database now has a web service and frontend. Visit https://libc.rip/ to try it out! Read https://github.com/niklasb/libc-database/tree/master/searchengine if you are interested in the API.
Building a libc offset database
If you're getting errors, please check the "Requirements" section below.
Fetch the desired libc categories and extract the symbol offsets. It will not download anything twice, so you can also use it to update your database:
$ ./get # List categories
$ ./get ubuntu debian # Download Ubuntu's and Debian's libc, old default behavior
$ ./get all # Download all categories. Can take a while!
You can also add a custom libc to your database.
$ ./add /usr/lib/libc-2.21.so
Find all the libc's in the database that have the given names at the given addresses. Only the last 12 bits are checked, because randomization usually works on page size level.
$ ./find printf 260 puts f30
archive-glibc (libc6_2.19-10ubuntu2_i386)
Find a libc from the leaked return address into __libc_start_main.
$ ./find __libc_start_main_ret a83
ubuntu-trusty-i386-libc6 (libc6_2.19-0ubuntu6.6_i386)
archive-eglibc (libc6_2.19-0ubuntu6_i386)
ubuntu-utopic-i386-libc6 (libc6_2.19-10ubuntu2.3_i386)
archive-glibc (libc6_2.19-10ubuntu2_i386)
archive-glibc (libc6_2.19-15ubuntu2_i386)
Dump some useful offsets, given a libc ID. You can also provide your own names to dump.
$ ./dump libc6_2.19-0ubuntu6.6_i386
offset___libc_start_main_ret = 0x19a83
offset_system = 0x00040190
offset_dup2 = 0x000db590
offset_recv = 0x000ed2d0
offset_str_bin_sh = 0x160a24
Check whether a library is already in the database.
$ ./identify /usr/lib/libc.so.6
local-f706181f06104ef6c7008c066290ea47aa4a82c5
Or find a libc using a hash (currently BuildID, MD5, SHA1 and SHA256 is implemented):
$ ./identify bid=ebeabf5f7039f53748e996fc976b4da2d486a626
libc6_2.17-93ubuntu4_i386
$ ./identify md5=af7c40da33c685d67cdb166bd6ab7ac0
libc6_2.17-93ubuntu4_i386
$ ./identify sha1=9054f5cb7969056b6816b1e2572f2506370940c4
libc6_2.17-93ubuntu4_i386
$ ./identify sha256=8dc102c06c50512d1e5142ce93a6faf4ec8b6f5d9e33d2e1b45311aef683d9b2
libc6_2.17-93ubuntu4_i386
Download the whole libs corresponding to a libc ID.
$ ./download libc6_2.23-0ubuntu10_amd64
Getting libc6_2.23-0ubuntu10_amd64
-> Location: http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6_2.23-0ubuntu10_amd64.deb
-> Downloading package
-> Extracting package
-> Package saved to libs/libc6_2.23-0ubuntu10_amd64
$ ls libs/libc6_2.23-0ubuntu10_amd64
ld-2.23.so ... libc.so.6 ... libpthread.so.0 ...
Requirements
General
To run these scripts, you will need following command on your PATH:
- readelf
- objdump
- strings
- perl
- find
- grep
- md5sum
- sha1sum
- sha256sum
- file
Debian-based (Ubuntu, Debian, Kali Linux, ParrotSec)
- mktemp
- perl
- wget
- ar
- tar
- grep
RPM-based (category 'rpm')
- mktemp
- perl
- wget
- rpm2cpio
- cpio
- grep
CentOS-based
In addition of RPM-Based requirements, you will need:
- wget
- gzip
- grep
Pacman-based
- mktemp
- perl
- grep
- sed
- cat
- wget
- zstd
- xz-utils
- tar
APK Based
- mktemp
- perl
- wget
- tar
- gzip
- grep
Install everything
To install everything on Debian 10, run these commands:
apt-get update
apt-get install -y \
binutils file \
wget \
rpm2cpio cpio \
zstd
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].