ray-cp / Pwn_debug
Aim to help building exploitation of CTFs pwn game quickly
Stars: ✭ 149
Programming Languages
python
139335 projects - #7 most used programming language
Projects that are alternatives of or similar to Pwn debug
Libc Database
Build a database of libc offsets to simplify exploitation
Stars: ✭ 1,122 (+653.02%)
Mutual labels: ctf-tools, pwn
pwnscripts
Very simple script(s) to hasten binary exploit creation
Stars: ✭ 66 (-55.7%)
Mutual labels: pwn, ctf-tools
Pwn Sandbox
A sandbox to protect your pwn challenges being pwned in CTF AWD.
Stars: ✭ 81 (-45.64%)
Mutual labels: ctf-tools, pwn
Androidsnooper
Android library to record the network calls through the interceptor mechanism of the http clients.
Stars: ✭ 132 (-11.41%)
Mutual labels: debugging-tool
Ptemplate
A personal website template that's not a pain in the ass to setup and use
Stars: ✭ 143 (-4.03%)
Mutual labels: easy-to-use
Twili
Homebrew debug monitor for the Nintendo Switch.
Stars: ✭ 131 (-12.08%)
Mutual labels: debugging-tool
Pwninit
pwninit - automate starting binary exploit challenges
Stars: ✭ 127 (-14.77%)
Mutual labels: pwn
Pwn deploy chroot
可以方便地部署一个或者多个pwn题到一个docker容器中(使用chroot,并可以设置是否使用我自己写的catflag程序替换默认的/bin/sh程序,以增加安全性)
Stars: ✭ 146 (-2.01%)
Mutual labels: pwn
Ololog
A better console.log for the log-driven debugging junkies
Stars: ✭ 141 (-5.37%)
Mutual labels: debugging-tool
Algobook
A beginner-friendly project to help you in open-source contributions. Data Structures & Algorithms in various programming languages Please leave a star ⭐ to support this project! ✨
Stars: ✭ 132 (-11.41%)
Mutual labels: easy-to-use
Siris
DEPRECATED: The community driven fork of Iris. The fastest web framework for Golang!
Stars: ✭ 146 (-2.01%)
Mutual labels: easy-to-use
Print My Shell
Python script wrote to automate the process of generating various reverse shells.
Stars: ✭ 140 (-6.04%)
Mutual labels: ctf-tools
pwn_debug
pwn_debug -- An auxiliary debugging tool for ctf pwns based on pwntools
It is suggested you get the full description with Usage and Installation at wiki.
Here is just a simple description.
Getting Started
- Install pwn_debug
git clone https://github.com/ray-cp/pwn_debug.git
cd pwn_debug
sudo python setup.py install
# or python setup.py install --user
- Compile glibc with debug symbols
compile a specific version.
# ./build.sh $(version)
./build.sh 2.23
compile all the version(no parameter means compile all)
# ./build.sh
./build.sh
normal usage
from pwn_debug import *
## step 1
pdbg=pwn_debug("binary")
pdbg.context.terminal=['tmux', 'splitw', '-h']
## step 2
pdbg.local("libc.so.6")
pdbg.debug("2.23")
pdbg.remote('34.92.96.238',10000)
## step 3
#p=pdbg.run("local")
#p=pdbg.run("debug")
p=pdbg.run("remote")
pdbg.bp([0x9aa])
elf=pdbg.elf
print hex(elf.got['printf'])
print hex(elf.plt['printf'])
libc=pdbg.libc
print libc.symbols['system']
p.interactive()
IO FILE
from pwn_debug import *
fake_file=IO_FILE_plus()
fake_file._IO_write_ptr=1 # set _IO_write_ptr
fake_file._IO_write_base=0
fake_file.show() # show the IO FILE
fake_file.orange_check() # check if the IO FILE can attack `house of orange`
fake_file.str_finish_check() # check if the IO FILE can attack hajck the `_IO_finish` in `_IO_str_jumps` vtable
fake_file.arbitrary_read_check("stdout") # check if the IO FILE can arbitrary read in stdout handle
fake_file.arbitrary_write_check("stdin") # check if the IO FILE can arbitrary write in stdin handle
fake_file.arbitrary_write_check("stdout") # check if the IO FILE can arbitrary write in stdout handle
print str(fake_file)
ret2dl_resolve
x86 with fake reloc_arg:
ret2dl_resolve=pdbg.ret2dl_resolve()
addr,resolve_data,resovle_call=ret2dl_resolve.build_normal_resolve(bss_addr,'system',bss_addr+0x400)
payload=resolve_data+'a'*0x44+resovle_call
x64 with fake link_map:
offset=libc.symbols['system']-libc.symbols['__libc_start_main']
got_libc_address=elf.got['__libc_start_main']
ret2dl_resolve=pdbg.ret2dl_resolve()
# fake_link_map address is addr+0x100
fake_link_map=ret2dl_resolve.build_link_map(addr+0x100,1,offset,got_libc_address)
payload+=fake_link_map
format_string
payload=pdbg.fmtstr_payload(offset, writes, write_size='short',numbwritten):
payload=pdbg.fmtstr_hn_complete(offset,write_payload)
payload=pdbg.fmtstr_hn_payload(self,offset,write_payload)
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].