GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → abatchy17 → ROP-Emporium

abatchy17 / ROP-Emporium

Licence: other
Solutions for ROP Emporium challenges (https://ropemporium.com/) in python.

Programming Languages

python
139335 projects - #7 most used programming language

Labels

roprop-gadgetsexploitationropemporium

Projects that are alternatives of or similar to ROP-Emporium

DrGadget
dr.rer.oec.gadget IDAPython plugin for the Interactive Disassembler <ABANDONED PROJECT>
Stars: ✭ 61 (+60.53%)
Mutual labels:  rop, rop-gadgets, exploitation
xgadget
Fast, parallel, cross-variant ROP/JOP gadget search for x86/x64 binaries.
Stars: ✭ 33 (-13.16%)
Mutual labels:  rop, exploitation
pwnscripts
Very simple script(s) to hasten binary exploit creation
Stars: ✭ 66 (+73.68%)
Mutual labels:  rop, rop-gadgets
Exploit me
Very vulnerable ARM/AARCH64 application (CTF style exploitation tutorial with 14 vulnerability techniques)
Stars: ✭ 665 (+1650%)
Mutual labels:  rop, exploitation
rop-benchmark
ROP Benchmark is a tool to compare ROP compilers
Stars: ✭ 23 (-39.47%)
Mutual labels:  rop, rop-gadgets
Ropper
Display information about files in different file formats and find gadgets to build rop chains for different architectures (x86/x86_64, ARM/ARM64, MIPS, PowerPC, SPARC64). For disassembly ropper uses the awesome Capstone Framework.
Stars: ✭ 1,218 (+3105.26%)
Mutual labels:  rop, exploitation
Exploit-Development
Exploit Development - Weaponized Exploit and Proof of Concepts (PoC)
Stars: ✭ 84 (+121.05%)
Mutual labels:  rop, rop-gadgets
readhook
Red-team tool to hook libc read syscall with a buffer overflow vulnerability.
Stars: ✭ 31 (-18.42%)
Mutual labels:  rop, rop-gadgets
Ropa
GUI tool to create ROP chains using the ropper API
Stars: ✭ 151 (+297.37%)
Mutual labels:  rop, exploitation
Arm exploitation
Exploitation on ARM-based Systems (Troopers18)
Stars: ✭ 139 (+265.79%)
Mutual labels:  rop, exploitation
Ropgadget
This tool lets you search your gadgets on your binaries to facilitate your ROP exploitation. ROPgadget supports ELF, PE and Mach-O format on x86, x64, ARM, ARM64, PowerPC, SPARC and MIPS architectures.
Stars: ✭ 2,908 (+7552.63%)
Mutual labels:  rop, rop-gadgets
ropr
A blazing fast™ multithreaded ROP Gadget finder. ropper / ropgadget alternative
Stars: ✭ 200 (+426.32%)
Mutual labels:  rop, exploitation
idarop
ROP database plugin for IDA
Stars: ✭ 26 (-31.58%)
Mutual labels:  rop-gadgets
Pentest-Bookmarkz
A collection of useful links for Pentesters
Stars: ✭ 118 (+210.53%)
Mutual labels:  exploitation
Python
Python Powered Repository
Stars: ✭ 17 (-55.26%)
Mutual labels:  exploitation
exploiting
Exploiting challenges in Linux and Windows
Stars: ✭ 122 (+221.05%)
Mutual labels:  exploitation
maalik
Feature-rich Post Exploitation Framework with Network Pivoting capabilities.
Stars: ✭ 75 (+97.37%)
Mutual labels:  exploitation
phuzz
Find exploitable PHP files by parameter fuzzing and function call tracing
Stars: ✭ 53 (+39.47%)
Mutual labels:  exploitation
fastoverflowtk
This Buffer Overflow Toolkit works through FTP, SMTP, POP, HTTP protocols as well file outputs for playlists exploiting customized variables/commands. Payloads can be generated through MSFVENOM or you can use your own ASM files.
Stars: ✭ 16 (-57.89%)
Mutual labels:  exploitation
BFS2019
Bluefrost Exploitation Challenge 2019 - Exploit and Writeup
Stars: ✭ 20 (-47.37%)
Mutual labels:  exploitation
View All Similar Projects ➔

ROP Emporium solutions

ROP Emporium contains 7 challenges (32-bit and 64-bit versions) in somewhat increasing difficulty to teach ROP basics.

This repo contains python scripts that either print the flag or result in a shell, pretty much all of the challenges can getyou a shell if you really want to.

Dependencies:

  1. pwntools
  2. A functioning brain.

Useful commands/tools to use for any challenge

  1. Get function names: nm binary | grep ' t '
  2. Get GOT entries: readelf --relocs binary
  3. Get PLT entries: objdump -M intel -dj .plt binary
  4. Get strings: strings binary or the much better alternative rabin2 -z binary
  5. Virtual address space layout: vmmap in PEDA after starting program, otherwise other modules aren't mapped yet.
  6. Finding gadgets:
    • Usually you'll make use of gadgets explicitly provided in the binary under xxxGadgets
    • Those usually won't do and you'll need more stuff, you can either use ROPgadget, r2's /R command or whatever tool you like.

Note: You probably want to utilize the pwntools support to programmatically get GOT/PLT/segment data/function addresses using. It's easier to tell people than to use it myself..

If some solutions are unclear/confusing/total shit, go ahead and submit a PR.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].