GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → Byzero512 → winpwn

Byzero512 / winpwn

Licence: other
CTF windows pwntools

Programming Languages

python
139335 projects - #7 most used programming language
c
50402 projects - #5 most used programming language

Labels

windowspwnctfpwntoolspwnable

Projects that are alternatives of or similar to winpwn

exploiting
Exploiting challenges in Linux and Windows
Stars: ✭ 122 (-10.95%)
Mutual labels:  pwn, ctf, pwntools, pwnable
Linux-Kernel-Exploitation
Linux kernel development & exploitation lab.
Stars: ✭ 130 (-5.11%)
Mutual labels:  pwn, ctf, pwnable
FastPwn
CTF中Pwn的快速利用模板(包含awd pwn)
Stars: ✭ 18 (-86.86%)
Mutual labels:  pwn, ctf, pwntools
Pwntools
CTF framework and exploit development library
Stars: ✭ 8,585 (+6166.42%)
Mutual labels:  ctf, pwntools, pwnable
pwnscripts
Very simple script(s) to hasten binary exploit creation
Stars: ✭ 66 (-51.82%)
Mutual labels:  pwn, ctf, pwntools
heapinfo
An interactive memory info for pwning / exploiting
Stars: ✭ 96 (-29.93%)
Mutual labels:  pwn, ctf, pwnable
ctf-writeups
📚 Yet another CTF writeups repository. PWN and RE tasks
Stars: ✭ 29 (-78.83%)
Mutual labels:  pwn, ctf, pwnable
CTF
My CTF tools & some other stuff
Stars: ✭ 17 (-87.59%)
Mutual labels:  pwn, ctf, pwntools
ctf-writeups
Writeups of CTF challenges
Stars: ✭ 19 (-86.13%)
Mutual labels:  pwn, ctf, pwntools
Gef
GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging features for exploit developers & reverse engineers ☢
Stars: ✭ 4,197 (+2963.5%)
Mutual labels:  pwn, ctf, pwntools
kar98k public
pwn & ctf tools for windows
Stars: ✭ 24 (-82.48%)
Mutual labels:  pwn, ctf
ghidra2dwarf
🐉 Export ghidra decompiled code to dwarf sections inside ELF binary
Stars: ✭ 135 (-1.46%)
Mutual labels:  pwn, ctf
ctf
repo for ctf
Stars: ✭ 22 (-83.94%)
Mutual labels:  ctf, pwnable
ida2pwntools
a IDA 7.0 plugins that helps to attach process created by pwntools and debug pwn
Stars: ✭ 58 (-57.66%)
Mutual labels:  ctf, pwntools
My-PWN-Life
This is a PWN challenges repo.###### 1f y0u l1ke, g1v3 m3 a star~
Stars: ✭ 23 (-83.21%)
Mutual labels:  pwn, ctf
Ctf All In One
CTF竞赛权威指南
Stars: ✭ 2,807 (+1948.91%)
Mutual labels:  pwn, ctf
heaptrace
helps visualize heap operations for pwn and debugging
Stars: ✭ 252 (+83.94%)
Mutual labels:  pwn, ctf
House Of Corrosion
A description of the "House of Corrosion" GLIBC heap exploitation technique.
Stars: ✭ 202 (+47.45%)
Mutual labels:  pwn, ctf
NTU-Computer-Security
台大 計算機安全 - Pwn 簡報、影片、作業題目與解法 - Computer Security Fall 2019 @ CSIE NTU Taiwan
Stars: ✭ 293 (+113.87%)
Mutual labels:  pwn, ctf
CTF
CTF binary exploit code
Stars: ✭ 37 (-72.99%)
Mutual labels:  pwn, pwnable
View All Similar Projects ➔

winpwn: pwntools for windows

for CTF windows pwn and IAT/EAT hook

pre

  1. support python2 and python3
  2. support windbg/windbgx/x64dbg/mingw-gdb

setup

  1. pip/pip3 install winpwn
  2. optional:
    • for debug, copy file .winpwn to windows HOMEDIR(get actual path with python: os.path.expanduser("~\\.winpwn")) and configure it.
    • pip install pefile
    • pip install keystone
    • pip install capstone

usage

1. process
   + process("./pwn")
   + process(["./pwn","argv[1]","argv[2]"])
   + p.readm(addr,n) # read process memory
   + p.writem(addr,con="") # write process memory
2. remote
   + remote("127.0.0.1", 65535)

3. context
   + context.timeout=512
   + context.debugger="gdb" # or "windbg" or "x64dbg"
   + context.endian="little"
   + context.log_level="" # or "debug"
   + context.terminal=[ ]
   + context.newline="\r\n"
   + context.arch="i386" # or "amd64"
   + content.pie=None
   + context.dbginit=None # used to set debugger init script
   + context.windbg=None # set debugger path, or use .winpwn to find debugger path
   + context.windbgx=None
   + content.gdb=None
   + context.x64dbg=None
   + context.nocolor=None # if set, will print non-colorful output to terminal
   
4. dbg: windbgx, windbg, gdb, x64dbg
   + windbgx.attach(p,script="bp 0x401000")
   + windbg.attach(p,script="bp 0x401000")
   + gdb.attach(p, script="b *0x401000")
   + x64dbg.attach(p) #can not parse script file yet

5. disable PIE:
   + PIE(exe_fpath="")
   + NOPIE(exe_fpath="")
6. asm/disasm:
   + asm("push ebp")
   + disasm("\x55")
   
7. winfile(fpath="./main.exe"):
   + winfile.symbols["CreateProcessA"] # return symbol's IAT/EAT offset of CreateProcessA by image base
8. wincs(ip,port)
   + wincs(ip=None,port=512): run a server to asm/disasm in remote machine for client where does not install keystone/capstone
   + wincs(ip='123.123.123.123',512): create a client to connet to server
      + wincs.asm(asmcode='push ebp')
      + wincs.disasm(machinecode='\x55')

configure

if you want to use debugger like gdb-peda, you need to deal with the deps yourself

windbgx/windbg

  1. pykd
  2. bywin

mingw-gdb

  1. wibe

photos

windbgx/windbg

windbgx

mingw gdb

gdb

x64dbg

because lacks some commandline options, so just can use x64dbg attach to process and can not deliver init script yet

refs

  1. https://github.com/masthoon/pwintools
  2. https://github.com/hakril/PythonForWindows
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].