Templates

Find Basic Block with Angr
import angr
import sys
​
def main(argv):
  path_to_binary = "<binary>"
  project = angr.Project(path_to_binary)
  initial_state = project.factory.entry_state()
  sm = project.factory.simgr(initial_state)
  # list of basic blocks to find or to avoid
  sm.explore(find=[], avoid=[])  
  for state in sm.deadended:
    print(state.posix.dumps(sys.stdin.fileno()))
  else:
    raise Exception('Could not find the solution')
​
if __name__ == '__main__':
  main(sys.argv)
Execute program over ssh via pwntools
#!/usr/bin/python
from pwn import *
​
s =  ssh(host='', user='', password='')
p = s.run('cd <path> && ./<vuln>')
p.recv()
p.sendline(<payload>)
p.interactive()
s.close()
Extract value after string
get = lambda x: [sh.recvuntil('{} : '.format(x)), int(sh.recvline())][1]
p = get('p')
LD_Preload in pwntools
libc = ELF(<name>)
main = ELF(<name>)
r = main.process(env={'LD_PRELOAD' : libc.path})
Generate shellcode on commandline
pwn shellcraft -f d amd64.linux.setreuid 1002
Misc
Next - Red Team
Misc
Last updated 1 month ago