Templates

Search…

Templates

Find Basic Block with Angr
1
import angr
2
import sys
3
​
4
def main(argv):
5
  path_to_binary = "<binary>"
6
  project = angr.Project(path_to_binary)
7
  initial_state = project.factory.entry_state()
8
  sm = project.factory.simgr(initial_state)
9
  # list of basic blocks to find or to avoid
10
  sm.explore(find=[], avoid=[])  
11
  for state in sm.deadended:
12
    print(state.posix.dumps(sys.stdin.fileno()))
13
  else:
14
    raise Exception('Could not find the solution')
15
​
16
if __name__ == '__main__':
17
  main(sys.argv)
Copied!
Pwntools Template
1
from pwn import *
2
import struct
3
​
4
context.terminal = ['alacritty', '-e', 'zsh', '-c']
5
target = '<target>'
6
context.binary = target
7
binary = ELF(target)
8
libc = ELF("./libc.so.6")
9
​
10
ssh_host = '<ip>'
11
ssh_user = '<user>'
12
ssh_pass = '<pass>'
13
ssh_port = 22
14
​
15
if args['SSH']:
16
	sh = ssh(host=ssh_host, user=ssh_user, password=ssh_pass, port=ssh_port)
17
	p = sh.run('/bin/bash')
18
	junk = p.recv(4096,timeout=2)
19
	p.sendline(target)
20
else:
21
	p = process(target,setuid=True)
22
​
23
#gdb.attach(p, gdbscript='continue')
24
p.interactive()
Copied!
Extract value after string
1
get = lambda x: [sh.recvuntil('{} : '.format(x)), int(sh.recvline())][1]
2
p = get('p')
Copied!
LD_Preload in pwntools
1
libc = ELF(<name>)
2
main = ELF(<name>)
3
r = main.process(env={'LD_PRELOAD' : libc.path})
Copied!
Generate shellcode on commandline
1
pwn shellcraft -f d amd64.linux.setreuid 1002
Copied!

Misc

Next - Red Team

Misc

Last modified 5mo ago

Copy link

Contents

Find Basic Block with Angr

Pwntools Template

Extract value after string

LD_Preload in pwntools

Generate shellcode on commandline