xct's notes
Search…
⌃K

Templates

Find Basic Block with Angr

import angr
import sys
def main(argv):
path_to_binary = "<binary>"
project = angr.Project(path_to_binary)
initial_state = project.factory.entry_state()
sm = project.factory.simgr(initial_state)
# list of basic blocks to find or to avoid
sm.explore(find=[], avoid=[])
for state in sm.deadended:
print(state.posix.dumps(sys.stdin.fileno()))
else:
raise Exception('Could not find the solution')
if __name__ == '__main__':
main(sys.argv)

Pwntools Template

from pwn import *
import struct
context.terminal = ['alacritty', '-e', 'zsh', '-c']
target = '<target>'
context.binary = target
binary = ELF(target)
libc = ELF("./libc.so.6")
ssh_host = '<ip>'
ssh_user = '<user>'
ssh_pass = '<pass>'
ssh_port = 22
if args['SSH']:
sh = ssh(host=ssh_host, user=ssh_user, password=ssh_pass, port=ssh_port)
p = sh.run('/bin/bash')
junk = p.recv(4096,timeout=2)
p.sendline(target)
else:
p = process(target,setuid=True)
#gdb.attach(p, gdbscript='continue')
p.interactive()

Extract value after string

get = lambda x: [sh.recvuntil('{} : '.format(x)), int(sh.recvline())][1]
p = get('p')

LD_Preload in pwntools

libc = ELF(<name>)
main = ELF(<name>)
r = main.process(env={'LD_PRELOAD' : libc.path})

Generate shellcode on commandline

pwn shellcraft -f d amd64.linux.setreuid 1002
Last modified 1yr ago