GEF is a kick-ass set of commands for X86, ARM, MIPS, PowerPC and SPARC to make GDB cool again for exploit dev. It is aimed to be used mostly by exploiters and reverse-engineers, to provide additional features to GDB using the Python API to assist during the process of dynamic analysis and exploit development. It has full support for both Python2 and Python3 indifferently (as more and more distros start pushing gdb compiled with Python3 support).
exploit gdb reverse-engineering ctf ida-pro binary-ninja pwn exploit-development malware malware-research debuggingShellen is an interactive shellcoding environment. If you want a handy tool to write shellcodes, then shellen may be your friend. Shellen can also be used as an assembly or disassembly tool. keystone and capstone engines are used for all of shellen's operations.
keystone capstone shellcode interactive assembler dissassembler pwn shellcoding disassembly syscalls architecture dsm asm shell syscall-table common-shellcodes exploitation ctf exploitWhen playing ctf pwn challenges we usually need the one-gadget RCE (remote code execution), which leads to call execve('/bin/sh', NULL, NULL). Note: require ruby version >= 2.1.0, you can use ruby --version to check.
ctf pwnable pwn glibc one-gadget-rce shellYou can also add a custom libc to your database. Find all the libc's in the database that have the given names at the given addresses. Only the last 12 bits are checked, because randomization usually works on page size level.
pwn libc offsets ctf ctf-toolsGood for you! This repository is open to anyone, no filtering is done! Simply drop a PR with the command you want to share 😄 And useful scripts will eventually be integrated directly to GEF.
gdb gef pwn exploit reverse-engineering debuggingThese challenges are created by me so there're scripts for creating them.
pwn writeup ctf-writeupsAs pwn lovers, while playing CTF with heap exploitation, we always need a debugger (e.g. gdb) for tracking memory layout. But we don't really need gdb if we want to see whether the heap layout same as our imagine or not. Hope this small tool helps us exploit easier ;). HeapInfo is very helpful when binary has somehow anti-debugger limitations, e.g. being ptraced. HeapInfo still works because it doesn't use ptrace.
ctf pwn pwnableA <100 SLOC mangling of a JavaScript eventing system. pwn your objects using obj.prototype = Object.create(pwn); That's right - don't even worry about your constructor - that's some pseudo-classical garbage. You pwned it.
event eventing pwn lightweight这是些前段时间研究二进制的一些心得 Paper. 本来是希望能够从底层原理到全局把控的层次去整理. 这里只完成了部分的Paper, 还有很多的Paper只写了概要点. 这篇文章介绍了如何在目前的ELF下进行动态so注入, 介绍 gnu.hash 的结构和相关算法, 具体的代码可以参考evilELF, 代码设计规范.
pwn exploit binaryRun pwninit in a directory with the relevant files and it will detect which ones are the binary, libc, and linker. If the detection is wrong, you can specify the locations with --bin, --libc, and --ld. If you don't like the default template, you can use your own. Just specify --template-path <path>. Check template.py for the template format. The names of the exe, libc, and ld bindings can be customized with --template-bin-name, --template-libc-name, and --template-ld-name.
exploit binary pwn elf init
We have large collection of open source products. Follow the tags from
Tag Cloud >>
Open source products are scattered around the web. Please provide information
about the open source projects you own / you use.
Add Projects.