mirror of
https://github.com/HackTricks-wiki/hacktricks.git
synced 2025-10-10 18:36:50 +00:00
149 lines
2.5 KiB
Markdown
149 lines
2.5 KiB
Markdown
# PwnTools
|
|
|
|
{{#include ../../../banners/hacktricks-training.md}}
|
|
```
|
|
pip3 install pwntools
|
|
```
|
|
## Pwn asm
|
|
|
|
Kry **opcodes** van lyn of lêer.
|
|
```
|
|
pwn asm "jmp esp"
|
|
pwn asm -i <filepath>
|
|
```
|
|
**Kan kies:**
|
|
|
|
- uitvoer tipe (raw, hex, string, elf)
|
|
- uitvoer lêer konteks (16, 32, 64, linux, windows...)
|
|
- vermy bytes (nuwe lyne, null, 'n lys)
|
|
- kies kodering debug shellcode met gdb om die uitvoer te loop
|
|
|
|
## **Pwn checksec**
|
|
|
|
Checksec skrif
|
|
```
|
|
pwn checksec <executable>
|
|
```
|
|
## Pwn constgrep
|
|
|
|
## Pwn cyclic
|
|
|
|
Kry 'n patroon
|
|
```
|
|
pwn cyclic 3000
|
|
pwn cyclic -l faad
|
|
```
|
|
**Kan kies:**
|
|
|
|
- Die gebruikte alfabet (kleinletters per standaard)
|
|
- Lengte van unieke patroon (standaard 4)
|
|
- konteks (16,32,64,linux,windows...)
|
|
- Neem die offset (-l)
|
|
|
|
## Pwn debug
|
|
|
|
Koppel GDB aan 'n proses
|
|
```
|
|
pwn debug --exec /bin/bash
|
|
pwn debug --pid 1234
|
|
pwn debug --process bash
|
|
```
|
|
**Kan kies:**
|
|
|
|
- Deur uitvoerbare lêer, naam of pid-konteks (16,32,64,linux,windows...)
|
|
- gdbscript om uit te voer
|
|
- sysrootpad
|
|
|
|
## Pwn disablenx
|
|
|
|
Deaktiveer nx van 'n binêre
|
|
```
|
|
pwn disablenx <filepath>
|
|
```
|
|
## Pwn disasm
|
|
|
|
Disas hex opcodes
|
|
```
|
|
pwn disasm ffe4
|
|
```
|
|
**Kan kies:**
|
|
|
|
- konteks (16,32,64,linux,windows...)
|
|
- basis adres
|
|
- kleur (standaard)/geen kleur
|
|
|
|
## Pwn elfdiff
|
|
|
|
Druk verskille tussen 2 lêers uit
|
|
```
|
|
pwn elfdiff <file1> <file2>
|
|
```
|
|
## Pwn hex
|
|
|
|
Kry hexadesimale voorstelling
|
|
```bash
|
|
pwn hex hola #Get hex of "hola" ascii
|
|
```
|
|
## Pwn phd
|
|
|
|
Kry hexdump
|
|
```
|
|
pwn phd <file>
|
|
```
|
|
**Kan kies:**
|
|
|
|
- Aantal bytes om te wys
|
|
- Aantal bytes per lyn beklemtoon byte
|
|
- Skuif bytes aan die begin
|
|
|
|
## Pwn pwnstrip
|
|
|
|
## Pwn scrable
|
|
|
|
## Pwn shellcraft
|
|
|
|
Kry shellcodes
|
|
```
|
|
pwn shellcraft -l #List shellcodes
|
|
pwn shellcraft -l amd #Shellcode with amd in the name
|
|
pwn shellcraft -f hex amd64.linux.sh #Create in C and run
|
|
pwn shellcraft -r amd64.linux.sh #Run to test. Get shell
|
|
pwn shellcraft .r amd64.linux.bindsh 9095 #Bind SH to port
|
|
```
|
|
**Kan kies:**
|
|
|
|
- shellcode en argumente vir die shellcode
|
|
- Uitvoer lêer
|
|
- uitvoerformaat
|
|
- debug (koppel dbg aan shellcode)
|
|
- voor (debug val voor kode)
|
|
- na
|
|
- vermy die gebruik van opcodes (verstek: nie null en nuwe lyn nie)
|
|
- Voer die shellcode uit
|
|
- Kleur/geen kleur
|
|
- lys syscalls
|
|
- lys moontlike shellcodes
|
|
- Genereer ELF as 'n gedeelde biblioteek
|
|
|
|
## Pwn sjabloon
|
|
|
|
Kry 'n python sjabloon
|
|
```
|
|
pwn template
|
|
```
|
|
**Kan kies:** gasheer, poort, gebruiker, wagwoord, pad en stil
|
|
|
|
## Pwn unhex
|
|
|
|
Van hex na string
|
|
```
|
|
pwn unhex 686f6c61
|
|
```
|
|
## Pwn opdatering
|
|
|
|
Om pwntools op te dateer
|
|
```
|
|
pwn update
|
|
```
|
|
{{#include ../../../banners/hacktricks-training.md}}
|