maride/hacktricks
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks.git synced 2025-10-10 18:36:50 +00:00
Code Issues Packages Projects Releases Wiki Activity
hacktricks/src/binary-exploitation/basic-stack-binary-exploitation-methodology/tools/pwntools.md

2.6 KiB
Raw Blame History

PwnTools

{{#include ../../../banners/hacktricks-training.md}}

pip3 install pwntools

Pwn asm

Pata opcodes kutoka kwa mstari au faili.

pwn asm "jmp esp"
pwn asm -i <filepath>

Inaweza kuchagua:

  • aina ya pato (raw, hex, string, elf)
  • muktadha wa faili la pato (16, 32, 64, linux, windows...)
  • epuka bytes (mistari mipya, null, orodha)
  • chagua encoder debug shellcode ukitumia gdb endesha pato

Pwn checksec

Script ya checksec

pwn checksec <executable>

Pwn constgrep

Pwn cyclic

Pata muundo

pwn cyclic 3000
pwn cyclic -l faad

Inaweza kuchaguliwa:

  • Alfabeti inayotumika (herufi ndogo kwa chaguo-msingi)
  • Urefu wa muundo wa kipekee (chaguo-msingi 4)
  • muktadha (16,32,64,linux,windows...)
  • Chukua ofseti (-l)

Pwn debug

Unganisha GDB na mchakato

pwn debug --exec /bin/bash
pwn debug --pid 1234
pwn debug --process bash

Inaweza kuchaguliwa:

  • Kwa executable, kwa jina au kwa muktadha wa pid (16,32,64,linux,windows...)
  • gdbscript ya kutekeleza
  • sysrootpath

Pwn disablenx

Zima nx ya binary

pwn disablenx <filepath>

Pwn disasm

Disas hex opcodes

pwn disasm ffe4

Inaweza kuchaguliwa:

  • muktadha (16,32,64,linux,windows...)
  • anwani ya msingi
  • rangi (default)/hakuna rangi

Pwn elfdiff

Chapisha tofauti kati ya faili 2

pwn elfdiff <file1> <file2>

Pwn hex

Pata uwakilishi wa hexadecimal

pwn hex hola #Get hex of "hola" ascii

Pwn phd

Pata hexdump

pwn phd <file>

Inaweza kuchaguliwa:

  • Idadi ya bytes za kuonyesha
  • Idadi ya bytes kwa kila mstari wa kuangazia byte
  • Kusaidia bytes mwanzoni

Pwn pwnstrip

Pwn scrable

Pwn shellcraft

Pata shellcodes

pwn shellcraft -l #List shellcodes
pwn shellcraft -l amd #Shellcode with amd in the name
pwn shellcraft -f hex amd64.linux.sh #Create in C and run
pwn shellcraft -r amd64.linux.sh #Run to test. Get shell
pwn shellcraft .r amd64.linux.bindsh 9095 #Bind SH to port

Inaweza kuchaguliwa:

  • shellcode na hoja za shellcode
  • Faili ya nje
  • muundo wa pato
  • debug (unganishisha dbg na shellcode)
  • kabla (trap ya debug kabla ya msimbo)
  • baada
  • epuka kutumia opcodes (default: si null na mstari mpya)
  • Endesha shellcode
  • Rangi/hana rangi
  • orodhesha syscalls
  • orodhesha shellcodes zinazowezekana
  • Tengeneza ELF kama maktaba ya pamoja

Pwn template

Pata kiolezo cha python

pwn template

Inaweza kuchagua: mwenyeji, bandari, mtumiaji, pass, njia na kimya

Pwn unhex

Kutoka hex hadi string

pwn unhex 686f6c61

Pwn update

Ili kusasisha pwntools

pwn update

{{#include ../../../banners/hacktricks-training.md}}