{"id":13546111,"url":"https://github.com/io12/pwninit","last_synced_at":"2025-04-02T17:32:39.112Z","repository":{"id":41420112,"uuid":"219250679","full_name":"io12/pwninit","owner":"io12","description":"pwninit - automate starting binary exploit challenges","archived":false,"fork":false,"pushed_at":"2024-08-11T07:01:24.000Z","size":481,"stargazers_count":872,"open_issues_count":21,"forks_count":58,"subscribers_count":8,"default_branch":"master","last_synced_at":"2024-11-03T14:35:04.594Z","etag":null,"topics":["binary","elf","exploit","init","pwn"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/io12.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-11-03T04:24:09.000Z","updated_at":"2024-11-01T17:10:06.000Z","dependencies_parsed_at":"2024-01-16T17:43:04.836Z","dependency_job_id":"f1a949ba-4600-4a8a-928d-97351fcdfb5a","html_url":"https://github.com/io12/pwninit","commit_stats":null,"previous_names":[],"tags_count":21,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/io12%2Fpwninit","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/io12%2Fpwninit/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/io12%2Fpwninit/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/io12%2Fpwninit/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/io12","download_url":"https://codeload.github.com/io12/pwninit/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246860283,"owners_count":20845637,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["binary","elf","exploit","init","pwn"],"created_at":"2024-08-01T12:00:31.855Z","updated_at":"2025-04-02T17:32:38.773Z","avatar_url":"https://github.com/io12.png","language":"Rust","readme":"[![Checks Status](https://github.com/io12/pwninit/workflows/checks/badge.svg)](https://github.com/io12/pwninit/actions)\n[![Deploy Status](https://github.com/io12/pwninit/workflows/deploy/badge.svg)](https://github.com/io12/pwninit/actions)\n[![](https://img.shields.io/crates/v/pwninit)](https://crates.io/crates/pwninit)\n[![](https://docs.rs/pwninit/badge.svg)](https://docs.rs/pwninit)\n\n# `pwninit`\n\nA tool for automating starting binary exploit challenges\n\n## Features\n\n- Set challenge binary to be executable\n- Download a linker (`ld-linux.so.*`) that can segfaultlessly load the provided libc\n- Download debug symbols and unstrip the libc\n- Patch the binary with [`patchelf`](https://github.com/NixOS/patchelf) to use\n  the correct RPATH and interpreter for the provided libc\n- Fill in a template pwntools solve script\n\n## Usage\n\n### Short version\n\nRun `pwninit`\n\n### Long version\n\nRun `pwninit` in a directory with the relevant files and it will detect which ones are the binary, libc, and linker. If the detection is wrong, you can specify the locations with `--bin`, `--libc`, and `--ld`.\n\n#### Custom `solve.py` template\n\nIf you don't like the default template, you can use your own. Just specify `--template-path \u003cpath\u003e`. Check [template.py](src/template.py) for the template format. The names of the `exe`, `libc`, and `ld` bindings can be customized with `--template-bin-name`, `--template-libc-name`, and `--template-ld-name`.\n\n##### Persisting custom `solve.py`\n\nYou can make `pwninit` load your custom template automatically by adding an alias to your `~/.bashrc`.\n\n###### Example\n\n```bash\nalias pwninit='pwninit --template-path ~/.config/pwninit-template.py --template-bin-name e'\n```\n\n## Install\n\n### Arch Linux\n\nInstall [`pwninit`](https://aur.archlinux.org/packages/pwninit/) or\n[`pwninit-bin`](https://aur.archlinux.org/packages/pwninit-bin/) from the AUR.\n\n### Download\n\nYou can download statically-linked [musl](https://www.musl-libc.org/)\nbinaries from the [releases page](https://github.com/io12/pwninit/releases).\n\n### Using cargo\n\nRun\n\n```sh\ncargo install pwninit\n```\n\nThis places the binary in `~/.cargo/bin`.\n\nNote that `openssl`, `liblzma`, and `pkg-config` are required for the build.\n\n## Example\n\n```sh\n$ ls\nhunter  libc.so.6  readme\n\n$ pwninit\nbin: ./hunter\nlibc: ./libc.so.6\n\nsetting ./hunter executable\nfetching linker\nhttps://launchpad.net/ubuntu/+archive/primary/+files//libc6_2.23-0ubuntu10_i386.deb\nunstripping libc\nhttps://launchpad.net/ubuntu/+archive/primary/+files//libc6-dbg_2.23-0ubuntu10_i386.deb\nsetting ./ld-2.23.so executable\ncopying ./hunter to ./hunter_patched\nrunning patchelf on ./hunter_patched\nwriting solve.py stub\n\n$ ls\nhunter\thunter_patched\tld-2.23.so  libc.so.6  readme  solve.py\n```\n\n`solve.py`:\n\n```python\n#!/usr/bin/env python3\n\nfrom pwn import *\n\nexe = ELF(\"./hunter_patched\")\nlibc = ELF(\"./libc.so.6\")\nld = ELF(\"./ld-2.23.so\")\n\ncontext.binary = exe\n\n\ndef conn():\n    if args.LOCAL:\n        r = process([exe.path])\n        if args.GDB:\n            gdb.attach(r)\n    else:\n        r = remote(\"addr\", 1337)\n\n    return r\n\n\ndef main():\n    r = conn()\n\n    # good luck pwning :)\n\n    r.interactive()\n\n\nif __name__ == \"__main__\":\n    main()\n```\n","funding_links":[],"categories":["Vulnerability Assessment","Rust","others"],"sub_categories":["Binary Analysis \u0026 Reversing"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fio12%2Fpwninit","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fio12%2Fpwninit","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fio12%2Fpwninit/lists"}