Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/last-byte/ropexploits

ROP Emporium challenges solved in Python using Pwntools.
https://github.com/last-byte/ropexploits

Last synced: 12 months ago
JSON representation

ROP Emporium challenges solved in Python using Pwntools.

Awesome Lists containing this project

README 

          
# ROPExploits - Solutions to ROP Emporium challenges



## Introduction

This repository contains the challenges from ROP Emporium along with an **exploit.py** script to solve them. All of the code has been commented in order for the reader to understand what's happening. All the challenges have been completed, both 32bit and 64bit, except for ~~*pivot* and~~ *badchars* (still WIP at the moment). The script is able to bypass ASLR if it's turned on. On some scripts it's possible to uncomment a certain line to enable full interactive shell instead of just having printed the flag. 



## Requirements

* Python 2

* Pwntools



## Usage

```

git clone https://github.com/last-byte/ROPExploits.git

cd ./ROPExploits//(32bit|64bit)/

socat TCP4-LISTEN:1234,reuseaddr,fork EXEC:./$CHALLENGE

python exploit.py

```



## Warnings

* Make sure the libc used by exploit is the same your binary is using (`ldd ./binary` and check it) 

* While syntax is compatible with Python 3 use Python 2 instead because Pwntools is quite problematic with Python 3



## Notes

* It seems like Pwntools, when dealing with 64bit binaries, doesn't automatically update rop gadgets addresses generated with ROP(libc) if libc base address is updated using libc.address. Be sure to generate ropchains using ROP(libc) only after having set libc.address.



## TO-DO

* [x] Solve pivot

* [ ] Solve badchars