Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/xct/ropstar
Automatic exploit generation for simple linux pwn challenges.
https://github.com/xct/ropstar
Last synced: about 1 month ago
JSON representation
Automatic exploit generation for simple linux pwn challenges.
- Host: GitHub
- URL: https://github.com/xct/ropstar
- Owner: xct
- Created: 2019-08-03T09:37:07.000Z (over 5 years ago)
- Default Branch: master
- Last Pushed: 2023-05-14T10:46:59.000Z (over 1 year ago)
- Last Synced: 2024-08-03T01:38:30.050Z (4 months ago)
- Language: Python
- Size: 67.4 KB
- Stars: 312
- Watchers: 7
- Forks: 45
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-starz - xct/ropstar - Automatic exploit generation for simple linux pwn challenges. (Python)
README
# Ropstar
Exploits *simple* linux bof challenges involving alsr, nx and to some extend format strings. You can let it get you a shell or specify a win function that is called.
[![asciicast](https://asciinema.org/a/4i9lnxaPirZ6LXygmd1cRQOzT.png)](https://asciinema.org/a/4i9lnxaPirZ6LXygmd1cRQOzT)
## Install
```
mkvirtualenv sploit
pip install -r requirements.txt
```* Requires python3
* Expects local installation of [libcdatabase](https://github.com/niklasb/libc-database) in /home/user/tools/libcdatabase. To run local exploits make sure you add your local libc to libcdatabase (32-bit & 64-bit versions). Also in \~/tools you need a clone of [ROPgadget](https://github.com/JonathanSalwan/ROPgadget.git) (used for static binary exploitation).## Examples
Exploit local binary:
```bash
python ropstar.py
```Run remote:
-rport
```bash
python ropstar.py -rhost
```## Limitations
* a lot, this a just a PoC, expect it to crash on most targets
* we assume we can write enough bytes to put our payload after the return pointer overwrite - when this is not then case ropstar fails## Tested on
* Bof (https://github.com/TechSecCTF/pwn_challs)
* Rop (https://github.com/TechSecCTF/pwn_challs)
* gimme-your-shell 32-bit & 64-bit (https://github.com/InsecurityAsso/inshack-2019)
* pwn1, pwn2, pwn3 (https://github.com/mishrasunny174/encrypt-ctf)
* speedrun-002 (defcon quals 2019, oooverflow.io)
* ropeasy_updated (https://hackable.ca/)
* buffer-overflow-1, buffer-overflow-2, gets (https://tcode2k16.github.io/blog/posts/picoctf-2018-writeup/binary-exploitation/#authenticate)
* Ropemporium: ret2win32
* various othersHelp on this project is welcome! Contact me on twitter: @xct_de.