Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/xct/ropstar

Automatic exploit generation for simple linux pwn challenges.
https://github.com/xct/ropstar

Last synced: 3 months ago
JSON representation

Automatic exploit generation for simple linux pwn challenges.

Host: GitHub
URL: https://github.com/xct/ropstar
Owner: xct
Created: 2019-08-03T09:37:07.000Z (over 5 years ago)
Default Branch: master
Last Pushed: 2023-05-14T10:46:59.000Z (over 1 year ago)
Last Synced: 2024-05-02T02:41:03.752Z (6 months ago)
Language: Python
Size: 67.4 KB
Stars: 310
Watchers: 7
Forks: 45
Open Issues: 1
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

awesome-starz - xct/ropstar - Automatic exploit generation for simple linux pwn challenges. (Python)

README

        # Ropstar

Exploits *simple* linux bof challenges involving alsr, nx and to some extend format strings. You can let it get you a shell or specify a win function that is called.

[![asciicast](https://asciinema.org/a/4i9lnxaPirZ6LXygmd1cRQOzT.png)](https://asciinema.org/a/4i9lnxaPirZ6LXygmd1cRQOzT)

## Install

```

mkvirtualenv sploit

pip install -r requirements.txt

```

* Requires python3

* Expects local installation of [libcdatabase](https://github.com/niklasb/libc-database) in /home/user/tools/libcdatabase. To run local exploits make sure you add your local libc to libcdatabase (32-bit & 64-bit versions). Also in \~/tools you need a clone of [ROPgadget](https://github.com/JonathanSalwan/ROPgadget.git) (used for static binary exploitation).

## Examples

Exploit local binary:

```bash

python ropstar.py 

```

Run remote:

```bash

python ropstar.py  -rhost 
 -rport 

```

## Limitations

* a lot, this a just a PoC, expect it to crash on most targets

* we assume we can write enough bytes to put our payload after the return pointer overwrite - when this is not then case ropstar fails

## Tested on

* Bof (https://github.com/TechSecCTF/pwn_challs)

* Rop (https://github.com/TechSecCTF/pwn_challs)

* gimme-your-shell 32-bit & 64-bit (https://github.com/InsecurityAsso/inshack-2019)

* pwn1, pwn2, pwn3 (https://github.com/mishrasunny174/encrypt-ctf)

* speedrun-002 (defcon quals 2019, oooverflow.io)

* ropeasy_updated (https://hackable.ca/)

* buffer-overflow-1, buffer-overflow-2, gets (https://tcode2k16.github.io/blog/posts/picoctf-2018-writeup/binary-exploitation/#authenticate)

* Ropemporium: ret2win32

* various others

Help on this project is welcome! Contact me on twitter: @xct_de.