Exploits simple linux bof challenges involving alsr, nx and to some extend format strings. You can let it get you a shell or specify a win function that is called.
-
The program expects a local installation of libcdatabase in /home/user/tools/libcdatabase. To run local exploits make sure you add your local libc to libcdatabase (32-bit & 64-bit versions). Also in ~/tools you need a clone of ROPgadget (used for static binary exploitation).
-
In order to run challenges from hackthebox directly you have to have a '.api_key' file in your home directory containing your api key.
The examples assume you create a 'work' subdirectory in the project folder where you copy the target binary into and run the program from.
Exploit local binary:
python ../ropstar.py ropme
Run hackthebox challenge (this required a '.api_key' file in your home directory containing the api key in order to submit the flag)
python ../ropstar.py ropme -rhost docker.hackthebox.eu -rport 47184 -cid 8
- A lot, this a just a PoC
- canaries
- pie
- input from other sources than stdin (arg, file, network..)
- myapp (hackthebox)
- Ropme (hackthebox)
- Ropmev2 (hackthebox)
- Garbage (hackthebox)
- Bof (https://github.com/TechSecCTF/pwn_challs)
- Rop (https://github.com/TechSecCTF/pwn_challs)
- gimme-your-shell 32-bit & 64-bit (https://github.com/InsecurityAsso/inshack-2019)
- pwn1, pwn2, pwn3 (https://github.com/mishrasunny174/encrypt-ctf)
- speedrun-002 (defcon quals 2019, oooverflow.io)
- ropeasy_updated (https://hackable.ca/)
- buffer-overflow-1, buffer-overflow-2, gets (https://tcode2k16.github.io/blog/posts/picoctf-2018-writeup/binary-exploitation/#authenticate)