pwn 0.5.2 → 0.5.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +3 -3
- data/bin/pwn_bdba_scan +10 -2
- data/lib/pwn/plugins/xxd.rb +18 -18
- data/lib/pwn/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 5c89b0a1d4b4b25ebfb0865c8528df03e291131fb0316c511124bc75dd73bbdb
|
4
|
+
data.tar.gz: 40da0baedc0ccd44dc1210119c073bf33e911574bc6c374d0c1a74c92870bfe3
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 1ebd87a44ea07f5395f61cf81926e9da2839d2f08ba626fdb632361b33947bbc8064764de515a456f6cc8790038413a82bcfdbc0ea3777ce898af19a144307f0
|
7
|
+
data.tar.gz: 2cca8da63a833cf6404f5c38c6fb1c818e3600deb1dbf3d600a6ab5d0965c1d7790b145f7293664d746ded7d09908b3c0fe037a70aa8f89a005edc98c864a278
|
data/README.md
CHANGED
@@ -37,7 +37,7 @@ $ cd /opt/pwn
|
|
37
37
|
$ ./install.sh
|
38
38
|
$ ./install.sh ruby-gem
|
39
39
|
$ pwn
|
40
|
-
pwn[v0.5.
|
40
|
+
pwn[v0.5.4]:001 >>> PWN.help
|
41
41
|
```
|
42
42
|
|
43
43
|
[![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
|
@@ -52,7 +52,7 @@ $ rvm use ruby-3.3.0@pwn
|
|
52
52
|
$ gem uninstall --all --executables pwn
|
53
53
|
$ gem install --verbose pwn
|
54
54
|
$ pwn
|
55
|
-
pwn[v0.5.
|
55
|
+
pwn[v0.5.4]:001 >>> PWN.help
|
56
56
|
```
|
57
57
|
|
58
58
|
If you're using a multi-user install of RVM do:
|
@@ -62,7 +62,7 @@ $ rvm use ruby-3.3.0@pwn
|
|
62
62
|
$ rvmsudo gem uninstall --all --executables pwn
|
63
63
|
$ rvmsudo gem install --verbose pwn
|
64
64
|
$ pwn
|
65
|
-
pwn[v0.5.
|
65
|
+
pwn[v0.5.4]:001 >>> PWN.help
|
66
66
|
```
|
67
67
|
|
68
68
|
PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`. The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:
|
data/bin/pwn_bdba_scan
CHANGED
@@ -146,10 +146,18 @@ begin
|
|
146
146
|
find_product_attempts = scan_attempts
|
147
147
|
print 'Looking for Product in Apps by Group...'
|
148
148
|
loop do
|
149
|
-
|
149
|
+
# File encoding conducting by synopsis is kinda goofy.
|
150
|
+
# The encode space w/ + (which is expected) but dont
|
151
|
+
# encode + to %2B (whiich _isn't_ expected)
|
152
|
+
target_basename = CGI.escape(
|
153
|
+
File.basename(target_file)
|
154
|
+
).gsub(
|
155
|
+
'%2B',
|
156
|
+
'+'
|
157
|
+
)
|
150
158
|
|
151
159
|
find_product = scan_progress_resp[:products].find { |p| p[:name] == target_basename }
|
152
|
-
|
160
|
+
|
153
161
|
break unless find_product.nil?
|
154
162
|
|
155
163
|
find_product_attempts += 1
|
data/lib/pwn/plugins/xxd.rb
CHANGED
@@ -100,31 +100,31 @@ module PWN
|
|
100
100
|
# INFO: hit breakpoint at: 0x562e8547d139
|
101
101
|
# [0x562e8547d139]> db
|
102
102
|
# ```
|
103
|
-
# 2. Populate start_addr w/ address (i.e. '0x562e8547d139') of a known function (e.
|
104
|
-
# 3. Step down to the instruction you want to set a breakpoint. Record its address...
|
103
|
+
# 2. Populate start_addr w/ address (i.e. '0x562e8547d139') of a known function (i.e. main)
|
104
|
+
# 3. Step down to the instruction where you want to set a breakpoint. Record its address...
|
105
105
|
# this is the target_addr.
|
106
106
|
# ```
|
107
107
|
# [0x562e8547d139]> v
|
108
|
-
# <step through to target instruction via F7/F8>
|
108
|
+
# <step through to the target instruction via F7/F8>
|
109
109
|
# ```
|
110
|
-
# 4. Get the hex offset value by calling
|
110
|
+
# 4. Get the hex offset value by calling PWN::Plugins::XXD.calc_addr_offset method
|
111
111
|
# 5. Future breakpoints can be calculated by adding the hex offset to the
|
112
112
|
# updated start_addr (which changes every time the binary is executed).
|
113
|
-
# If the offset returned is `0x00000ec2
|
113
|
+
# If the offset returned is `0x00000ec2`, a breakpoint for the target
|
114
|
+
# instruction can be set in r2 via:
|
114
115
|
# ```
|
115
116
|
# [0x00001050]> ood
|
116
|
-
# INFO: hit breakpoint at: 0x55ee0a0e5139
|
117
117
|
# [0x7f1a45bea360]> db main
|
118
118
|
# [0x7f1a45bea360]> db (main)+0x00000ec2
|
119
119
|
# [0x7f1a45bea360]> db
|
120
120
|
# 0x558eebd75139 - 0x558eebd7513a 1 --x sw break enabled valid ...
|
121
121
|
# 0x558eebd75ffb - 0x558eebd75ffc 1 --x sw break enabled valid ...
|
122
|
+
# [0x7f1a45bea360]> dc
|
123
|
+
# INFO: hit breakpoint at: 0x55ee0a0e5139
|
122
124
|
# [0x55ee0a0e5139]> dc
|
123
|
-
# [0x7feddfd2d360]> dc
|
124
|
-
# INFO: hit breakpoint at: 0x558eebd75139
|
125
125
|
# INFO: hit breakpoint at: 0x5558c3101ffb
|
126
126
|
# [0x5558c3101ffb]> v
|
127
|
-
# <step through via F7, F8, F9, etc. to get to desired
|
127
|
+
# <step through via F7, F8, F9, etc. to get to desired instruction>
|
128
128
|
# ```
|
129
129
|
|
130
130
|
def self.calc_addr_offset(opts = {})
|
@@ -245,31 +245,31 @@ module PWN
|
|
245
245
|
# INFO: hit breakpoint at: 0x562e8547d139
|
246
246
|
# [0x562e8547d139]> db
|
247
247
|
# ```
|
248
|
-
# 2. Populate start_addr w/ address (i.e. '0x562e8547d139') of a known function (e.
|
249
|
-
# 3. Step down to the instruction you want to set a breakpoint. Record its address...
|
248
|
+
# 2. Populate start_addr w/ address (i.e. '0x562e8547d139') of a known function (i.e. main)
|
249
|
+
# 3. Step down to the instruction where you want to set a breakpoint. Record its address...
|
250
250
|
# this is the target_addr.
|
251
251
|
# ```
|
252
252
|
# [0x562e8547d139]> v
|
253
|
-
# <step through to target instruction via F7/F8>
|
253
|
+
# <step through to the target instruction via F7/F8>
|
254
254
|
# ```
|
255
|
-
# 4. Get the hex offset value by calling
|
255
|
+
# 4. Get the hex offset value by calling #{self}.calc_addr_offset method
|
256
256
|
# 5. Future breakpoints can be calculated by adding the hex offset to the
|
257
257
|
# updated start_addr (which changes every time the binary is executed).
|
258
|
-
# If the offset returned is `0x00000ec2
|
258
|
+
# If the offset returned is `0x00000ec2`, a breakpoint for the target
|
259
|
+
# instruction can be set in r2 via:
|
259
260
|
# ```
|
260
261
|
# [0x00001050]> ood
|
261
|
-
# INFO: hit breakpoint at: 0x55ee0a0e5139
|
262
262
|
# [0x7f1a45bea360]> db main
|
263
263
|
# [0x7f1a45bea360]> db (main)+0x00000ec2
|
264
264
|
# [0x7f1a45bea360]> db
|
265
265
|
# 0x558eebd75139 - 0x558eebd7513a 1 --x sw break enabled valid ...
|
266
266
|
# 0x558eebd75ffb - 0x558eebd75ffc 1 --x sw break enabled valid ...
|
267
|
+
# [0x7f1a45bea360]> dc
|
268
|
+
# INFO: hit breakpoint at: 0x55ee0a0e5139
|
267
269
|
# [0x55ee0a0e5139]> dc
|
268
|
-
# [0x7feddfd2d360]> dc
|
269
|
-
# INFO: hit breakpoint at: 0x558eebd75139
|
270
270
|
# INFO: hit breakpoint at: 0x5558c3101ffb
|
271
271
|
# [0x5558c3101ffb]> v
|
272
|
-
# <step through via F7, F8, F9, etc. to get to desired
|
272
|
+
# <step through via F7, F8, F9, etc. to get to desired instruction>
|
273
273
|
# ```
|
274
274
|
|
275
275
|
#{self}.reverse_dump(
|
data/lib/pwn/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: pwn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.5.
|
4
|
+
version: 0.5.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- 0day Inc.
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-01-
|
11
|
+
date: 2024-01-29 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|