-
Notifications
You must be signed in to change notification settings - Fork 6
Utilities: Pattern, Offsets and Other Stuff
Ayushman Dubey edited this page May 26, 2020
·
2 revisions
This module contains some useful functions
This will generate a cyclic pattern compatible with gef which is based on de brujin sequence and help you to find offsets.
>>> generate_cyclic(40, 4)
'aaaabaaacaaadaaaeaaafaaagaaahaaaiaaajaaak'
>>> generate_cyclic(40, 8)
'aaaaaaaabaaaaaaacaaaaaaadaaaaaaaeaaaaaaaf'This will find the offset of a string
>>> offset("aaac", 4)
8
>>> offset("aaac", 8)
16str2bytes will convert the given string to a sequence of bytes. Likewise, byte2str will convert the sequence of bytes to string.
>>> str2bytes("Pwning")
b'Pwning'
>>> bytes2str(b'Pwning')
'Pwning'
>>> This will pause the execution of a program and allow you to connect to debugger and debug your payload.
>>> p = process("./chall")
[+] Successfully started process. PID - 52115
>>> pause()
[+] Paused [Press any key to continue]Then connect to debugger:-
gef➤ attach 52115
Attaching to program: /tmp/roppy/examples/ret2libc/chall, process 52115
Reading symbols from /lib/i386-linux-gnu/libc.so.6...
Reading symbols from /usr/lib/debug//lib/i386-linux-gnu/libc-2.31.so...
Reading symbols from /lib/ld-linux.so.2...
(No debugging symbols found in /lib/ld-linux.so.2)
0xf7edcb49 in __kernel_vsyscall ()
-- snip --
───────────────────────────────────────────────────────────────────────────────────────────── threads ────
[#0] Id 1, Name: "chall", stopped 0xf7edcb49 in __kernel_vsyscall (), reason: STOPPED
─────────────────────────────────────────────────────────────────────────────────────────────── trace ────
[#0] 0xf7edcb49 → __kernel_vsyscall()
[#1] 0xf7dc0a6b → __GI___libc_read(fd=0x0, buf=0xffb3386f, nbytes=0x100)
[#2] 0x8048454 → noob_function()
[#3] 0x804846f → main()
──────────────────────────────────────────────────────────────────────────────────────────────────────────
gef➤
This will help you in logging stuff during exploitation.
- INFO
- WARN
- DEBUG
>>> from roppy import *
>>> log.info("Hello World")
[*] Hello World
>>> log.error("Burnt")
[ERROR] Burnt
>>> log.warning("Burning")
[WARN] BurningIt's in beta version and being updated frequently. :)
Table of Contents:-
- Introduction
- Process
- ELF: Dynamically resolve ELF attributes
- Return Oriented Programming
- Format String
- Shellcodes
- Utilities
- Assemble and Disassemble