Skip to content

Toolkit for manual buffer exploitation, which features a basic network socket fuzzer, offset pattern generator and detector, bad character identifier, shellcode carver, and a vanilla EIP exploiter

License

Notifications You must be signed in to change notification settings

ins1gn1a/WoollyMammoth

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

43 Commits
 
 
 
 
 
 
 
 

Repository files navigation

WoollyMammoth

GitHub pull-requests GitHub contributors GitHub issues GitHub stars GitHub license

Features

  • Basic network service fuzzer
  • EIP offset pattern creator
  • Offset pattern detector
  • Bad Character-set sender
  • Vanilla EIP overwrite exploiter
  • Shellcode carver (egghunters, larger payloads, anything!)

Installation

git clone https://github.com/ins1gn1a/WoollyMammoth
cd WoollyMammoth
pip3 install -r requirements.txt

Overview

woollymammoth.py --help
usage: woollymammoth.py [-h] {fuzz,offset,badchars,eip,exploit,carve} ...

Woolly Mammoth Fuzzing and Exploitation Toolkit

positional arguments:
  {fuzz,offset,badchars,eip,exploit,carve}
    fuzz                Socket-based fuzzer that allows command prefix
                        (optional)
    offset              Sending unique string pattern to identify EIP offset
                        in a debugger.
    badchars            Toolset to help identify bad character usage in target
                        applications.
    eip                 Enter the offset pattern hex string to identify the
                        offset value.
    exploit             Create buffer-overflow exploit on the command line
                        with optional prefix.
    carve               Stack manipulation carving (egghunters, shellcode,
                        etc)

optional arguments:
  -h, --help            show this help message and exit

Fuzzing

./woollymammoth.py fuzz -h
usage: woollymammoth.py fuzz [-h] --target TARGET --port PORT
                             [--prefix PREFIX]

optional arguments:
  -h, --help            show this help message and exit
  --prefix PREFIX       (Optional) Enter the prefix for the command.

Required Arguments:
  --target TARGET, -t TARGET
                        Enter the target host IP address.
  --port PORT, -p PORT  Enter the target port number.

Offset

./woollymammoth.py offset -h
usage: woollymammoth.py offset [-h] --target TARGET --port PORT
                               [--prefix PREFIX]

optional arguments:
  -h, --help            show this help message and exit
  --prefix PREFIX       (Optional) Enter the prefix for the command.

Required Arguments:
  --target TARGET, -t TARGET
                        Enter the target host IP address.
  --port PORT, -p PORT  Enter the target port number.

Bad Chars

woollymammoth.py badchars --help
usage: woollymammoth.py badchars [-h] --target TARGET --port PORT --buffer
                                 BUFFER [--offset OFFSET] [--prefix PREFIX]
                                 [--alpha] [--non-alpha]

optional arguments:
  -h, --help            show this help message and exit
  --offset OFFSET, -o OFFSET
                        Specify the buffer offset to prefix 'A' characters
                        before the bad characters (if not specified then bad
                        chars will be sent at the start of the payload)
  --prefix PREFIX       (Optional) Enter the prefix for the command.
  --alpha, -a           Only send alpha-characters
  --non-alpha, -n       Only send non-alpha characters

Required Arguments:
  --target TARGET, -t TARGET
                        Enter the target host IP address.
  --port PORT, -p PORT  Enter the target port number.
  --buffer BUFFER, -b BUFFER
                        Specify the buffer size

EIP

./woollymammoth.py eip -h
usage: woollymammoth.py eip [-h] --eip EIP

optional arguments:
  -h, --help         show this help message and exit

Required Arguments:
  --eip EIP, -e EIP  Enter the EIP value to identify offset code.

Exploit

./woollymammoth.py exploit -h
usage: woollymammoth.py exploit [-h] --target TARGET --port PORT --eip EIP
                                --offset OFFSET --shellcode SHELLCODE
                                [--prefix PREFIX] [--nops NOPS]

optional arguments:
  -h, --help            show this help message and exit
  --prefix PREFIX       (Optional) Enter the prefix for the command.
  --nops NOPS, -n NOPS  Enter the number of NOPs to send as an integer
                        (default: 10).

Required Arguments:
  --target TARGET, -t TARGET
                        Enter the target host IP address.
  --port PORT, -p PORT  Enter the target port number.
  --eip EIP, -e EIP     Enter the EIP JMP/PUSH;RET address as assembly
                        shellcode.
  --offset OFFSET, -o OFFSET
                        Enter the EIP offset value as an integer.
  --shellcode SHELLCODE, -s SHELLCODE
                        Enter the shellcode for the exploit.

Carve

./woollymammoth.py carve -h
usage: woollymammoth.py carve [-h] --shellcode EGGHUNTER [--esp CURR_ESP]
                              [--dest-esp DEST_ESP]

optional arguments:
  -h, --help            show this help message and exit
  --esp CURR_ESP, -e CURR_ESP
                        Enter the ESP value at the start of the carved
                        shellcode
  --dest-esp DEST_ESP, -d DEST_ESP
                        Enter the address that should contain the carved
                        shellcode

Required Arguments:
  --shellcode EGGHUNTER, -s EGGHUNTER
                        Enter the shellcode to be converted (e.g. an
                        egghunter)

About

Toolkit for manual buffer exploitation, which features a basic network socket fuzzer, offset pattern generator and detector, bad character identifier, shellcode carver, and a vanilla EIP exploiter

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages