-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathhelper.py
71 lines (48 loc) · 1.69 KB
/
helper.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
arch = ''
nx = ''
leak = ''
def gather_info():
global arch
global nx
global leak
arch = raw_input('[-] Enter the arch: ')
nx = raw_input('[-] Is nx enabled (y/n) : ')
leak = raw_input('[-] Do u have a leak (y/n): ')
def where():
print "[+] Try to overwrite PC ($rip)\n "
print "[+] Try to overwrite GOT \n"
print "[+] Try to overwrite __malloc__hook (located in libc)\n"
def what():
if nx == 'y':
if leak == 'n':
print "[+] Use Ropgadet\n"
print "[+] Try to use pivot stack if no control over stack\n "
elif arch == '64' :
print "[+] Ret2libc and pass argument using gadget (like pop rdi ; ret).\n"
print "[+] If it is a 8 word write only then search for a function to pass /bin/sh."
print " For ex. puts(buff), free(ptr) etc ..\n"
print "[+] If u can't control system parameter try onegadget\n"
else:
print "[+] Ret2libc : &system+dummy+&binsh \n"
print "[+] If it is a 4 word write only then search for a function to pass /bin/sh"
print " For ex. puts(buff), free(ptr) etc ..\n"
print "[+] If u can't control system parameter try onegadget \n"
else:
print "[+] Try to execte ur shellcode\n"
print "[+] Use call eax , jmp eax to ret2shellcode\n"
print "[+] Try to store ur shellcode in bss and jmp there"
gather_info()
print "\n"
while(1):
print "[ 1 ] Where to write "
print "[ 2 ] What to write "
print "[ 3 ] Exit \n"
val = raw_input('Action: ')
if val == '1' :
where()
elif val == '2' :
what()
else :
print "[*] If u are comletely blind try to use Dynelf from pwntools\n\n "
print "[*] Happy pwning :)"
break