A package for automating libc exploitation

Project description

pwnc

A python library for finding libc offsets based on leaked addresses. It utilizes the libc-database API.

Installation

pip3 install pwnc

Usage

get_libc

Retrieve a libc in the form of a bytestring. Provide known symbol names mapped to their addresses in memory. Not all symbol names are stored in the database. Checkout libc-database for information on which symbols are stored.

>>> import pwnc
>>> known_addresses = {"strncpy": "0x7fffffff0db0",
                       "strcat": "0x7fffffffd800"}
>>> libc_bytestring = pwnc.get_libc(known_addresses)
>>> libc_bytestring[:4]
b'\x7fELF'
>>>

query

This method returns all known symbol offsets for a libc. Provide a dictionary of symbol names mapped to their in memory offsets

>>> import pwnc
>>> known_addresses = {"strncpy": "0x7fffffff0db0",
                       "strcat": "0x7fffffffd800"}
>>> symbols = pwnc.query(known_addresses)
>>> for sym in symbols.items():
...     print(f"{sym[0]} = {hex(sym[1])}")
...
__libc_start_main_ret = 0x21b97
dup2 = 0x110ab0
printf = 0x64f00
puts = 0x80a30
read = 0x110180
str_bin_sh = 0x1b40fa
system = 0x4f4e0
write = 0x110250

Project details

Release history Release notifications | RSS feed

This version

0.0.1

Dec 15, 2021

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pwnc-0.0.1.tar.gz (16.9 kB view details)

Uploaded Dec 15, 2021 Source

Built Distribution

pwnc-0.0.1-py3-none-any.whl (17.8 kB view details)

Uploaded Dec 15, 2021 Python 3

File details

Details for the file pwnc-0.0.1.tar.gz.

File metadata

Download URL: pwnc-0.0.1.tar.gz
Upload date: Dec 15, 2021
Size: 16.9 kB
Tags: Source
Uploaded using Trusted Publishing? No
Uploaded via: twine/3.7.1 importlib_metadata/4.8.2 pkginfo/1.8.2 requests/2.26.0 requests-toolbelt/0.9.1 tqdm/4.62.3 CPython/3.8.10

File hashes

Hashes for pwnc-0.0.1.tar.gz
Algorithm	Hash digest
SHA256	`6fb2183b03c84bc0038fc28a439fcc8a1e0532eaa119b65af204e7e6736c53c9`
MD5	`951d19f632289d2cad446c3177d18594`
BLAKE2b-256	`dfe96537fad3d05bbd87eb34310dab4c53716814f132be1a3c86a113be8e8e16`

See more details on using hashes here.

File details

Details for the file pwnc-0.0.1-py3-none-any.whl.

File metadata

Download URL: pwnc-0.0.1-py3-none-any.whl
Upload date: Dec 15, 2021
Size: 17.8 kB
Tags: Python 3
Uploaded using Trusted Publishing? No
Uploaded via: twine/3.7.1 importlib_metadata/4.8.2 pkginfo/1.8.2 requests/2.26.0 requests-toolbelt/0.9.1 tqdm/4.62.3 CPython/3.8.10

File hashes

Hashes for pwnc-0.0.1-py3-none-any.whl
Algorithm	Hash digest
SHA256	`3296937729b004021ad5489886d3570efa5b09086457dd275cc127782a5980d7`
MD5	`5876548b0538567e315e3d8dd261fdfc`
BLAKE2b-256	`5aa29431714da0428863398d12a5ed90d4e1fd92461a51f5f53603e473b36b92`