A package for automating libc exploitation
Project description
pwnc
A python library for finding libc offsets based on leaked addresses. It utilizes the libc-database API.
Installation
pip3 install pwnc
Usage
get_libc
Retrieve a libc in the form of a bytestring. Provide known symbol names mapped to their addresses in memory. Not all symbol names are stored in the database. Checkout libc-database for information on which symbols are stored.
>>> import pwnc
>>> known_addresses = {"strncpy": "0x7fffffff0db0",
"strcat": "0x7fffffffd800"}
>>> libc_bytestring = pwnc.get_libc(known_addresses)
>>> libc_bytestring[:4]
b'\x7fELF'
>>>
query
This method returns all known symbol offsets for a libc. Provide a dictionary of symbol names mapped to their in memory offsets
>>> import pwnc
>>> known_addresses = {"strncpy": "0x7fffffff0db0",
"strcat": "0x7fffffffd800"}
>>> symbols = pwnc.query(known_addresses)
>>> for sym in symbols.items():
... print(f"{sym[0]} = {hex(sym[1])}")
...
__libc_start_main_ret = 0x21b97
dup2 = 0x110ab0
printf = 0x64f00
puts = 0x80a30
read = 0x110180
str_bin_sh = 0x1b40fa
system = 0x4f4e0
write = 0x110250
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file pwnc-0.0.1.tar.gz.
File metadata
- Download URL: pwnc-0.0.1.tar.gz
- Upload date:
- Size: 16.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.7.1 importlib_metadata/4.8.2 pkginfo/1.8.2 requests/2.26.0 requests-toolbelt/0.9.1 tqdm/4.62.3 CPython/3.8.10
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
6fb2183b03c84bc0038fc28a439fcc8a1e0532eaa119b65af204e7e6736c53c9
|
|
| MD5 |
951d19f632289d2cad446c3177d18594
|
|
| BLAKE2b-256 |
dfe96537fad3d05bbd87eb34310dab4c53716814f132be1a3c86a113be8e8e16
|
File details
Details for the file pwnc-0.0.1-py3-none-any.whl.
File metadata
- Download URL: pwnc-0.0.1-py3-none-any.whl
- Upload date:
- Size: 17.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.7.1 importlib_metadata/4.8.2 pkginfo/1.8.2 requests/2.26.0 requests-toolbelt/0.9.1 tqdm/4.62.3 CPython/3.8.10
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3296937729b004021ad5489886d3570efa5b09086457dd275cc127782a5980d7
|
|
| MD5 |
5876548b0538567e315e3d8dd261fdfc
|
|
| BLAKE2b-256 |
5aa29431714da0428863398d12a5ed90d4e1fd92461a51f5f53603e473b36b92
|
