pwnypack 0.7.1

Official Certified Edible Dinosaurs CTF toolkit.

pwnypack

The official Certified Edible Dinosaurs CTF toolkit. pwnypack attempts to provide a toolset which can be used to more easily develop CTF solutions.

Motivation

After seeing the excellent pwntools by Gallopsled, I got interested in building my own CTF toolkit. pwntools is much more complete so you should probably use that. pwnypack was created mostly out of curiosity.

Installation

To install the latest released version of pwnypack, use:

$ pip install pwnypack

If you want to use the interactive shell I highly recommend installing either bpython or ipython as those packages can make your time in the shell a lot more enjoyable.

Usage

To import all of pwnypack into your global namespace, use:

>>> from pwny import *

Or, if you’re using python 2.7+ or python 3.3+, try the customized bpython or IPython shell:

$ pwny shell

If you have bpython and/or IPython installed you can use --bpython, --ipython or --python to select which interactive kernel to use.

I promise that effort will be put into not exposing unnecessary stuff and thus overly polluting your global namespace.

For an example, check out the Big Prison Fence example in the wiki.

Documentation

pwnypack’s API documentation is hosted on readthedocs.

For information on the commandline apps use the built in help function:

$ pwny --help
$ pwny shell --help

Contributors

pwnypack was created by Certified Edible Dinosaurs (dsc & doskop). If you want to contribute, feel free to fork and create a pull request on GitHub.

License

pwnypack is distributed under the MIT license.

Release history

0.7.1 (2016-03-07)

• Add support for bpython and plain python interactive shells.

• Fix missing newline after the output of several commandline apps.

• Added PHP serialized data generation function and helper.

• Add enurlform / deurlform / enurlquote / deurlquote functions.

0.7.0 (2015-07-12)

• Made IPython an optional dependency (pip install pwnypack[shell]).

• Added pickle_call function to easily execute a function on unpickle.

• Added format string vulnerability exploit builder.

• Renamed TCPSocketChannel to TCPClientSocketChannel.

• Added TCPServerSocketChannel which can listen for an incoming connection.

• Added Flow.interact() method.

• Added support for connecting to SSH servers from Flow.

0.6.0 (2015-04-14)

• Bugfixes (and travis-ci integration).

• API documentation and docstrings.

• Cycle-find can read from stdin.

• Major refactoring of ELF class. It can now parse section headers, program headers, symbol tables and extract section, symbols.

• Major refactoring of Target class. It’s no longer tied to ELF (ELF is still a subclass of Target though).

• A reghex compiler.

• Verifying ROP gadget finder.

• Disassembler functionality (based on ndisasm or capstone).

• The ability to redirect stderr to stdout in flow.ProcessChannel.

• The ability to create symlinks for commandline apps.

• New commandline apps:

  • asm to assemble from commandline.

  • symbols to list the symbol table of an ELF file.

  • gadget to find ROP gadgets in an ELF file.

  • symbol-extract to extract a symbol from an ELF file.

  • symbol-disasm to disassemble a symbol in an ELF file.

0.5.2 (2015-03-22)

• Added command line apps and a customized IPython shell.

0.5.1 (2015-03-21)

• Python3 fixes for flow:

  • Use latin1 for echo mode as not everything will be encodable as utf-8.

  • Disable buffering on subprocess.

0.5.0 (2015-03-21)

• Initial release.