Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add --libc libc.so argument to pwn template #2212

Merged
merged 18 commits into from
Jul 26, 2023
Merged

Add --libc libc.so argument to pwn template #2212

merged 18 commits into from
Jul 26, 2023

Commits on Nov 18, 2022

  1. Add ELF.set_runpath() 

    Shells out to the `patchelf` tool to patch the ELF's RUNPATH. This lets the dynamic loader look for needed shared libraries in the given path first before the system libraries when running the binary.
    @peace-maker
    peace-maker committed Nov 18, 2022
    Configuration menu
    Copy the full SHA
    e42b197 View commit details
    Browse the repository at this point in the history

  2. Add ELF.set_interpreter() 

    Shells out to the `patchelf` tool to patch the ELF's PT_INTERP segment. This allows to change the ld.so used when running the binary.
    @peace-maker
    peace-maker committed Nov 18, 2022
    Configuration menu
    Copy the full SHA
    95f3801 View commit details
    Browse the repository at this point in the history

  3. Add convenience wrapper to set runpath & interpreter 

    A helper function to patch the ELF such that it uses the dynamic loader and other libraries in the given folder.
    @peace-maker
    peace-maker committed Nov 18, 2022
    Configuration menu
    Copy the full SHA
    7381e0a View commit details
    Browse the repository at this point in the history

  4. Add method to download libraries matching a libc 

    Download the matching libraries for the given libc binary and cache them in a local directory using `libcdb.download_libraries()`. The libraries are looked up using libc.rip and fetched from the official package repositories if available.

Only .deb and .pkg.tar.* packages are currently supported (Debian/Ubuntu, Arch).
    @peace-maker
    peace-maker committed Nov 18, 2022
    Configuration menu
    Copy the full SHA
    690a5d8 View commit details
    Browse the repository at this point in the history

  5. Add --libc argument to pwnup template 

    This generates code into the template which allows you to run the binary using the given libc.

The foreign libc is used by default, but you can choose to run the binary against your system's local libc using the `LOCAL_LIBC` command line argument when executing the exploit script.
    @peace-maker
    peace-maker committed Nov 18, 2022
    Configuration menu
    Copy the full SHA
    46f9461 View commit details
    Browse the repository at this point in the history

Commits on Feb 24, 2023

  1. Merge branch 'dev' into download_libc_libraries

    @peace-maker
    peace-maker committed Feb 24, 2023
    Configuration menu
    Copy the full SHA
    b3d00d3 View commit details
    Browse the repository at this point in the history

  2. Work around Python 2 tarfile not supporting xz

    @peace-maker
    peace-maker committed Feb 24, 2023
    Configuration menu
    Copy the full SHA
    aaeb1e0 View commit details
    Browse the repository at this point in the history

Commits on May 24, 2023

  1. Merge branch 'dev' into download_libc_libraries

    @peace-maker
    peace-maker committed May 24, 2023
    Configuration menu
    Copy the full SHA
    c6509ba View commit details
    Browse the repository at this point in the history

  2. Fix crash when libc wasn't found on libc.rip

    @peace-maker
    peace-maker committed May 24, 2023
    Configuration menu
    Copy the full SHA
    93ba1ac View commit details
    Browse the repository at this point in the history

Commits on Jul 2, 2023

  1. Merge branch 'dev' into download_libc_libraries

    @peace-maker
    peace-maker committed Jul 2, 2023
    Configuration menu
    Copy the full SHA
    28d503c View commit details
    Browse the repository at this point in the history

  2. Update README

    @peace-maker
    peace-maker committed Jul 2, 2023
    Configuration menu
    Copy the full SHA
    71050e9 View commit details
    Browse the repository at this point in the history

Commits on Jul 10, 2023

  1. Use subprocess.check_output instead of pwnlib.process

    @peace-maker
    peace-maker committed Jul 10, 2023
    Configuration menu
    Copy the full SHA
    2280af3 View commit details
    Browse the repository at this point in the history

  2. Special case Python 2 instead of 3

    @peace-maker
    peace-maker committed Jul 10, 2023
    Configuration menu
    Copy the full SHA
    e9ceb3b View commit details
    Browse the repository at this point in the history

  3. Merge branch 'dev' into download_libc_libraries

    @peace-maker
    peace-maker committed Jul 10, 2023
    Configuration menu
    Copy the full SHA
    ed40df2 View commit details
    Browse the repository at this point in the history

  4. Only catch Exceptions instead of everything 

    Co-authored-by: Arusekk <[email protected]>
    @peace-maker @Arusekk
    peace-maker and Arusekk committed Jul 10, 2023
    Configuration menu
    Copy the full SHA
    0edb82c View commit details
    Browse the repository at this point in the history

Commits on Jul 18, 2023

  1. Check launchpad.net for Ubuntu libcs 

    This mimics the way io12/pwninit obtains the ld.so.
If the download from libc.rip fails, try launchpad.net.
    @peace-maker
    peace-maker committed Jul 18, 2023
    Configuration menu
    Copy the full SHA
    589fb87 View commit details
    Browse the repository at this point in the history

Commits on Jul 24, 2023

  1. Hide comment in template when --quiet

    @peace-maker
    peace-maker committed Jul 24, 2023
    Configuration menu
    Copy the full SHA
    3c8d78f View commit details
    Browse the repository at this point in the history

  2. Please confused pylint in PY2 context 

    Co-authored-by: Arusekk <[email protected]>
    @peace-maker @Arusekk
    peace-maker and Arusekk committed Jul 24, 2023
    Configuration menu
    Copy the full SHA
    216ce5e View commit details
    Browse the repository at this point in the history