| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
comm.interact() will drop the user into an "interactive" mode where they
can directly control what is sent. A SIGINT (Ctrl+C) will drop the
script out of interactive mode and continue executing the rest of the
script. If the output of the program (input into our script) goes into
a broken state (such as when the target program exits), interactive mode
will automatically exit.
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
|
|
Both new functions check the input for a predicate and keep reading
until the predicate is true.
readuntil() will consume input byte by byte and use the entire string
read to check the predicate. It will then return that entire string.
readlineuntil() consumes input line by line and only uses the last line
to check the predicate. The line that satisfies the predicate is all
that is returned.
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
|
|
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
|
|
First part of the MVP for the larger Sploit rework effort.
Add project structure, python packaging, basic comms, and "log" hook.
From in or out of the sploit directory, you can run the "sploit.py"
script, run python -m sploit, or import the sploit modules from the
python3 shell.
You can also pip install Sploit and from anywhere you can run the sploit
command, run python -m sploit, or import the sploit modules from the
python3 shell.
Running as a standalone application, Sploit can run in a "target" mode,
a "pipe" mode, and a "pipe daemon" mode. In "target" mode, Sploit will
launch a target program as a subprocess and run an exploit script
against its I/O. In "pipe" mode, Sploit will create named fifos and
wait for a program to connect to them to run an exploit script against
them. In "pipe daemon" mode, Sploit will run similar to the "pipe" mode,
but automatically recreate the fifos with the same name after each
execution.
Basic comm operations of read, readline, write, and writeline are
available to the exploit script.
A "log" hook is executed whenever data is read in from the target
program. This will just print the data out, but it can be configured to
decode it with a specific encoding or you could replace the function for
different behavior.
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
|
|
This is content from an old repo of mine. I think it makes much more
sense to merge it into lib-des-gnux.
templates/shellcode/ will track any useful shellcode recipes and
contains utilities for building them into ready-to-use payloads.
* shellcode-templates:
Globally ignore all build artifacts
Add Makefile for shellcode templates
Refactor genhex into shelltool
Add sys_exit shellcode templates
Add generic /bin/sh shellcode templates
|
|
Signed-off-by: Malfurious <m@lfurio.us>
|
|
The shell*.asm files are considered the default programs and the
expected use-case for utilizing the templates is to edit these files to
implement the desired shellcode. I figure that literal shellcode makes
the most sense of what to expect by default.
'make all' will assemble and link the shellcode (so it can actually be
directly executed via the output elf files), and feed the disassembly
into shelltool for use elsewhere.
Signed-off-by: Malfurious <m@lfurio.us>
|
|
For convenience, I've rewritten my old shellcode parser program in
Python. It is moved to the shellcode templates dir and renamed to
shelltool.
As a new feature, shelltool will now check the result for NULL bytes and
newline bytes that may cause problems in an exploit.
Signed-off-by: Malfurious <m@lfurio.us>
|
|
Signed-off-by: Malfurious <m@lfurio.us>
|
|
Signed-off-by: Malfurious <m@lfurio.us>
|
|
Signed-off-by: Malfurious <m@lfurio.us>
|
|
Signed-off-by: Malfurious <m@lfurio.us>
|
|
Signed-off-by: Malfurious <m@lfurio.us>
|
|
Some new links are added from the latest CTF.
Signed-off-by: Malfurious <m@lfurio.us>
|
|
https://github.com/Dusoleil/lib-des-gnux
Dusoleil's Writeups for the Metasploit Community CTF 2020
* tag 'pull-duso-metasploit-writeups' of https://github.com/Dusoleil/lib-des-gnux:
Dusoleil's Writeups from Metasploit Community CTF 2020
|
|
Signed-off-by: Malfurious <m@lfurio.us>
|
|
Taken from github, see comment in file.
Signed-off-by: Malfurious <m@lfurio.us>
|
|
The foremost tool in this collection is the brainfuck debugger. It was
written to assist with the 'boring flag checker' problem from RaRCTF
2021, but has good potential for general-purpose use.
The compiler and decompiler are much more niche, given brainfuck is not
typically a compiled language. They are from the same CTF and, although
highly problem-specific, are kept around for posterity.
A hello world program is saved under templates as a quick sanity check
for the tools as well as for reference purposes, should it become useful.
Signed-off-by: Malfurious <m@lfurio.us>
|
|
Signed-off-by: Malfurious <m@lfurio.us>
|
|
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
|
|
AperiSolve is a tool I stumbled upon a while back and have been meaning
to bookmark here.
CyberChef reported by dusoleil.
Signed-off-by: Malfurious <m@lfurio.us>
|
|
Signed-off-by: Malfurious <m@lfurio.us>
|
|
https://github.com/Dusoleil/lib-des-gnux
Writeups and other tools/docs from ImaginaryCTF from Dusoleil.
* tag 'pull-duso-imaginary-writeups' of https://github.com/Dusoleil/lib-des-gnux:
Adding Initial Commit of the Sploit Tool
Adding Various Docs
Adding Various Small Tools
Git Ignore __pycache__ for All Tools
Writeups from Imaginary CTF 2021
|
|
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
|
|
Adding a short list of pwn links, a note about python support for
complex numbers, and a short SSTI guide.
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
|
|
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
|
|
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
|
|
Adding Dusoleil's writeups from Imaginary CTF 2021
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
|
|
Signed-off-by: Malfurious <m@lfurio.us>
|
|
Signed-off-by: Malfurious <m@lfurio.us>
|
|
Signed-off-by: Malfurious <m@lfurio.us>
|
|
cmp instruction did not have an example.
Signed-off-by: Malfurious <m@lfurio.us>
|
|
Signed-off-by: Malfurious <m@lfurio.us>
|
|
Signed-off-by: Malfurious <m@lfurio.us>
|
|
Signed-off-by: Malfurious <m@lfurio.us>
|
|
Signed-off-by: Malfurious <m@lfurio.us>
|
|
The wishlist is a collection of things I want to add to the repository
(either can't find them easily, or tools that need to be written).
The quick reference is for random one-liner things that don't easily fit
anywhere else in the folder structure.
Signed-off-by: Malfurious <m@lfurio.us>
|
|
Signed-off-by: Malfurious <m@lfurio.us>
|
|
The intened way to view this file is directly via plaintext,
so remove the intent of having any specific markdown within
the document.
Signed-off-by: Malfurious <m@lfurio.us>
|
|
Signed-off-by: Malfurious <m@lfurio.us>
|
|
Signed-off-by: Malfurious <m@lfurio.us>
|
|
Signed-off-by: Malfurious <m@lfurio.us>
|
|
Signed-off-by: Malfurious <m@lfurio.us>
|
|
Signed-off-by: Malfurious <m@lfurio.us>
|
|
Signed-off-by: Malfurious <m@lfurio.us>
|
|
This is a utility program from my shellcoding repository. It uses the
dissassembly output from objdump to auto-format a payload from an
assembled object file.
Signed-off-by: Malfurious <m@lfurio.us>
|
|
Signed-off-by: Malfurious <m@lfurio.us>
|
|
This was leftover in my working directory from the last ctf....
Signed-off-by: Malfurious <m@lfurio.us>
|
|
This data is imported from the wiki and includes the results from CSA
CTF 2019, which, at the time of this writing, has just concluded.
Signed-off-by: Malf Furious <m@lfurio.us>
|
|
Signed-off-by: Malf Furious <m@lfurio.us>
|
