summaryrefslogtreecommitdiffstats
path: root/tools (follow)
AgeCommit message (Collapse)AuthorFilesLines
2021-09-07sploit: Rename arch.nop to nopcodeMalfurious1-4/+4
This was the name I had originally intended to use while factoring architecture details out to the global scope. It's not terribly different, but I feel the new context warrants some additional clarity. Signed-off-by: Malfurious <m@lfurio.us> Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
2021-09-07Manually run garbage collection after execdusoleil1-0/+3
Apparently python won't run garbage collection on stuff owned by the exec context if you define a function in the exec. This can lead to random leaks, but it is most impactful in daemon mode. If the globals dictionary given to exec isn't cleaned up, there will be a random reference to comm that still exists. This holds a reference to the Pipes object which prevents it from getting cleaned up before we try to make a new one. Making a new one needs the fifos to have been cleaned up, so it relies on the fact that the old one was supposed to be cleaned up. The most straightforward and non-intrusive way I could think to fix this was to just manually run the garbage collector after exec. This is able to find the leaked references and clean it all up. Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
2021-09-07Clean up exception handling in main.pydusoleil1-22/+21
The handling from the daemon mode code will also work in the process and pipes cases. Putting it in a common location removes the need for the outer try/except. It is also easier to read/maintain in general. Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
2021-09-05sploit: Rename Comm instance to 'io'Malfurious1-1/+1
If the user's script contains from sploit import * then the exported 'comm' communication object is clobbered by the 'comm' source module. Switching the name to 'io' avoids this issue, is more to the point, and is even fewer characters to type. Signed-off-by: Malfurious <m@lfurio.us> Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
2021-09-05sploit: Properly scope user-script executionMalfurious1-2/+2
Rather than implicitly inheriting names in scope for the user-script, this collection is sanitized and we only export the 'comm' communication object. This seems to be a safer way to operate and addresses an issue with sub-scopes in the user's script not functioning properly. (Previously, user-defined functions did not have access to globals, or library functions.) Additionally, the user's code is now passed through compile() to attach the original file name. This is useful for debugging / diagnostic situations, to make it more obvious if a crash originated from the user's script. Signed-off-by: Malfurious <m@lfurio.us> Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
2021-09-02Change behavior for import sploitdusoleil1-0/+1
The statement import sploit will now import all of the sploit modules under the sploit namespace. Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
2021-09-02Add mem module for calculating memory offsetsdusoleil2-1/+16
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
2021-09-02Handle Process destr when Process constr throwsdusoleil1-0/+1
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
2021-09-02Reuse read() and readline() in the until() APIdusoleil1-4/+5
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
2021-09-02Add readall() which reads until EOFdusoleil2-2/+8
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
2021-09-02Move comm toggles for consistencydusoleil1-3/+3
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
2021-09-02Add arch config moduledusoleil2-1/+29
Add Arch class which specifies wordsize, endianness, alignment, and a nop code for an architecture. Add a couple predefined architectures for x86 and x86_64 Add a "configured" architecture which is set to x86_64 by default. Added btoi and itob functions which will convert to and from bytes and ints based on the current architecture config Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
2021-09-01Add Config Toggles for Read/Write Extra Behaviordusoleil1-5/+8
logonread can enable/disable logging the result of every read flushonwrite can enable/disable automatically flushing every write Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
2021-09-01Rewrite interact() to be Single Threadeddusoleil1-36/+26
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
2021-09-01Add Convenience Utility to readuntil()dusoleil3-3/+20
readuntil() and readlineuntil() will now automatically bind() a predicate and given arguments to produce the single function predicate required. The 'until' module will provide convenience utilities for use with readuntil() and readlineuntil(). For now, it contains functools.partial renamed as bind(), lastline() which can call a predicate with the last element of the array of lines given from readlineuntil(), and simplified versions of re.search and re.fullmatch renamed as contains and equals. These allow us to write powerful and legible statements like: comm.readlineuntil(lastline,contains,b'Enter') Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
2021-09-01readlineuntil() Operates on an Array of Linesdusoleil1-4/+9
Instead of only operating on and returning the last line read, readlineuntil() will now check the predicate against an array of all lines read and return that array when the predicate is true. Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
2021-09-01Correct read() Semanticsdusoleil1-1/+1
The BufferedReader's .read() doesn't behave as expected. It reads EXACTLY size bytes and will block until there are enough available to read. os.read() does what we expect. It will read UP TO size bytes and only block if there is nothing available to read. Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
2021-09-01Throw a BrokenPipeError on Broken Readdusoleil1-0/+4
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
2021-09-01Formattingdusoleil2-16/+16
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
2021-09-01Handle Exceptions in Daemon Modedusoleil1-1/+12
If the user presses Ctrl+C while waiting on a connection, we want to gracefully exit. If the user presses Ctrl+C during the script, we want to stop executing the script and restart the loop. If any other exception happens during the script, we want to print out the stacktrace as normal, but continue the loop. Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
2021-09-01Allow Exit with Ctrl+C without a Stacktracedusoleil1-8/+11
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
2021-09-01Move "Read Rest of Output" Out of Destructordusoleil2-4/+2
With the "read rest of output" code in the Comm destructor, it would continue to read output even in situations where some error happened and we expect sploit to die or when the user presses Ctrl+C to end sploit. By moving it to the end of the script running code in main, it behaves more intuitively. Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
2021-09-01Better Shutdown Process for Pipesdusoleil1-4/+7
Handle all of the edge cases when shutting down in Pipes mode. e.g. If the pipes are broken (tried to write after the program died) If the fifos don't exist anymore (sometimes tempfile cleans them up before the destructor finishes when certain errors happen) If the object attributes for the streams and fifo paths aren't set (this can happen if the constructor didn't finish. e.g. the user cancels while waiting on a connection) Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
2021-09-01Better Shutdown Process for Target Programdusoleil1-1/+8
If we need to wait on the target program to die, we don't want to just wait forever with no indication to the user. Instead, only call wait if the program is still alive, inform the user that we are doing this, and give them the ability to forcefully kill the target program with Ctrl+C. Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
2021-09-01Better Info Messagesdusoleil2-2/+3
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
2021-08-31Use Entire Path When Given The Pipe Directorydusoleil2-3/+4
Previously, you could specify a directory which must exist under /tmp. Now, you can give the full path to a directory to be used by Pipes. Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
2021-08-31Add Interactive Mode to Commsdusoleil1-1/+49
comm.interact() will drop the user into an "interactive" mode where they can directly control what is sent. A SIGINT (Ctrl+C) will drop the script out of interactive mode and continue executing the rest of the script. If the output of the program (input into our script) goes into a broken state (such as when the target program exits), interactive mode will automatically exit. Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
2021-08-31Add readuntil() and readlineuntil() to Commsdusoleil1-0/+14
Both new functions check the input for a predicate and keep reading until the predicate is true. readuntil() will consume input byte by byte and use the entire string read to check the predicate. It will then return that entire string. readlineuntil() consumes input line by line and only uses the last line to check the predicate. The line that satisfies the predicate is all that is returned. Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
2021-08-31Use With Statement for Temporary Directorydusoleil1-4/+4
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
2021-08-30Sploit Rework MVP Structure, Packaging, and Commsdusoleil15-329/+133
First part of the MVP for the larger Sploit rework effort. Add project structure, python packaging, basic comms, and "log" hook. From in or out of the sploit directory, you can run the "sploit.py" script, run python -m sploit, or import the sploit modules from the python3 shell. You can also pip install Sploit and from anywhere you can run the sploit command, run python -m sploit, or import the sploit modules from the python3 shell. Running as a standalone application, Sploit can run in a "target" mode, a "pipe" mode, and a "pipe daemon" mode. In "target" mode, Sploit will launch a target program as a subprocess and run an exploit script against its I/O. In "pipe" mode, Sploit will create named fifos and wait for a program to connect to them to run an exploit script against them. In "pipe daemon" mode, Sploit will run similar to the "pipe" mode, but automatically recreate the fifos with the same name after each execution. Basic comm operations of read, readline, write, and writeline are available to the exploit script. A "log" hook is executed whenever data is read in from the target program. This will just print the data out, but it can be configured to decode it with a specific encoding or you could replace the function for different behavior. Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
2021-08-22Globally ignore all build artifactsMalfurious1-1/+0
Signed-off-by: Malfurious <m@lfurio.us>
2021-08-22Refactor genhex into shelltoolMalfurious1-33/+0
For convenience, I've rewritten my old shellcode parser program in Python. It is moved to the shellcode templates dir and renamed to shelltool. As a new feature, shelltool will now check the result for NULL bytes and newline bytes that may cause problems in an exploit. Signed-off-by: Malfurious <m@lfurio.us>
2021-08-10Commit brainfuck toolsMalfurious3-0/+434
The foremost tool in this collection is the brainfuck debugger. It was written to assist with the 'boring flag checker' problem from RaRCTF 2021, but has good potential for general-purpose use. The compiler and decompiler are much more niche, given brainfuck is not typically a compiled language. They are from the same CTF and, although highly problem-specific, are kept around for posterity. A hello world program is saved under templates as a quick sanity check for the tools as well as for reference purposes, should it become useful. Signed-off-by: Malfurious <m@lfurio.us>
2021-08-03Adding Initial Commit of the Sploit Tooldusoleil8-0/+330
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
2021-08-01Adding Various Small Toolsdusoleil2-0/+52
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
2021-08-01Git Ignore __pycache__ for All Toolsdusoleil1-0/+1
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
2020-12-21Add netcat-based port scannerMalfurious1-0/+2
Signed-off-by: Malfurious <m@lfurio.us>
2020-12-21Create tools directoryMalfurious3-0/+261
Signed-off-by: Malfurious <m@lfurio.us>