SPLOITKIT - A suite of CLI tools built to automate some of the tedious parts of exploit development

abril 01, 2016

SPLOITKIT - A suite of CLI tools built to automate some of the tedious parts of exploit development

SploitKit is a series of scripts I wrote to automate some repetitive or tedius tasks I find I commonly need to perform when writing exploits (specifically: Buffer Overflow Exploits). You're welcome to use these too if you'd like.

Script Lists:

Ror Spike

This script (./ror_spike.rb) is a wrapper for the SPIKE fuzzer. It creates spike templates for multiple commands (as specified in the script), and launch spike for each created file. It logs the variable that caused the crash, the command it was using, and prompts you to add a custom comment to the log. Later, you can navigate to the log and view a history of the crashes you found.

BadChars

This script (./badchars.rb) is designed to help determine which chars are bad. This script assumes you are working with Olly (or at least, something that results in hex printed in the same format as Olly’s binary paste (e.g. 01 0203 04 05 instead of \x01\x02\x03\x04\x05). Remember, I wrote this to suit me. I’m happy to accept pull requests if anybody would like to contribute to making it a little friendlier for use with other debuggers.

MagicCalc

This script (./magic_calc.rb) is designed to help with the calculations required to push encoded shellcode to the stack when dealing with an extremely limited allowed character set. It assumes you know that what we’re doing here is using a register (after it’s been XORd to zero) to calculate the difference between the hex representation of zero to our desired hex code, so that it can be pushed to the stack and executed. If I haven’t articulated this well enough, or you haven’t come across this yet, do some googling for “manually encoding shellcode to bypass character filters”.

HexSum

This script (./hexsum.rb) is sort of a sanity check for magic_calc.rb. It confirms the calculations are correct, and then provides the hexcodes in little endian format.

Installation:

No installation required (assuming you have Ruby installed - These were tested in Ruby 2.1.1), just download it and chmod the scripts:


git clone https://github.com/treacton/sploitkit.git
cd sploitkit

chmod +x .*   # you trust me, right?? =)

And then execute:


cd sploitkit

./script_name [args may be required depending on the script, but hopefully I've already written a decent help prompt for you]

Source: https://github.com/tresacton

Buscar este blog

Hablemos de Tecnologia

SPLOITKIT - A suite of CLI tools built to automate some of the tedious parts of exploit development

Comentarios

Publicar un comentario

Entradas populares

100 millones de teléfonos Samsung afectados con función defectuosa de clave de cifrado por hardware

Backdoor windows, ¿Qué son y cómo crear uno que sea indetectable?