It can be used both locally and remotely (indicating IP and port)

Last update: Dec 29, 2022

Related tags

Overview

    ____                 ________  __________            __
   / __ \_      ______  / ____/ /_/ __/_  __/___  ____  / /
  / /_/ / | /| / / __ \/ /   / __/ /_  / / / __ \/ __ \/ / 
 / ____/| |/ |/ / / / / /___/ /_/ __/ / / / /_/ / /_/ / /  
/_/     |__/|__/_/ /_/\____/\__/_/   /_/  \____/\____/_/   
                                                           
                By: DiegoAltF4 and Dbd4

Tool for ret2win challenges.

It can be used both locally and remotely (indicating IP and port). It automatically finds the offset to the Instruction Pointer stored in the stack.

It can be configured to return a shell. By default, it prints the data received by the connection (possible flag). It also allows to display the offset to the instruction pointer in the stack and supports x86 architecture in both 32-bit and 64-bit. It can be used to debug the exploit with GDB.

Basic usage:

./PwnCtfTool.py -f vuln.bin -t flag_func

Auto PWN tool for CTF
optional arguments:
  -h, --help show this help message and exit
  -vv Max Verbose (debug)
  -v Verbose (info)
  -g Attach GDB
  -f FILE File to PWN
  -t TARGET Target Function
  --offset Print offset Instruction Pointer
  --shell Stay interactive
  --remote Exploit remote server

Installation:

git clone https://github.com/Diego-AltF4/PwnCtfTool.git
cd ./PwnCtfTool
pip3 install -r requirements.txt
chmod +x PwnCtfTool.py
./PwnCtfTool.py

Acknowledgements

_{David Billhardt}

Created by DiegoAltF4 and Dbd4

It can be used both locally and remotely (indicating IP and port)

Related tags

Overview

Tool for ret2win challenges.

Acknowledgements

Owner

DiegoAltF4

Multiple-requests-poster - A tool to send multiple requests to a particular website written in Python

An advanced real time threat intelligence framework to identify threats and malicious web traffic on the basis of IP reputation and historical data.

This program ingests a Cisco "sh ip arp" as a text file and produces the list of vendors seen in the file

StarCraft II Client - protocol definitions used to communicate with StarCraft II.

ip2domain - get ip to domain, Know the domian corresponding to the local network connection IP

Docker container for demoing Wi-Fi calling stack.

NetMiaou is an crossplatform hacking tool that can do reverse shells, send files, create an http server or send and receive tcp packet

A Calendar subscribe server for python

Modern Denial-of-service ToolKit for python

A pure python implementation of multicast DNS service discovery

An HTML interface for finetuning the sync map output from aeneas

FIRM-AFL is the first high-throughput greybox fuzzer for IoT firmware.

Godzilla traffic decoder Godzilla Decoder 是一个用于哥斯拉Godzilla 加密流量分析的辅助脚本。

The Delegate Network: An Interactive Voice Response Delegative Democracy Implementation of Liquid Democracy

Usbkill - an anti-forensic kill-switch that waits for a change on your USB ports and then immediately shuts down your computer.

msgspec is a fast and friendly implementation of the MessagePack protocol for Python 3.8+

Simple client for the Sirah Matisse Commander TCP server.

Truetool - A TrueCharts automatic and bulk update utility

Keep your application settings in sync (OS X/Linux)

A gRPC-Web implementation for Python

It can be used both locally and remotely (indicating IP and port)

Related tags

Overview

Tool for ret2win challenges.

Acknowledgements

Owner

DiegoAltF4

Multiple-requests-poster - A tool to send multiple requests to a particular website written in Python

An advanced real time threat intelligence framework to identify threats and malicious web traffic on the basis of IP reputation and historical data.

This program ingests a Cisco "sh ip arp" as a text file and produces the list of vendors seen in the file

StarCraft II Client - protocol definitions used to communicate with StarCraft II.

ip2domain - get ip to domain, Know the domian corresponding to the local network connection IP

Docker container for demoing Wi-Fi calling stack.

NetMiaou is an crossplatform hacking tool that can do reverse shells, send files, create an http server or send and receive tcp packet

A Calendar subscribe server for python

Modern Denial-of-service ToolKit for python

A pure python implementation of multicast DNS service discovery

An HTML interface for finetuning the sync map output from aeneas

FIRM-AFL is the first high-throughput greybox fuzzer for IoT firmware.

Godzilla traffic decoder Godzilla Decoder 是一个用于 哥斯拉Godzilla 加密流量分析的辅助脚本。

The Delegate Network: An Interactive Voice Response Delegative Democracy Implementation of Liquid Democracy

Usbkill - an anti-forensic kill-switch that waits for a change on your USB ports and then immediately shuts down your computer.

msgspec is a fast and friendly implementation of the MessagePack protocol for Python 3.8+

Simple client for the Sirah Matisse Commander TCP server.

Truetool - A TrueCharts automatic and bulk update utility

Keep your application settings in sync (OS X/Linux)

A gRPC-Web implementation for Python

Godzilla traffic decoder Godzilla Decoder 是一个用于哥斯拉Godzilla 加密流量分析的辅助脚本。