HackTricksPwnTools
Reading time: 3 minutes
tip
Jifunze na fanya mazoezi ya AWS Hacking:
HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: 
HackTricks Training GCP Red Team Expert (GRTE)
Support HackTricks
- Angalia mpango wa usajili!
- Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuatilie kwenye Twitter 🐦 @hacktricks_live.
- Shiriki mbinu za udukuzi kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.
pip3 install pwntools
Pwn asm
Pata opcodes kutoka kwa mstari au faili.
pwn asm "jmp esp"
pwn asm -i <filepath>
Inaweza kuchagua:
- aina ya pato (raw, hex, string, elf)
- muktadha wa faili la pato (16, 32, 64, linux, windows...)
- epuka bytes (mistari mipya, null, orodha)
- chagua encoder debug shellcode ukitumia gdb endesha pato
Pwn checksec
Script ya checksec
pwn checksec <executable>
Pwn constgrep
Pwn cyclic
Pata muundo
pwn cyclic 3000
pwn cyclic -l faad
Inaweza kuchaguliwa:
- Alfabeti inayotumika (herufi ndogo kwa chaguo-msingi)
- Urefu wa muundo wa kipekee (chaguo-msingi 4)
- muktadha (16,32,64,linux,windows...)
- Chukua ofseti (-l)
Pwn debug
Unganisha GDB na mchakato
pwn debug --exec /bin/bash
pwn debug --pid 1234
pwn debug --process bash
Inaweza kuchaguliwa:
- Kwa executable, kwa jina au kwa muktadha wa pid (16,32,64,linux,windows...)
- gdbscript ya kutekeleza
- sysrootpath
Pwn disablenx
Zima nx ya binary
pwn disablenx <filepath>
Pwn disasm
Disas hex opcodes
pwn disasm ffe4
Inaweza kuchaguliwa:
- muktadha (16,32,64,linux,windows...)
- anwani ya msingi
- rangi (default)/hakuna rangi
Pwn elfdiff
Chapisha tofauti kati ya faili 2
pwn elfdiff <file1> <file2>
Pwn hex
Pata uwakilishi wa hexadecimal
pwn hex hola #Get hex of "hola" ascii
Pwn phd
Pata hexdump
pwn phd <file>
Inaweza kuchaguliwa:
- Idadi ya bytes za kuonyesha
- Idadi ya bytes kwa kila mstari wa kuangazia byte
- Kusaidia bytes mwanzoni
Pwn pwnstrip
Pwn scrable
Pwn shellcraft
Pata shellcodes
pwn shellcraft -l #List shellcodes
pwn shellcraft -l amd #Shellcode with amd in the name
pwn shellcraft -f hex amd64.linux.sh #Create in C and run
pwn shellcraft -r amd64.linux.sh #Run to test. Get shell
pwn shellcraft .r amd64.linux.bindsh 9095 #Bind SH to port
Inaweza kuchaguliwa:
- shellcode na hoja za shellcode
- Faili ya nje
- muundo wa pato
- debug (unganishisha dbg na shellcode)
- kabla (trap ya debug kabla ya msimbo)
- baada
- epuka kutumia opcodes (default: si null na mstari mpya)
- Endesha shellcode
- Rangi/hana rangi
- orodhesha syscalls
- orodhesha shellcodes zinazowezekana
- Tengeneza ELF kama maktaba ya pamoja
Pwn template
Pata kiolezo cha python
pwn template
Inaweza kuchagua: mwenyeji, bandari, mtumiaji, pass, njia na kimya
Pwn unhex
Kutoka hex hadi string
pwn unhex 686f6c61
Pwn update
Ili kusasisha pwntools
pwn update
tip
Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Support HackTricks
- Angalia mpango wa usajili!
- Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuatilie kwenye Twitter 🐦 @hacktricks_live.
- Shiriki mbinu za udukuzi kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.