____ ________ __________ __
/ __ \_ ______ / ____/ /_/ __/_ __/___ ____ / /
/ /_/ / | /| / / __ \/ / / __/ /_ / / / __ \/ __ \/ /
/ ____/| |/ |/ / / / / /___/ /_/ __/ / / / /_/ / /_/ / /
/_/ |__/|__/_/ /_/\____/\__/_/ /_/ \____/\____/_/
By: DiegoAltF4 and Dbd4
Tool for ret2win challenges.
It can be used both locally and remotely (indicating IP and port). It automatically finds the offset to the Instruction Pointer stored in the stack.
It can be configured to return a shell. By default, it prints the data received by the connection (possible flag). It also allows to display the offset to the instruction pointer in the stack and supports x86 architecture in both 32-bit and 64-bit. It can be used to debug the exploit with GDB.
Basic usage:
./PwnCtfTool.py -f vuln.bin -t flag_func
Auto PWN tool for CTF
optional arguments:
-h, --help show this help message and exit
-vv Max Verbose (debug)
-v Verbose (info)
-g Attach GDB
-f FILE File to PWN
-t TARGET Target Function
--offset Print offset Instruction Pointer
--shell Stay interactive
--remote Exploit remote server
Installation:
git clone https://github.com/Diego-AltF4/PwnCtfTool.git
cd ./PwnCtfTool
pip3 install -r requirements.txt
chmod +x PwnCtfTool.py
./PwnCtfTool.py
Acknowledgements
 David Billhardt |
Created by DiegoAltF4 and Dbd4
1 Dec 10, 2021
9 Sep 28, 2022
97 Dec 03, 2022
1 Jan 29, 2022
11 Sep 10, 2021
1 Jan 26, 2022
7 Apr 28, 2022
69 Nov 03, 2022
56 Nov 30, 2022
12 Jan 16, 2022
9 Dec 25, 2022
62 Dec 28, 2022
35 Oct 04, 2022
4 Sep 05, 2021
105 Dec 24, 2022
4.9k Jan 08, 2023
423 Jan 02, 2023
158 Dec 20, 2022
2 Jul 17, 2022
6 Sep 15, 2022