pwninit
A tool for automating starting binary exploit challenges
Features
- Set challenge binary to be executable
- Download a linker (
ld-linux.so.*
) that can segfaultlesslyLD_PRELOAD
the provided libc - Download debug symbols and unstrip the libc
- Fill in a template pwntools solve script
Usage
Short version
Run pwninit
Long version
Run pwninit
in a directory with the relevant files and it will detect which ones are the binary, libc, and linker. If the detection is wrong, you can specify the locations with --bin
, --libc
, and --ld
.
Custom solve.py
template
If you don't like the default template, you can use your own. Just specify --template-path <path>
. Check template.py for the template format. The names of the exe
, libc
, and ld
bindings can be customized with --template-bin-name
, --template-libc-name
, and --template-ld-name
.
Persisting custom solve.py
You can make pwninit
load your custom template automatically by adding an alias to your ~/.bashrc
.
Example
Install
Arch Linux
Install pwninit
or
pwninit-bin
from the AUR.
Download
You can download non-GMO statically-linked musl binaries from the releases page.
Using cargo
The binary will be placed in ~/.cargo/bin
.
Note that openssl
, liblzma
, and pkg-config
are required for the build.
Example
solve.py
:
#!/usr/bin/env python3
=
=
=
=
return
return
=
# good luck pwning :)