mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-25 06:00:40 +00:00
4.5 KiB
4.5 KiB
{% hint style="success" %}
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Support HackTricks
- Check the subscription plans!
- Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
- Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.
pip3 install pwntools
Pwn asm
Get opcodes from line or file.
pwn asm "jmp esp"
pwn asm -i <filepath>
Can select:
- output type (raw,hex,string,elf)
- output file context (16,32,64,linux,windows...)
- avoid bytes (new lines, null, a list)
- select encoder debug shellcode using gdb run the output
Pwn checksec
Checksec script
pwn checksec <executable>
Pwn constgrep
Pwn cyclic
Get a pattern
pwn cyclic 3000
pwn cyclic -l faad
Can select:
- The used alphabet (lowercase chars by default)
- Length of uniq pattern (default 4)
- context (16,32,64,linux,windows...)
- Take the offset (-l)
Pwn debug
Attach GDB to a process
pwn debug --exec /bin/bash
pwn debug --pid 1234
pwn debug --process bash
Can select:
- By executable, by name or by pid context (16,32,64,linux,windows...)
- gdbscript to execute
- sysrootpath
Pwn disablenx
Disable nx of a binary
pwn disablenx <filepath>
Pwn disasm
Disas hex opcodes
pwn disasm ffe4
Can select:
- context (16,32,64,linux,windows...)
- base addres
- color(default)/no color
Pwn elfdiff
Print differences between 2 fiels
pwn elfdiff <file1> <file2>
Pwn hex
Get hexadecimal representation
pwn hex hola #Get hex of "hola" ascii
Pwn phd
Get hexdump
pwn phd <file>
Can select:
- Number of bytes to show
- Number of bytes per line highlight byte
- Skip bytes at beginning
Pwn pwnstrip
Pwn scrable
Pwn shellcraft
Get shellcodes
pwn shellcraft -l #List shellcodes
pwn shellcraft -l amd #Shellcode with amd in the name
pwn shellcraft -f hex amd64.linux.sh #Create in C and run
pwn shellcraft -r amd64.linux.sh #Run to test. Get shell
pwn shellcraft .r amd64.linux.bindsh 9095 #Bind SH to port
Can select:
- shellcode and arguments for the shellcode
- Out file
- output format
- debug (attach dbg to shellcode)
- before (debug trap before code)
- after
- avoid using opcodes (default: not null and new line)
- Run the shellcode
- Color/no color
- list syscalls
- list possible shellcodes
- Generate ELF as a shared library
Pwn template
Get a python template
pwn template
Can select: host, port, user, pass, path and quiet
Pwn unhex
From hex to string
pwn unhex 686f6c61
Pwn update
To update pwntools
pwn update
{% hint style="success" %}
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Support HackTricks
- Check the subscription plans!
- Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
- Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.