for CTF windows pwn
- there are two versions of winpwn: winpwn-deps and winpwn-nodeps
- for winpwn-deps:
- based on pwintools,but I complete the IO interactive and debug module
- have bug, and I will not update it anymore, so I suggest you use winpwn-nodeps
- not support python3 and just can install from source code
- for winpwn-nodeps: written by myself.
- just use ctypes to invoke Windows API.
- support python2.7 and python3
- can use pip to install winpwn-nodeps
- for debug
- if you install by source code, modify the PATH of debugger in winpwn/var.py
- or if you use winpwn-nodeps, touch a json file in HOMEDIR(named ".winpwn") whose content format refers winpwn-nodeps/.winpwn
- I just test winpwn on cmder(if use cmder , please must use it on "cmd::cmder as Admin", not bash)
- pip install winpwn
- or pip3 install winpwn
- git clone https://github.com/Byzero512/winpwn.git
- cd winpwn\winpwn-nodeps
- python setup.py install / python3 setup.py install
1. process
+ process("./pwn")
+ process(["./pwn"])
2. remote
+ remote("127.0.0.1", 65535)
3. context
+ context.timeout=512
+ context.debugger="gdb" # or "windbg" or "x64dbg"
+ context.endian="little"
+ context.log_level="" # or "debug"
+ context.terminal=[ ]
+ context.newline="\r\n"
4. dbg: gdb(mingw gdb), windbg, x64dbg
+ gdb.attach(p, script="b *0x401000")
+ windbg.attach(p,script="bp 0x123456")
+ x64dbg.attach(p) #can not parse script file yetif you want to use debugger like gdb-peda, you need to deal with the deps yourself
for gdb-peda like show as bellow, you need:
- mingw-gdb installer:
- https://github.com/Byzero512/wibe (a gdb-peda like gdb-script supports mingw-gdb on windows)
- https://github.com/Byzero512/vmmap-win-cmd (for the command "vmmap" in wibe)
- pykd
- TWindbg: https://github.com/bruce30262/TWindbg
because lacks some commandline options, so just can use x64dbg attach to process and can not deliver init script yet
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent