pwninitA tool for automating starting binary exploit challenges
ld-linux.so.*) that can segfaultlessly LD_PRELOAD the provided libcRun pwninit
Run pwninit in a directory with the relevant files and it will detect which ones are the binary, libc, and linker. If the detection is wrong, you can specify the locations with --bin, --libc, and --ld.
solve.py templateIf you don't like the default template, you can use your own. Just specify --template-path <path>. Check template.py for the template format. The names of the exe, libc, and ld bindings can be customized with --template-bin-name, --template-libc-name, and --template-ld-name.
solve.pyYou can make pwninit load your custom template automatically by adding an alias to your ~/.bashrc.
bash
alias pwninit='pwninit --template-path ~/.config/pwninit-template.py --template-bin-name e'
Install pwninit or
pwninit-bin from the AUR.
You can download non-GMO statically-linked musl binaries from the releases page.
sh
cargo install pwninit
The binary will be placed in ~/.cargo/bin.
Note that openssl, liblzma, and pkg-config are required for the build.
```sh $ ls hunter libc.so.6 readme
$ pwninit bin: ./hunter libc: ./libc.so.6
fetching linker unstripping libc setting ./ld-2.23.so executable writing solve.py stub
$ ls hunter ld-2.23.so libc.so.6 readme solve.py ```
solve.py:
```python
from pwn import *
exe = ELF("./hunter") libc = ELF("./libc.so.6") ld = ELF("./ld-2.23.so")
context.binary = exe
def conn(): if args.LOCAL: return process([ld.path, exe.path], env={"LD_PRELOAD": libc.path}) else: return remote("addr", 1337)
def main(): r = conn()
# good luck pwning :)
r.interactive()
if name == "main": main() ```