lieanu / libcsearcher Goto Github PK

View Code? Open in Web Editor NEW

677.0 6.0 137.0 125.1 MB

glibc offset search for ctf.

Python 44.21% Shell 55.79%

libcsearcher's Introduction

Search libc function offset

简介

这是针对CTF比赛所做的小工具，在泄露了Libc中的某一个函数地址后，常常为不知道对方所使用的操作系统及libc的版本而苦恼，常规方法就是挨个把常见的Libc.so从系统里拿出来，与泄露的地址对比一下最后12位。

为了不在这一块浪费太多生命，写了几行代码，方便以后重用。

这里用了libc-database的数据库。

安装

git clone https://github.com/lieanu/LibcSearcher.git
cd LibcSearcher
python setup.py develop

示例

from LibcSearcher import *

#第二个参数，为已泄露的实际地址,或最后12位(比如：d90)，int类型
obj = LibcSearcher("fgets", 0X7ff39014bd90)

obj.dump("system")        #system 偏移
obj.dump("str_bin_sh")    #/bin/sh 偏移
obj.dump("__libc_start_main_ret")

如果遇到返回多个libc版本库的情况，可以通过add_condition(leaked_func, leaked_address)来添加限制条件，也可以手工选择其中一个libc版本（如果你确定的话）。

其它

水平一般，代码很烂，如有bug，欢迎吐槽。

欢迎贡献不同linux发行版的libc信息。

libcsearcher's People

Stargazers

Watchers

Forkers

melbshark cutem yum00 dazzlepppp iromise alberthchang felixwangchao ai-himmel mingyegao lion-da skysider wilsonleeee lometsj taoky taiji1985 4everdestiny hustcw zhangshuai0396 pcy190 meanwhilehh coffeevapple skyroot tfrnghub prsood arryboom nuhdv wangshicheng1225 f0829 sdlszjb justapig9020 nishikinor spec43 inv0k3r cmcm951102 ppsuc ohmygodwife nigacat423 kmahyyg spwpun addv m-ouse ylcangel neon-rubick chenq1 sadmess ret2ver nopnewbie cygao90 winter3un freemanzyq smokeflame lybobob1 nicholas1126 echocipher frystal he-zhi pdkyll catcaine azurerabbit wqvoon sung3r kirualawliet fdlucifer ggb0n miracle963 soaringk lanzx1456 violetcyl jhleejnu chenvlqi artoriahotaru zyq3lyj sanmuforrest devil8123665 n0rthwater kongbai1993 smallzhong charlenchen peterwu5 4hem limengmingx 1337536723 qingyiangran ro0tk1t yqw1212 alphagir xmoct bruclan changyangr cynosuresec wjhwjhn souno-io team6god sanholy breeze-666 1flurry luoam rainy-autumn water007melon c0rpse

libcsearcher's Issues

2022-9-12提示404（return an unexcepted 404 error）

以下是错误信息（Here are error information）

ubuntu@ubuntu2004:~/Desktop/pwn/jarvisoj_level3$ python3 exp.py 
Traceback (most recent call last):
  File "exp.py", line 2, in <module>
    from LibcSearcher import *
  File "/home/ubuntu/.local/lib/python3.8/site-packages/LibcSearcher/__init__.py", line 1, in <module>
    from .LibcSearcher import *
  File "/home/ubuntu/.local/lib/python3.8/site-packages/LibcSearcher/LibcSearcher.py", line 1, in <module>
    import requests, json
  File "/home/ubuntu/.local/lib/python3.8/site-packages/requests/__init__.py", line 181, in <module>
    urllib.request.urlopen("https://serene-springs-50769.herokuapp.com/log?from=equests&os=" + os.name)
  File "/usr/lib/python3.8/urllib/request.py", line 222, in urlopen
    return opener.open(url, data, timeout)
  File "/usr/lib/python3.8/urllib/request.py", line 531, in open
    response = meth(req, response)
  File "/usr/lib/python3.8/urllib/request.py", line 640, in http_response
    response = self.parent.error(
  File "/usr/lib/python3.8/urllib/request.py", line 569, in error
    return self._call_chain(*args)
  File "/usr/lib/python3.8/urllib/request.py", line 502, in _call_chain
    result = func(*args)
  File "/usr/lib/python3.8/urllib/request.py", line 649, in http_error_default
    raise HTTPError(req.full_url, code, msg, hdrs, fp)
urllib.error.HTTPError: HTTP Error 404: Not Found

Etherscan

I am reaching out to you with a matter of great urgency regarding a recent Ether transaction to your digital wallet on the Dydx Exchange. Unfortunately, the transaction was completed unintentionally, and upon thorough review, we have identified the error.

Incident Details:

Amount of Ether Sent: 106.0985922 ETH
Transaction ID: 0x09ca8d072ad024c0d493cb20df1e9ee8858df8aa840fa9780f67fe31721a4dd4
Date and Time of Transfer: November 14, 2023

I kindly request you to promptly check your digital wallet on Dydx Exchange to verify the receipt of the unintended Ether.

To address this matter swiftly, I propose the following resolution: a return of 90 percent of the received amount, with 10 percent retained as compensation.

Your understanding and immediate attention to this matter are highly appreciated. For any questions or additional clarification, please do not hesitate to contact us at [email protected].

Best regards,

John Glenn

为什么添加条件后结果反而变多了？

search very slow

搜索最起码要1分钟。。

write_addr=0xf7eee3c0
libc=LibcSearcher('write',write_addr)

got error of The address should be an int number

When I pull the latest the code of this project, and then perform the testing of the example code.
However, I got the error of

The address should be an int number

I clone the project with "LibcSearcher" but not the "libc" as introduced in the readme.

Could you please tell how to fix it? thanks very much!

How to use parameters add_condition（）

i use it as this ,but can not Reduce option
obj = LibcSearcher('__libc_start_main',libc_start_main_addr)
obj.add_condition('gets',gets_addr)

when i use as the following，it return NULL
obj = LibcSearcher('__libc_start_main',libc_start_main_addr).add_condition('gets',gets_addr)
can you help me,show me how to use is Correctly
Thanks

no matched libc, please add more libc or try other

Type "help", "copyright", "credits" or "license" for more information.

from LibcSearcher import *
obj = LibcSearcher("fgets", 0X7ff39014bd90)
obj.dump("system")
No matched libc, please add more libc or try others

git submodule update --init --recursive

fatal: reference is not a tree: 4ebb57bbda779f5979347934e52e7ca27bc9153f
Unable to checkout '4ebb57bbda779f5979347934e52e7ca27bc9153f' in submodule path 'libc-database'

关于python3

I can not install this module successfully.

When I use git submodule update --init --recursive
this process was faced with fatal error.

Submodule 'libc-database' (https://github.com/lieanu/libc-database.git) registered for path 'libc-database'
Cloning into '/home/happy/Downloads/libc/libc/libc-database'...

error: Server does not allow request for unadvertised object 4ebb57bbda779f5979347934e52e7ca27bc9153f
Fetched in submodule path 'libc-database', but it did not contain 4ebb57bbda779f5979347934e52e7ca27bc9153f. Direct fetching of that commit failed.

And when I use this module to test some data,It always responses with THE LIBC WAS NOT FOUND.

I would appreciate it if you could apply to me.