pwnc kernel init- autodetects and decompresses initramfs
- saves location of initramfs and unpacked rootfs
pwnc kernel compress- uses saved information by
initto compress rootfs pwnc kernel compress --rootfs rootfs --initramfs initramfs.cpio.gz --gzipped --gzip-level 9- manually specify paths
pwnc kernel decompress- uses saved information by
initto decompress rootfs pwnc kernel decompress --initramfs initramfs.cpio.gz --rootfs backup-rootfs- manually specify paths
pwnc kernel module chal.ko- display modinfo
pwnc kernel module --set vermagic meow chal.ko- modinfo modification
pwnc errno 1pwnc errno -1pwnc errno 0xffffffff- displays information about error code
pwnc patch --rpath . --interp ./ld-linux-x86_64.so.2 chal- patch
DT_INTERP,DT_RPATH, andDT_NEEDEDin-place
pwnc unstrip libc.so.6- unstrip libc file
pwnc unstrip libc.so.6 --save- search for libc in ubuntu and debian packages, download .deb file
pwnc unpack- unpacks compressed challenge archive
- archives that contain a single toplevel directory are used directly
- archives that contain toplevel files are moved into a new directory
expose wrappers around the gdb api to use in solve scripts
- programatically place breakpoints
- oneshot breakpoints
- run python code from breakpoints
- pwntools provides this but it is fairly basic
- caches kernel version and kallsyms, to speed up ksymaddr-remote
minimal elf parsing and in place modification library
dwarf utilities binja plugin to generate dwarf info on the fly to import into gdb
- default to nasm on x64/x86
- include header files for gas?
- allow labels
- improved checksec
Base pwntools provides:
asm
checksec
constgrep
cyclic
debug
disasm
disablenx
elfdiff
elfpatch
errno
hex
libcdb
phd
pwnstrip
scramble
shellcraft
template
unhex
update
version
asm/disasmis usefulchecksecwill be supplemented with more informationerrnois usefulshellcraftis useful