This is a CTF-helper or a program checking (for vulns) tool done as a college project. This tool detects buffer overflow and format string vulnerability in x86 64-bit binary (small sized). It also generates exploit payload for BOF for 3 attacks: RIP overwrite (win function), ROPchain generation using angrop and shellcode (chose among the hardcoded payloads).
- claripy==9.0.5739
- angr==9.0.5739
- python 3.6
- radare2
- pwntools, pyelftools
- main.py --> the main worker script of the tool
- lib --> for utility scripts
- trash --> trial purpose scripts
git clone https://github.com/rudyerudite/AngErza.git
cd AngErzaBefore running AngErza, ensure the all the requirements are installed. For running AngErza on your binary:
python3 main.py <test_binary_name> AngErza is a combo of various utility scripts and needs to be IMPROVISED.
- Shellcode-Gen: ..1. Auto-generation of shellcode instead of using the hardcoded payloads ..2. Expanding bug scenario (mmap()...)
- Including attacks which can bypass ASLR and PIE (attacks using program leaks)
- Enhancing bug-detection for buffer overflow and format string
- [https://github.com/ChrisTheCoolHut/Zeratool/]
- [https://docs.angr.io/core-concepts/toplevel]
- [https://0x00sec.org/t/autobof-a-journey-into-automation-exploit-development-and-buffer-overflows/13415]
- [https://research.kudelskisecurity.com/2016/08/08/angr-management-first-steps-and-limitations/]
- [https://arxiv.org/pdf/1610.00502.pdf]