binjitsu is a CTF framework and exploit development library. Written in Python, it is designed for rapid prototyping and development, and intended to make exploit writing as simple as possible.
from pwn import *
context(arch = 'i386', os = 'linux')
r = remote('exploitme.example.com', 31337)
# EXPLOIT CODE GOES HERE
r.send(asm(shellcraft.sh()))
r.interactive()
Add cfe-pov generator, only support recvn(), recvuntil(), send()
.
Use r.cfexml()
to get cfe-xml.
You can now do a live demo of Binjitsu, right in your browser. Alternately, you can SSH to the same host, and log in as user zerocool
with this private key (password i_promise_not_to_be_evil
).
It will drop you into a clean, Docker-ized container. There is nothing of value on the VPS, so please don't be evil.
binjitsu is a fork of the pwntools
project. For the most part, it's a drop-in replacement, though I've added some functionality of my own which may not be available in the upstream release.
Our documentation is available at binjitsu.readthedocs.org
To get you started, we've provided some example solutions for past CTF challenges in our write-ups repository.
binjitsu is best supported on 64-bit Ubuntu 12.04 and 14.04, but most functionality should work on any Posix-like distribution (Debian, Arch, FreeBSD, OSX, etc.). Python 2.7 is required.
Most of the functionality of binjitsu is self-contained and Python-only. You should be able to get running quickly with
apt-get update
apt-get install python2.7 python-pip python-dev git
pip install --upgrade git+https://github.com/binjitsu/binjitsu.git
However, some of the features (assembling/disassembling foreign architectures) require non-Python dependencies. For more information, see the complete installation instructions here.
See CONTRIBUTING.md
If you have any questions not worthy of a bug report, feel free to ping
at ebeip90
on Freenode and ask away.
Click here to connect.
There is also a mailing list for higher latency discussion.