1

Are there any libraries to help developing exploits in python, like representing hex string or assembling/disassembling x86 instructions?

Improve this question
1
  • this is a very broad question... (representing hex or disassembling just takes a few lines)
    – Ange
    Commented Jun 24, 2014 at 9:03

3 Answers 3

Reset to default
4

if you want to develop exploits in Python, this book may help: http://my.safaribooksonline.com/book/-/9781597497299/chapter-9-exploitation-scripting/building_exploits_with_python

If you need to generate big chunks of asm PeachPy might help:

PeachPy https://github.com/Maratyszcza/PeachPy

You can also compile python to C, and use a C compiler to get things down to assembly

https://stackoverflow.com/questions/10660266/python-program-into-a-standard-assembly

Or you could write most of your program in Python, and use a variety of methods to get inline assembly in: https://stackoverflow.com/questions/6040932/executing-assembler-code-with-python

That means less asm for you.

To be honest, you will be better of rolling with the punches and properly learning ASM. It is hard, but well worth the trouble. Try starting with NASM, or writing inline assembly with your visual studio programs.

Also: This question is a little too broad for this site.

Improve this answer
1
  • I already intermeddate and basic asm but i don't program in in it
    – user3286303
    Commented Jun 24, 2014 at 14:59
2

There is a bunch of python libraries that can aid you in exercising exploitation:

  • Peda - Python Exploit Development Assistance for GDB

Peda has this nice option for generating exploit skeletons. Everything is already set up for you for making a basic exploit, either local or remote. And it serves as a rather nice gdb extension.

  • Blasty's moneyshot is also a set of rather useful utilities.

    A collection of python scripts to aid you in the final steps of binary exploitation or during the construction of buffers.

  • Hellman's libformatstr is a nice format string automation exploitation library and it already comes embedded in previous two.

Also, if all you really need is packing/manipulating binary data, python's struct library is a must.

There's also Pyhton Arsenal For RE list of libraries covering many more useful libraries.

Improve this answer
1
  • Thanks guys for libaries really made life easier for me when pwning binarys
    – user3286303
    Commented Jun 21, 2014 at 3:26
0

I've been using pydbg for the last 2+ years to great success. Its used by various popular fuzzing suites such as Sulley, PaiMei, etc.

Also, the capstone disassembly framework is highly suggested, especially the op_access functionality as it helps with taint analysis. Keep in mind the application binary interface (ABI) of the platform you're developing exploits on. If its x86/x64, remember certain instructions will flag different unecessary registers as read/written to.

As an example, 

rep movs*

Is used by various functions, especially on WindowsXP+.

The capstone disassembly framework will state that ecx, edi and esi are ALL read and written to, which means you'll have to write logic to deduce if certain instructions like the aforementioned ACTUALLY read/write to registers. Obviously, ESI and ECX aren't written to in that instruction. Usually compilers will specify the number of bytes to read in the previous insruction, e.g.

mov ecx, 0x##

However, for ~80% of instructions it will give accurate information (EFLAGS not withstanding).

It should take a few days or a week depending on free time to write logic to determine if a register is actually accessed.

I'm only assuming the basic instruction set is what you need, not FPU, SIMD, SSE, etc. If you RE malware, packed or optimized binaries, you will need to add logic for the aforementioned and more instruction sets

Improve this answer

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.