Support HackTricks and get benefits!
-
Do you work in a cybersecurity company? Do you want to see your company advertised in HackTricks? or do you want to have access to the latest version of the PEASS or download HackTricks in PDF? Check the SUBSCRIPTION PLANS!
-
Discover The PEASS Family, our collection of exclusive NFTs
-
Get the official PEASS & HackTricks swag
-
Join the 💬 Discord group or the telegram group or follow me on Twitter 🐦@carlospolopm.
-
Share your hacking tricks by submitting PRs to the hacktricks github repo.
pip3 install pwntools
Get opcodes from line or file.
pwn asm "jmp esp"
pwn asm -i <filepath>
Can select:
- output type (raw,hex,string,elf)
- output file context (16,32,64,linux,windows...)
- avoid bytes (new lines, null, a list)
- select encoder debug shellcode using gdb run the output
Checksec script
pwn checksec <executable>
Get a pattern
pwn cyclic 3000
pwn cyclic -l faad
Can select:
- The used alphabet (lowercase chars by default)
- Length of uniq pattern (default 4)
- context (16,32,64,linux,windows...)
- Take the offset (-l)
Attach GDB to a process
pwn debug --exec /bin/bash
pwn debug --pid 1234
pwn debug --process bash
Can select:
- By executable, by name or by pid context (16,32,64,linux,windows...)
- gdbscript to execute
- sysrootpath
Disable nx of a binary
pwn disablenx <filepath>
Disas hex opcodes
pwn disasm ffe4
Can select:
- context (16,32,64,linux,windows...)
- base addres
- color(default)/no color
Print differences between 2 fiels
pwn elfdiff <file1> <file2>
Get hexadecimal representation
pwn hex hola #Get hex of "hola" ascii
Get hexdump
pwn phd <file>
Can select:
- Number of bytes to show
- Number of bytes per line highlight byte
- Skip bytes at beginning
Get shellcodes
pwn shellcraft -l #List shellcodes
pwn shellcraft -l amd #Shellcode with amd in the name
pwn shellcraft -f hex amd64.linux.sh #Create in C and run
pwn shellcraft -r amd64.linux.sh #Run to test. Get shell
pwn shellcraft .r amd64.linux.bindsh 9095 #Bind SH to port
Can select:
- shellcode and arguments for the shellcode
- Out file
- output format
- debug (attach dbg to shellcode)
- before (debug trap before code)
- after
- avoid using opcodes (default: not null and new line)
- Run the shellcode
- Color/no color
- list syscalls
- list possible shellcodes
- Generate ELF as a shared library
Get a python template
pwn template
Can select: host, port, user, pass, path and quiet
From hex to string
pwn unhex 686f6c61
To update pwntools
pwn update
Support HackTricks and get benefits!
-
Do you work in a cybersecurity company? Do you want to see your company advertised in HackTricks? or do you want to have access to the latest version of the PEASS or download HackTricks in PDF? Check the SUBSCRIPTION PLANS!
-
Discover The PEASS Family, our collection of exclusive NFTs
-
Get the official PEASS & HackTricks swag
-
Join the 💬 Discord group or the telegram group or follow me on Twitter 🐦@carlospolopm.
-
Share your hacking tricks by submitting PRs to the hacktricks github repo.