- Pwnkiller is an automated tool for solving pwn challenges
- It isn't capable of solving all pwn challenges, but it can handle plenty of warmup and easy stack challenges
- find leaks (PIE LEAK, CANARY LEAK, LIBC LEAK, STACK LEAK)
- find offsets to RIP (with and without canary)
- ret2win
- ret2plt
- ret2shellcode
- rop (sigrop/exploit with syscalls)
- remote exploit
➜ pwnkiller ./pwnkiller.py -h
██████╗ ██╗ ██╗███╗ ██╗██╗ ██╗██╗██╗ ██╗ ███████╗██████╗
██╔══██╗██║ ██║████╗ ██║██║ ██╔╝██║██║ ██║ ██╔════╝██╔══██╗
██████╔╝██║ █╗ ██║██╔██╗ ██║█████╔╝ ██║██║ ██║ █████╗ ██████╔╝
██╔═══╝ ██║███╗██║██║╚██╗██║██╔═██╗ ██║██║ ██║ ██╔══╝ ██╔══██╗
██║ ╚███╔███╔╝██║ ╚████║██║ ██╗██║███████╗███████╗███████╗██║ ██║
╚═╝ ╚══╝╚══╝ ╚═╝ ╚═══╝╚═╝ ╚═╝╚═╝╚══════╝╚══════╝╚══════╝╚═╝ ╚═╝
Jopraveen{w31c0M3_70_PwN_4nD_P41n}
usage: pwnkiller.py [-h] -b [-of] [-ip] [-p] [-exp] [-win]
Pwnkiller goes bruhhhhh...
optional arguments:
-h, --help show this help message and exit
-b , --binary binary file
-of , --offset manually specify offset to the return address
-ip , --IPaddress IP of the remote server
-p , --port Port of the remote server
-exp , --exploit Specify the exploitation technique
-win , --winaddr Win address