-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathpatch_elf.py
More file actions
59 lines (50 loc) · 1.78 KB
/
Copy pathpatch_elf.py
File metadata and controls
59 lines (50 loc) · 1.78 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
import argparse
import subprocess
from pwn import ELF
from Libc import LIBC
def patch(bin: ELF, libc: LIBC, ld: ELF):
def get_file_name(file_path):
return file_path.split("/")[-1]
if get_file_name(libc.path) != "libc.so.6":
subprocess.check_call(
["/usr/bin/rm", "-rf", "./libc.so.6"], stderr=open("/tmp/pwninit_log", "a+")
)
subprocess.check_call(
["/bin/ln", "-s", "./{}".format(get_file_name(libc.path)), "libc.so.6"]
)
subprocess.check_call(
[
"/usr/bin/patchelf",
"--set-rpath",
".",
"--set-interpreter",
"./{}".format(get_file_name(ld.path)),
"--output",
"{}_patched".format(get_file_name(bin.path)),
"./{}".format(get_file_name(bin.path)),
],
stderr=open("/tmp/pwninit_log", "a+"),
)
print("\nNew file: {}_patched".format(get_file_name(bin.path)))
def main():
parser = argparse.ArgumentParser()
parser.add_argument(
"-b", "--bin", metavar="<Bin file>", help="<Binary to pwn>", required=True
)
parser.add_argument(
"-l", "--libc", metavar="<Libc file>", help="<Challenge libc>", required=True
)
parser.add_argument(
"--ld",
help="<A linker to preload the libc> (Optional)",
default="/lib64/ld-linux-x86-64.so.2",
)
args = parser.parse_args()
if (not args.bin) or (not args.libc):
return 1
file_bin = ELF(args.bin) # Check bin is a valid ELF ?
file_libc = LIBC(args.libc) # Check bin is a valid LIBC ?
file_ld = ELF(args.ld, checksec=False) # Check ld is a valid ELF ?
patch(file_bin, file_libc, file_ld)
if __name__ == "__main__":
main()