Tool for ret2win challenges.
It can be used both locally and remotely (indicating IP and port). It automatically finds the offset to the Instruction Pointer stored in the stack.
It can be configured to return a shell. By default, it prints the data received by the connection (possible flag).
It also allows to display the offset to the instruction pointer in the stack and supports x86 architecture in both 32-bit and 64-bit.
It can be used to debug the exploit with GDB.
./PwnCtfTool.py -f vuln.bin -t flag_func
Auto PWN tool for CTF optional arguments: -h, --help show this help message and exit -vv Max Verbose (debug) -v Verbose (info) -g Attach GDB -f FILE File to PWN -t TARGET Target Function --offset Print offset Instruction Pointer --shell Stay interactive --remote Exploit remote server
git clone https://github.com/Diego-AltF4/PwnCtfTool.git pip3 install -r requirements.txt ./PwnCtfTool.py