SploitKit is a series of scripts I wrote to automate some repetitive or tedius tasks I find I commonly need to perform when writing exploits (specifically: Buffer Overflow Exploits). You’re welcome to use these too if you’d like.
Script Lists:
Ror Spike
This script (./ror_spike.rb) is a wrapper for the SPIKE fuzzer. It creates spike templates for multiple commands (as specified in the script), and launch spike for each created file. It logs the variable that caused the crash, the command it was using, and prompts you to add a custom comment to the log. Later, you can navigate to the log and view a history of the crashes you found.
BadChars
This script (./badchars.rb) is designed to help determine which chars are bad. This script assumes you are working with Olly (or at least, something that results in hex printed in the same format as Olly’s binary paste (e.g. 01 0203 04 05 instead of x01x02x03x04x05). Remember, I wrote this to suit me. I’m happy to accept pull requests if anybody would like to contribute to making it a little friendlier for use with other debuggers.
MagicCalc
This script (./magic_calc.rb) is designed to help with the calculations required to push encoded shellcode to the stack when dealing with an extremely limited allowed character set. It assumes you know that what we’re doing here is using a register (after it’s been XORd to zero) to calculate the difference between the hex representation of zero to our desired hex code, so that it can be pushed to the stack and executed. If I haven’t articulated this well enough, or you haven’t come across this yet, do some googling for “manually encoding shellcode to bypass character filters”.
HexSum
This script (./hexsum.rb) is sort of a sanity check for magic_calc.rb. It confirms the calculations are correct, and then provides the hexcodes in little endian format.
Installation:
No installation required (assuming you have Ruby installed – These were tested in Ruby 2.1.1), just download it and chmod the scripts:
git clone https://github.com/treacton/sploitkit.gitcd sploitkit
chmod +x .* # you trust me, right?? =)
And then execute:
cd sploitkit
./script_name [args may be required depending on the script, but hopefully I've already written a decent help prompt for you]
Source: https://github.com/tresacton