exp
binary exploitation helpers: ROP gadgets, shellcode, format strings, heap exploits.
Load with: use exp
Quick example
use exp
result = expga("value", "value")
prn(result)Functions
ROP gadgets
expga(bp, mx)
Performs the operation. Takes bp, mx.
exppo(bp, reg)
Performs the operation. Takes bp, reg.
exprt(bp)
Performs the operation. Takes bp.
expsc(bp)
Performs the operation. Takes bp.
expbs(bp)
Performs the operation. Takes bp.
Shellcode
expsx()
Performs the operation.
exps3()
Performs the operation.
expst(sc)
Sets a value or starts a process. Takes sc.
Format string exploitation
expfg(off, tgt, val)
Performs the operation. Takes off, tgt, val.
expff(pat, d)
Performs the operation. Takes pat, d.
Offset finding
expfu(st, en)
Performs the operation. Takes st, en.
expfi(cyc, crash)
Performs the operation. Takes cyc, crash.
Binary protections
exppr(bp)
Processes or prints. Takes bp.
expnx(bp)
Performs the operation. Takes bp.
expca(bp)
Performs the operation. Takes bp.
expas(bp)
Performs the operation. Takes bp.
exprl(bp)
Performs the operation. Takes bp.
exppi(bp)
Performs the operation. Takes bp.
Memory patterns
expdb(ln)
Performs the operation. Takes ln.
exppa(ln)
Parses. Takes ln.
Stack helpers
expal(addr, al)
Performs the operation. Takes addr, al.
exppd(cur, tgt, pb)
Performs the operation. Takes cur, tgt, pb.
Payload builders
expch()
Checks a condition.
exca8(ch, v)
Performs the operation. Takes ch, v.
exca4(ch, v)
Performs the operation. Takes ch, v.
excad(ch, d)
Adds an item. Takes ch, d.
Heap exploitation
expfc(addr, sz, fd, bk)
Performs the operation. Takes addr, sz, fd, bk.
Info leak helpers
expgo(bp, sym)
Performs the operation. Takes bp, sym.
exppl(bp, sym)
Performs the operation. Takes bp, sym.
expsy(bp, sym)
Performs the operation. Takes bp, sym.
Exploit template
expbp(sz, ch)
Performs the operation. Takes sz, ch.
Notes
- Expression parser and evaluator.