这两天碰巧看到这个工具,于是就记录一下它的安装流程了
项目源码:https://github.com/ChrisTheCoolHut/Zeratool
目录
运行环境:
Python 2
工具介绍:
This tool uses angr to concolically analyze binaries by hooking printf and looking for unconstrained paths. These program states are then weaponized for remote code execution through pwntools and a series of script tricks. Finally the payload is tested locally then submitted to a remote CTF server to recover the flag.
说白了就是 auto pwn,不过能打的只有那种很简单的漏洞,算是垃圾 pwn 题检测器了
安装方法:
根据 github 上面的提示是直接运行 install.sh 就行了,但是的确有很多需要修改的地方
测了一晚,我补充了一下,这里可以适用于 Ubuntu 16.04 和 Ubuntu 18.04
用以下内容替换 install.sh 的内容即可
#!/bin/bash sudo apt-get install python-pip python-dev build-essential rubygems-integration ruby-dev rubygems python-dev libffi-dev -y #Ubuntu 12 -> rubygems #Ubuntu 14 -> rubygems-integration #Ubuntu 16,18 -> ruby-dev sudo dpkg --add-architecture i386 sudo apt-get update sudo apt-get install libc6:i386 libstdc++6:i386 -y git clone https://github.com/radare/radare2.git sudo chmod -R +x * sudo ./radare2/sys/install.sh sudo pip install importlib-metadata==0.23 sudo pip install virtualenv virtualenvwrapper sudo pip install --upgrade pip sudo pip install --upgrade setuptools printf '\n%s\n%s\n%s' '# virtualenv' 'export WORKON_HOME=~/virtualenvs' 'source /usr/local/bin/virtualenvwrapper.sh' >> ~/.bashrc export WORKON_HOME=~/virtualenvs source /usr/local/bin/virtualenvwrapper.sh mkvirtualenv zeratool workon zeratool sudo gem install one_gadget # Ubuntu 16.04 sudo pip install aim # Ubuntu 18.04 # sudo pip install aim --ignore-installed PyYAML sudo pip install paramiko==2.4.2 future==0.16.0 ana==0.05 pycparser==2.18 angr==7.8.2.21 arp pycparser==2.18 sudo pip install IPython==5.0 psutil r2pipe psutil timeout_decorator pwn ropper echo "####################" echo "run: . ~/.bashrc" echo "run: workon zeratool"
使用方法:
usage: zeratool.py [-h] [-l LIBC] [-u URL] [-p PORT] [-v] file positional arguments: file File to analyze optional arguments: -h, --help show this help message and exit -l LIBC, --libc LIBC libc to use -u URL, --url URL Remote URL to pwn -p PORT, --port PORT Remote port to pwn -v, --verbose Verbose mode
挺清晰的,不多做描述了