Ceci est une ancienne révision du document !


Tools

Here is a list of tools used by the pony7 team during security contests.

Exploit & Reverse Engineering

A lot of tools are used to reverse and exploit a binary.

The tools we use to reverse a binary:

  • GDB, the GNU Debugger. Mostly used to run a program step by step.
  • gdb-peda, a python exploit development assistance for GDB. It improves a lot gdb, especially by showing you the values pointed by addresses in registers or on the stack.
  • objdump and readelf, programs to display information about executables.
  • strace, a program that prints all system calls.
  • ltrace is similar to strace, but it prints all dynamic library calls.
  • IDA Pro, a disassembler and debugger. The awesome decompiler can give you a pseudocode of the binary.
  • angr, a python framework for analyzing binaries. It focuses on both static and dynamic symbolic analysis, making it applicable to a variety of tasks.

Then, we have tools to write exploits. These are tools to launch a process or open a socket, and craft shellcodes or ROP chains:

  • pwntools (python2) and python3-pwntools (python3): a CTF framework and exploit development library in python.
  • Metasploit, a penetration testing software. Mostly used in the team to automatically generate shellcodes.
  • python-formatstring, a library to exploit format string vulnerabilities in python

Cryptography

  • python hashlib, a library that implements common hash functions in python
  • pycrypto, a library that implements symmetric/asymmetric key encryption in python
  • dcode.fr, a website that has great tools to decode ceasar cipher, vigenère cipher and others.
  • hash_extender, a tool to perform hash length extension attacks. It supports common hash functions.
  • pkcrack, a tool to perform known plaintext attacks on zip files.