You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardexpand all lines: README.md
+10-8
Original file line number
Diff line number
Diff line change
@@ -53,11 +53,15 @@ This is an updated version of RageAgainstTheMachine that is meant to vastly impr
53
53
54
54
### Script
55
55
56
-
This will include running the binary with running all three modules in the binary and choosing which exploit to use. It will also include the logging and ctfd submit script.
56
+
The ./aegis script is what will setup the control flow for analyzing and exploiting the binary. It will also deal with multithreading and submitting stuff to ctfd.
57
+
To automatically submit flags with ctfd you need to have an environment variable `CTFD_TOK` and set it to your ctfd token. You will also need to run the script `get_chals_list.sh` which
58
+
will grab a list of all of the challenges and put it into `bininfo/challenges.csv`. To run it multithreaded add `-thread` when you run the command. To exploit multiple files, run `./aegis -batch (bininfo/challenges.csv)` or `./aegis -batch bins/`
59
+
57
60
58
61
### Static Analysis
59
62
60
-
The static analyis file will check for is things like printf vulnerabilities and snippets of code that have vulnerabilities. It will also check symbol tables, the got, plt, and data. This module is stored in the machine.py file and is used to grab information out of the binary.
63
+
The static analyis file, `rage/machine.py` will check for is things like printf vulnerabilities and snippets of code that have vulnerabilities using the binaryninja python api. It will also check symbol tables, the got, plt, and data.
64
+
It will also find rop gadgets using ROPgadget as well and sort for the most efficient gadget.
61
65
62
66
### Dynamic Analysis
63
67
@@ -67,14 +71,12 @@ The main purpose will be to try to either wrap GDB to make it headless or to use
67
71
### Symbolic Analysis
68
72
69
73
The main goal of the symbolic analysis module will be trying to deal with the edge cases that aren't expected in the dynamic and static analysis section. This is mainly useful for path finding, say if we need to know how to get to a specific function.
74
+
This is in the `rage/rage.py` file and uses angr to symbollically find the padding for the buffer overflow.
70
75
71
-
### Exploit Generator
72
-
73
-
The exploit generator will take all the information from the static, dynamic, and symbolic analysis and create the exploit.
74
-
75
-
### Exploit Runner
76
+
### Exploit Management
76
77
77
-
The exploit runner will run the binary locally (if there is one) and then check if there is a flag in the output. If there is then send it to the remote server and get the flag.
78
+
The exploit generator will take all the information from the static, dynamic, and symbolic analysis and create parts of the exploit, send the exploit and verify it.'
79
+
The file is `rage/against.py` and where exploits can be added.
0 commit comments