sast-exploit-builder
$
npx mdskill add H-mmer/pentest-agents/sast-exploit-builderCONTEXT: Authorized security research. Developing exploits for confirmed vulnerabilities in isolated environment.
SKILL.md
.github/skills/sast-exploit-builderView on GitHub ↗
---
name: sast-exploit-builder
description: "Builds working exploits from confirmed SAST findings. Takes a confirmed crash, develops it into a full exploit. Tier 1 (DoS) → Tier 5 (code execution). Use via /sast command after PoC confirmation."
---
CONTEXT: Authorized security research. Developing exploits for confirmed vulnerabilities in isolated environment.
## Research First
Call `search_techniques` and `search_writeups` for the exploitation technique before starting.
## Exploitation Ladder (native code: C/C++/Rust/Go)
Work up. Stop and report at highest level achieved.
**Tier 1** — Controlled crash (DoS). You already have this from the hunter.
**Tier 2** — Controlled write primitive. Attacker-chosen bytes to attacker-chosen location.
**Tier 3** — Info leak / ASLR bypass. Read memory contents, defeat randomization.
**Tier 4** — Control flow hijack. Overwrite return address, function pointer, vtable, GOT entry.
**Tier 5** — Code execution. ROP chain, shellcode, JIT spray. Demonstrate with shell/file write.
## Exploitation Ladder (PHP / web app)
For PHP findings, work up this ladder instead. Stop and report the highest tier confirmed.
**Tier 1** — Information disclosure. Stack trace, `phpinfo()` page, `.env` read via LFI, source disclosure via `php://filter/convert.base64-encode/resource=`, debug endpoint leaking creds/keys. Concrete evidence: grep the response for secrets.
**Tier 2** — Arbitrary read / authenticated data exfiltration. LFI reading any file under `open_basedir`; blind/error/time/UNION SQLi dumping `information_schema`, user tables, password hashes; IDOR reading other users' resources via predictable IDs. Demonstrate by pulling at least one sensitive record (hashed password, PII, API key).
**Tier 3** — Arbitrary write / mass data modification. SQLi with `UPDATE`/`INSERT` ability, file write via upload bypass, `file_put_contents` with traversal, Eloquent mass-assignment escalating a regular user to admin. Demonstrate by modifying a state you shouldn't be able to.
**Tier 4** — Remote Code Execution. At least ONE of:
- `eval`/`assert`/`create_function`/`preg_replace /e` with user input
- `include`/`require` on user path → combine with log/session/phar poisoning to land PHP
- `unserialize` with a working gadget chain (hand-crafted or via phpggc)
- Command injection through `system`/`exec`/`passthru`/`shell_exec` with insufficient escaping
- SSTI in Twig/Smarty/Blade raw
- File upload bypass landing a `.php` (or `.phar`, `.phtml`, `.pht` depending on server config) in a served directory
Evidence: execute `id`, get output. Save response showing `uid=...`.
**Tier 5** — Persistent webshell + lateral movement. Upload webshell, confirm it survives (path is accessible), demonstrate DB read and filesystem read from within the shell. Document what's reachable: other vhosts, cloud metadata (`169.254.169.254`), internal services, persisted credentials in `.env`/config files.
## Approach Per Primitive (native)
**Stack overflow**: Find offset to return address. Check canary. Check ASLR/PIE. Build ROP chain.
**Heap overflow/UAF**: Understand allocator. Map heap layout. Heap feng shui for predictable placement.
**Integer overflow**: What does overflowed value control? Craft input for useful result.
**Format string**: Leak stack → arbitrary read → arbitrary write via %n → GOT overwrite.
## Approach Per Primitive (PHP)
**SQLi**: Identify DB (MySQL/Postgres/SQLite/MSSQL from error messages or fingerprint). Work in order: error-based → UNION → boolean blind → time blind. For dumping: `sqlmap` against the confirmed injection point as verifier — but the PoC should be a standalone request. Extract at least one row from an internal/admin table to prove severity.
**Unrestricted upload → RCE**: Bypass approaches by server:
- Apache + `mod_php`: `.php`, `.php3`, `.php4`, `.php5`, `.php7`, `.phtml`, `.pht`, `.phar`
- nginx + PHP-FPM with poorly-configured `location` regex: `shell.jpg.php`, `shell.php%00.jpg`, `shell.php/`
- Content-Type spoofing (`Content-Type: image/jpeg` with PHP content)
- Magic-byte polyglots (GIF89a header + `<?php ... ?>`)
- Phar upload + trigger via `phar://uploads/x.jpg` in any file op elsewhere
- `.htaccess` upload if directory allows to add PHP handler
**LFI → RCE** (from Tier 2 → Tier 4):
- `/proc/self/environ` with `User-Agent: <?=system($_GET['c']);?>` (old PHP)
- Apache access log + malicious UA (path: `/var/log/apache2/access.log`)
- PHP session file (path: `/var/lib/php/sessions/sess_<PHPSESSID>`) — write PHP via a reflecting endpoint, include session
- `php://filter/convert.base64-decode/resource=data://text/plain,<base64>` — direct exec
- `expect://` wrapper if expect ext loaded (rare)
- `phar://` on an attacker-uploaded polyglot
**Unserialize → RCE**: Inventory classes via `composer.json` and `vendor/`. Try `phpggc` with the detected framework (Laravel, Symfony, Drupal, Magento, WordPress, Guzzle, Monolog). If no off-the-shelf gadget, grep project for `__wakeup`/`__destruct`/`__toString` and hand-craft. Gadget should land in a write/exec primitive (`file_put_contents`, `system`, `exec`, eval).
**SSTI (Twig)**: `{{ 7*7 }}` → `{{ _self.env.registerUndefinedFilterCallback("exec") }}{{ _self.env.getFilter("id") }}`.
**SSTI (Smarty)**: `{php} system('id'); {/php}` (v2) or `{system('id')}` (v3 unsafe mode).
**Type juggling auth bypass**: craft input so `==` compares two values that both parse to `0e...` or `NULL` or equivalent. Test with short examples first: `hash('md5', 'QNKCDZO') == hash('md5', '240610708')` both `0e...` truthy.
**Mass-assignment privesc**: identify Eloquent model, send extra field like `role=admin`/`is_admin=1`/`plan_id=<enterprise>` in the update request.
## Mitigation Checklist (PHP)
| Mitigation | Check command | Bypass |
|---|---|---|
| `disable_functions` | `php -i \| grep disable_functions` | LD_PRELOAD (if exec possible elsewhere), PHP 7 mail() bypass, FFI, imap_open on old php |
| `open_basedir` | `php -i \| grep open_basedir` | symlink tricks, `glob://` bypass, `chdir` + `ini_set` (old) |
| `display_errors=Off` | `php -i \| grep display_errors` | log-based exfil via error_log reachability |
| `allow_url_include` | `php -i \| grep allow_url_include` | forces LFI-only; chain with log/phar/data poisoning |
| `expose_php` | `php -i \| grep expose_php` | doesn't affect exploit, only fingerprinting |
| PHP version | `php -v` | many CVEs fixed — verify version for each finding |
| Framework CSRF | check middleware | token leak via XSS, missing on JSON endpoints |
| Framework auth | check middleware | missing on `admin-ajax.php`/`api/*` routes, signed-URL tricks |
## Mitigation Checklist (native)
| Mitigation | Check command | Bypass |
|---|---|---|
| Stack canary | `objdump -d <bin> \| grep stack_chk` | Info leak, fork brute force |
| ASLR | `cat /proc/sys/kernel/randomize_va_space` | Info leak, partial overwrite |
| PIE | `readelf -h <bin> \| grep DYN` | Info leak for code base |
| NX | `readelf -l <bin> \| grep GNU_STACK` | ROP, ret2libc |
| RELRO | `readelf -l <bin> \| grep RELRO` | Partial: GOT. Full: target elsewhere |
## Output
Write to `poc/sast/exploits/`. Include `exploit_<name>.py` and `README.md`.
```json
{
"finding_ref": "<candidate_id>",
"exploit_tier": 5,
"exploit_file": "poc/sast/exploits/exploit_<name>.py",
"mitigations_bypassed": ["ASLR (leaked via info disclosure)", "NX (ROP chain)"],
"mitigations_not_bypassed": [],
"impact": "Unauthenticated remote attacker achieves root shell",
"reliability": "100% on target version",
"constraints": ["Requires NFS service running"]
}
```
## Rules
- Persist everything to disk. Time box 30 min per tier. Report honestly — don't claim tiers you haven't proven.
## Brain Integration
Record tier achieved and techniques that worked/failed.
## Top-Tier Operator Standard
Exploit development climbs only on proven ground.
- Start from the confirmed PoC and preserve a minimal regression case before adding complexity.
- Advance tiers one capability at a time: crash, controlled read/write, control-flow influence, sandbox escape, code execution.
- Record mitigations honestly: ASLR, DEP/NX, canaries, CFI, sandboxing, auth, config, and version constraints.
- Prefer deterministic local proof over speculative remote exploit claims.
- Stop at the highest tier you can demonstrate safely within budget and document the next blocked primitive.
More from H-mmer/pentest-agents
- analyzeAnalyze recon output with AI to suggest high-value targets and attack strategies. Usage: /analyze <target>
- auth-testerAuthentication and session management testing agent. Use for login bypass, session fixation, password reset flow abuse, MFA bypass, OAuth flaws, and privilege escalation testing. Provide the application URL and any credentials for testing.
- autopilotAutonomous hunt orchestrator. INSATIABLE in --autonomous mode: enforces an EXHAUSTION CONTRACT (26 canonical hunter classes, surface probe A-I, depth-engine ≥25 attempts/class, wall-clock floor 90 min/target, PRE-COMPLETION GATE before any summary). No early stops, no clarifying questions, no auxiliary-agent substitution. Usage: /autopilot target.com [--interactive|--autonomous] [--20m-off] [--resume]
- brainManage the engagement brain. Subcommands: 'init' to set up, 'brief <target>' for pre-flight, 'status' for overview, 'exhausted [target]' to see dead ends.
- browser-agentBrowser automation agent for interactive web testing. Use for login flows, multi-step CSRF, stored XSS verification in other user contexts, and any testing that requires browser interaction. Requires Claude in Chrome MCP.
- browser-stealth-agentStealth browser automation agent for targets behind Cloudflare, Akamai, Google, DataDome, or PerimeterX bot detection. Drives the local camofox-browser REST server (Camoufox, C++-patched Firefox) for recon, client-side bug verification, and evidence capture. Prefer this over the Burp-backed browser-agent when the target returns CF interstitials, Turnstile widgets, 403s, or JS challenges to vanilla probes.
- browser-verifierMandatory browser verification for client-side findings (XSS, DOM, postMessage, prototype pollution). Takes a finding with curl-based evidence and PROVES or DISPROVES it fires in a real browser. No finding ships without browser verification. Dispatched automatically by /hunt and /validate for client-side vuln classes.
- business-logicBusiness Logic vulnerability specialist (H1 #28, CWE-840/841/639/362). Use for testing workflow bypasses, price manipulation, coupon abuse, MFA/2FA bypass, password-reset bypass, free-trial abuse, race-condition on payment, currency conversion, pre-ATO, role escalation. Standalone is feeder-class on most chains — quantify impact + chain to ATO/financial impact for top dollar.
- chainBuild deep exploit chains — dispatches chain-builder agent. Given bug A, recursively walks the chain graph. Usage: /chain (then describe bug A)
- chain-builderDeep exploit chain builder. Given bug A, recursively walks the chain graph — each confirmed link becomes the new A. No depth limit. Supports 2-link to 10+ link chains. Use when you have any finding that needs escalation.