gallopsled / pwntools-tutorial Goto Github PK

For example, the installation instructions still list info for Python2, and most of the routines use standard str instead of bytes objects.

Since Python3 is the main target of Pwntools now, the docs should be updated to reflect this. See #8 for additional information.

The current installation instructions: https://docs.pwntools.com/en/stable/install.html
The main difference is using Python3. After my last problem this time I decided to use Kali linux.
Running:

pip install --upgrade git+https://github.com/Gallopsled/pwntools.git
python3 -c 'from pwn import *'

worked. python without version did not work.

Please update tutorial to point to the current (up to date) installation instructions.

I think this tutorial needs an update to conform the newest version of pwntools.

One example is on the Utility Function tutorial page, section Packing and Unpacking Integers:

...

hex(unpack('AAAA'))
# '0x41414141'

...

On python3.5 with pwntools==4.2.0dev this will cause problem:

>>> from pwn import *
>>> unpack('AAAA')
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/local/lib/python3.5/dist-packages/pwnlib/context/__init__.py", line 1461, in setter
    return function(*a, **kw)
  File "/usr/local/lib/python3.5/dist-packages/pwnlib/util/packing.py", line 221, in unpack
    data = bytearray(data)
TypeError: an integer is required

Looking from the commit history, it seems this function requires a byte string instead of normal string on Python 3. Since the last commit on this repo is a948b00 from Oct 10, 2018, I think it's time to have some update.

Hi there,

I have the latest version of pwntools/gdbserver. 

python3 -V 2 ⨯ Python 3.9.2

pwn version [*] Pwntools v4.5.0

gdbserver --version GNU gdbserver (Debian 10.1-1.7) 10.1.90.20210103-git Copyright (C) 2021 Free Software Foundation, Inc. gdbserver is free software, covered by the GNU General Public License. This gdbserver was configured as "x86_64-linux-gnu"

And when I try to do io = gdb.debug("/bin/bash", gdbscript='continue') I will get below error:
[x] Starting local process '/usr/bin/gdbserver' [+] Starting local process '/usr/bin/gdbserver': pid 14822 [*] running in new terminal: /usr/bin/gdb -q "/bin/bash" -x /tmp/pwncxztung0.gdb Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/home/htb/.local/lib/python3.9/site-packages/pwnlib/context/__init__.py", line 1543, in setter return function(*a, **kw) File "/home/htb/.local/lib/python3.9/site-packages/pwnlib/gdb.py", line 577, in debug tmp = attach((host, port), exe=exe, gdbscript=gdbscript, ssh=ssh, sysroot=sysroot, api=api) File "/home/htb/.local/lib/python3.9/site-packages/pwnlib/context/__init__.py", line 1543, in setter return function(*a, **kw) File "/home/htb/.local/lib/python3.9/site-packages/pwnlib/gdb.py", line 1051, in attach gdb_pid = misc.run_in_new_terminal(cmd, preexec_fn = preexec_fn) File "/home/htb/.local/lib/python3.9/site-packages/pwnlib/util/misc.py", line 297, in run_in_new_terminal pid = int(out) ValueError: invalid literal for int() with base 10: b''

Or
If I do io = process('/bin/sh'); gdb.attach(io, gdbscript='continue'), I will have below:
[*] running in new terminal: /usr/bin/gdb -q "/bin/sh" 14834 -x /tmp/pwn0d1dol1k.gdb Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/home/htb/.local/lib/python3.9/site-packages/pwnlib/context/__init__.py", line 1543, in setter return function(*a, **kw) File "/home/htb/.local/lib/python3.9/site-packages/pwnlib/gdb.py", line 1051, in attach gdb_pid = misc.run_in_new_terminal(cmd, preexec_fn = preexec_fn) File "/home/htb/.local/lib/python3.9/site-packages/pwnlib/util/misc.py", line 297, in run_in_new_terminal pid = int(out) ValueError: invalid literal for int() with base 10: b''

So far no other error when I try to do remote, etc. by pwntools. I'm very appreciate if anyone can help me to find the problem.

Thanks in advance.

Hi, when I tried e.unpack(e.symbols['bash_license']) , an error raised. But e.unpack(e.symbols['bash_license'], 'all') works fine. It's different from examples given in ELF.md.

>>> from pwn import *   
>>> e = ELF('/bin/bash')
[*] '/bin/bash'
    Arch:     amd64-64-little
    RELRO:    Partial RELRO
    Stack:    Canary found
    NX:       NX enabled
    PIE:      No PIE (0x400000)
    FORTIFY:  Enabled
>>> license = e.unpack(e.symbols['bash_license']) 
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/local/lib/python2.7/dist-packages/pwnlib/elf/elf.py", line 1686, in unpack
    return packing.unpack(self.read(address, context.bytes), *a, **kw)
  File "/usr/local/lib/python2.7/dist-packages/pwnlib/context/__init__.py", line 1349, in setter
    return function(*a, **kw)
  File "/usr/local/lib/python2.7/dist-packages/pwnlib/util/packing.py", line 211, in unpack
    raise ValueError("unpack(): data must have length %d, since word_size was %d" % (byte_size, word_size))
ValueError: unpack(): data must have length 8, since word_size was 64
>>> e.unpack(e.symbols['bash_license'], 'all')
4957888

You can also do more complex things with SSH, such as port forwarding and file upload / download. See the SSH tutorial for more information.

The 'ssh.md' link doesn't exist

just downloaded the example and copied this file and this is what i got:

[*] '...'
    Arch:     amd64-64-little
    RELRO:    Full RELRO
    Stack:    Canary found
    NX:       NX enabled
    PIE:      PIE enabled
[+] Starting local process '...': pid 43928
[*] Main:    55b60f3cd207
[*] Address: 55b60f3cc000
[*] Where:   55b60f3cffd0
[*] What:    55b60f3cd1c9
[*] Switching to interactive mode
*0x55b60f3cffd0 == 0x55b60f3cd1c9
[*] Got EOF while reading in interactive
$ ls
[*] Process '...' stopped with exit code -11 (SIGSEGV) (pid 43928)
[*] Got EOF while sending in interactive

How I wasted 2h of my life:

I started tutorial by going to the page: https://github.com/Gallopsled/pwntools-tutorial/blob/master/installing.md
I had a VM with 32-bit Ubuntu 16 LTS, I used it to solve challenges from OverTheWire (they are mostly 32 bit).

I started with:

pip install --upgrade git+https://github.com/Gallopsled/pwntools.git

and it failed, looks like I need some other libraries, ok no problem:

sudo apt install libffi-dev
sudo apt install libssl-dev

But then pip cannot install cryptography module, it was failing with strange compile time errors.

OK probably old OpenSSL version (and BTW installing Python packages is getting more terrible than compiling C code). I compiled a new version from the sources: https://cloudwafer.com/blog/installing-openssl-on-ubuntu-16-04-18-04/ Yay!

Finally managed to compile the rest:

sudo apt install libsodium-dev # one more cr**p to install

pip install --global-option=build_ext --global-option="-L/usr/local/ssl/lib" --upgrade git+https://github.com/Gallopsled/pwntools.git

And of course one more thing was missing:

pip install python-dateutil

And what I get for all this effort:

$ python -c 'from pwn import *'
[!] Pwntools does not support 32-bit Python.  Use a 64-bit release.

So please, please add a big huge bolded text saying that 32-bits are not supported....

It is mentioned in the main README.md, but the link is broken