gallopsled / pwntools-tutorial Goto Github PK
View Code? Open in Web Editor NEWTutorials for getting started with Pwntools
Home Page: http://pwntools.com
License: MIT License
Tutorials for getting started with Pwntools
Home Page: http://pwntools.com
License: MIT License
For example, the installation instructions still list info for Python2, and most of the routines use standard str
instead of bytes
objects.
Since Python3 is the main target of Pwntools now, the docs should be updated to reflect this. See #8 for additional information.
The current installation instructions: https://docs.pwntools.com/en/stable/install.html
The main difference is using Python3. After my last problem this time I decided to use Kali linux.
Running:
pip install --upgrade git+https://github.com/Gallopsled/pwntools.git
python3 -c 'from pwn import *'
worked. python
without version did not work.
Please update tutorial to point to the current (up to date) installation instructions.
I think this tutorial needs an update to conform the newest version of pwntools
.
One example is on the Utility Function tutorial page, section Packing and Unpacking Integers:
...
hex(unpack('AAAA'))
# '0x41414141'
...
On python3.5
with pwntools==4.2.0dev
this will cause problem:
>>> from pwn import *
>>> unpack('AAAA')
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/local/lib/python3.5/dist-packages/pwnlib/context/__init__.py", line 1461, in setter
return function(*a, **kw)
File "/usr/local/lib/python3.5/dist-packages/pwnlib/util/packing.py", line 221, in unpack
data = bytearray(data)
TypeError: an integer is required
Looking from the commit history, it seems this function requires a byte string instead of normal string on Python 3. Since the last commit on this repo is a948b00 from Oct 10, 2018, I think it's time to have some update.
Hi there,
I have the latest version of pwntools/gdbserver.
python3 -V 2 ⨯ Python 3.9.2
pwn version [*] Pwntools v4.5.0
gdbserver --version GNU gdbserver (Debian 10.1-1.7) 10.1.90.20210103-git Copyright (C) 2021 Free Software Foundation, Inc. gdbserver is free software, covered by the GNU General Public License. This gdbserver was configured as "x86_64-linux-gnu"
And when I try to do io = gdb.debug("/bin/bash", gdbscript='continue')
I will get below error:
[x] Starting local process '/usr/bin/gdbserver' [+] Starting local process '/usr/bin/gdbserver': pid 14822 [*] running in new terminal: /usr/bin/gdb -q "/bin/bash" -x /tmp/pwncxztung0.gdb Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/home/htb/.local/lib/python3.9/site-packages/pwnlib/context/__init__.py", line 1543, in setter return function(*a, **kw) File "/home/htb/.local/lib/python3.9/site-packages/pwnlib/gdb.py", line 577, in debug tmp = attach((host, port), exe=exe, gdbscript=gdbscript, ssh=ssh, sysroot=sysroot, api=api) File "/home/htb/.local/lib/python3.9/site-packages/pwnlib/context/__init__.py", line 1543, in setter return function(*a, **kw) File "/home/htb/.local/lib/python3.9/site-packages/pwnlib/gdb.py", line 1051, in attach gdb_pid = misc.run_in_new_terminal(cmd, preexec_fn = preexec_fn) File "/home/htb/.local/lib/python3.9/site-packages/pwnlib/util/misc.py", line 297, in run_in_new_terminal pid = int(out) ValueError: invalid literal for int() with base 10: b''
Or
If I do io = process('/bin/sh'); gdb.attach(io, gdbscript='continue')
, I will have below:
[*] running in new terminal: /usr/bin/gdb -q "/bin/sh" 14834 -x /tmp/pwn0d1dol1k.gdb Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/home/htb/.local/lib/python3.9/site-packages/pwnlib/context/__init__.py", line 1543, in setter return function(*a, **kw) File "/home/htb/.local/lib/python3.9/site-packages/pwnlib/gdb.py", line 1051, in attach gdb_pid = misc.run_in_new_terminal(cmd, preexec_fn = preexec_fn) File "/home/htb/.local/lib/python3.9/site-packages/pwnlib/util/misc.py", line 297, in run_in_new_terminal pid = int(out) ValueError: invalid literal for int() with base 10: b''
So far no other error when I try to do remote, etc. by pwntools. I'm very appreciate if anyone can help me to find the problem.
Thanks in advance.
Hi, when I tried e.unpack(e.symbols['bash_license'])
, an error raised. But e.unpack(e.symbols['bash_license'], 'all')
works fine. It's different from examples given in ELF.md.
>>> from pwn import *
>>> e = ELF('/bin/bash')
[*] '/bin/bash'
Arch: amd64-64-little
RELRO: Partial RELRO
Stack: Canary found
NX: NX enabled
PIE: No PIE (0x400000)
FORTIFY: Enabled
>>> license = e.unpack(e.symbols['bash_license'])
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/local/lib/python2.7/dist-packages/pwnlib/elf/elf.py", line 1686, in unpack
return packing.unpack(self.read(address, context.bytes), *a, **kw)
File "/usr/local/lib/python2.7/dist-packages/pwnlib/context/__init__.py", line 1349, in setter
return function(*a, **kw)
File "/usr/local/lib/python2.7/dist-packages/pwnlib/util/packing.py", line 211, in unpack
raise ValueError("unpack(): data must have length %d, since word_size was %d" % (byte_size, word_size))
ValueError: unpack(): data must have length 8, since word_size was 64
>>> e.unpack(e.symbols['bash_license'], 'all')
4957888
You can also do more complex things with SSH, such as port forwarding and file upload / download. See the SSH tutorial for more information.
The 'ssh.md' link doesn't exist
just downloaded the example and copied this file and this is what i got:
[*] '...'
Arch: amd64-64-little
RELRO: Full RELRO
Stack: Canary found
NX: NX enabled
PIE: PIE enabled
[+] Starting local process '...': pid 43928
[*] Main: 55b60f3cd207
[*] Address: 55b60f3cc000
[*] Where: 55b60f3cffd0
[*] What: 55b60f3cd1c9
[*] Switching to interactive mode
*0x55b60f3cffd0 == 0x55b60f3cd1c9
[*] Got EOF while reading in interactive
$ ls
[*] Process '...' stopped with exit code -11 (SIGSEGV) (pid 43928)
[*] Got EOF while sending in interactive
How I wasted 2h of my life:
I started tutorial by going to the page: https://github.com/Gallopsled/pwntools-tutorial/blob/master/installing.md
I had a VM with 32-bit Ubuntu 16 LTS, I used it to solve challenges from OverTheWire (they are mostly 32 bit).
I started with:
pip install --upgrade git+https://github.com/Gallopsled/pwntools.git
and it failed, looks like I need some other libraries, ok no problem:
sudo apt install libffi-dev
sudo apt install libssl-dev
But then pip cannot install cryptography module, it was failing with strange compile time errors.
OK probably old OpenSSL version (and BTW installing Python packages is getting more terrible than compiling C code). I compiled a new version from the sources: https://cloudwafer.com/blog/installing-openssl-on-ubuntu-16-04-18-04/ Yay!
Finally managed to compile the rest:
sudo apt install libsodium-dev # one more cr**p to install
pip install --global-option=build_ext --global-option="-L/usr/local/ssl/lib" --upgrade git+https://github.com/Gallopsled/pwntools.git
And of course one more thing was missing:
pip install python-dateutil
And what I get for all this effort:
$ python -c 'from pwn import *'
[!] Pwntools does not support 32-bit Python. Use a 64-bit release.
So please, please add a big huge bolded text saying that 32-bits are not supported....
It is mentioned in the main README.md, but the link is broken
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.