A wrapper around pwntools but also with a few of the functions that I use on a daily basis.
Project description
flashlib
A wrapper around pwntools but also with a few of the functions that I use on a daily basis.
To install, run:
pip3 install pwn-flashlib
Basic usage:
from flashlib import *
# This will setup everything for you, elf, libc
init("./test")
# => io is in the global namespace
# <do your exploitation part here>
io.interactive()
Calculating offsets by recvafter
#!/usr/bin/env python3
from flashlib import *
# Just init and io, libc and elf will be in the global space
init("./test")
main = hexleak(io.recvafter(b": "))
elf.address = main - elf.sym.main
logleak(elf.address)
io.interactive()
Attaching GDB:
When running the exploit, run it as: python3 exploit.py GDB and use the attach method to attach a gdb to the current process.
The context.terminal is set to
tmux, you can override to your liking.
#!/usr/bin/env python3
from flashlib import *
gdbscript = """
b *main+40
"""
init("./test")
attach(gdbscript) # this will attach the gdb session
io.interactive()
REMOTE:
Let's consider a scenario where you have setup a remote gdb session, you need to just pass REMOTE and GDB and in attach, just pass remote=("127.0.0.1", GDBPORT) and you'll be prompted to attach gdb? i.e. attach the gdbserver to the process.
#!/usr/bin/env python3
from flashlib import *
gdbscript = """
b *main+40
"""
init("./test")
attach(gdbscript, remote=("127.0.0.1", 1234))
CUSTOM IO:
Another scenario where you have both a local and a remote connection, you can pass custom pwnlib.tubes process to attach the gdb session to.
#!/usr/bin/env python3
from flashlib import *
gdbscript = """
b *main+40
"""
local, elf, libc = init("./test")
io = remote("127.0.0.1", 31337)
# This will now
attach(gdbscript, _io=local)
Proof-of-Work
Since my pwn-chal container now supports proof-of-work which is quite similar to pwn.red/jail, I just had a function lying around to solve the proof-of-work:
#!/usr/bin/env python3
init("./test")
# just invoke the function and it will solve pow
# no need to pass anything else.
# Handles pow for:
# 1. pwn-chal
# 2. pwn.red/jail
pow_solve()
There's a lot more stuff which I'll keep updating as well.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file pwn-flashlib-0.1.0.tar.gz.
File metadata
- Download URL: pwn-flashlib-0.1.0.tar.gz
- Upload date:
- Size: 11.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.8.10
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
feb70659341f62666806ab8a1fe2d134cbe934b078fdf8f9c15c7fd1273e4c6a
|
|
| MD5 |
94497e3dfc9e75aa491603e94fe3ace5
|
|
| BLAKE2b-256 |
048f9dc3d63172f41a48e1637683440e8f6d10d15fb68105d45a558ddcb2d055
|
File details
Details for the file pwn_flashlib-0.1.0-py3-none-any.whl.
File metadata
- Download URL: pwn_flashlib-0.1.0-py3-none-any.whl
- Upload date:
- Size: 10.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.8.10
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
232c5f2a09e47f5aac297249a8b8be67c39f35f645df048134f3f1675f3a8cbf
|
|
| MD5 |
d49b252921e6d6db78bbdcb03c251cb0
|
|
| BLAKE2b-256 |
17a3f40f383681802c8648878a5caf4797260a729b796a124e564c60af38a217
|
