pwntools with vagrant integration
Project description
VAGD
Vagrant integration in pwntools
Installation
pip install vagd pwntools
or
pip install .
pip install -r requirements.txt
Usage
use template.py and copy it to exploit.py fill out the constants
# run as process in VM
./exploit.py
# run as gdb server in VM requires tmux
./exploit.py GDB
# run on remote IP:PORT
./exploit.py REMOTE
I recommend using pwndbg.
Features
Vagd
Constructor for Vagd, initializes a new vagrant machine (if non existent)
Parameters:
required | experimental | name | type | description |
---|---|---|---|---|
X | binary | str | binary to debug on vagrant vm | |
vagrantfile | str | location of Vagrantfile | ||
vbox | str | vagrant box to use | ||
files | str | tuple | other files to upload to vm, all files are uploaded to current working directory (home or tmp) | ||
tmp | bool | if the created directory in the vm should be temporary, requires new upload after each execution | ||
X | fast | bool | fast debug, mounts library files locally with sshfs in newly created directory ./sysroot/lib/ for faster symbol reading | |
x | ex | bool | enables experimental features for the whole object |
Vagd.put
upload file or directory to vm
Parameters:
required | name | type | description |
---|---|---|---|
x | file | str | path of file to upload |
remote | str | remote location of file, no location means working directory (home or tmp if enabled) |
Return: None
Vagd.system
executes command on vm, interface to pwnlib.tubes.ssh.ssh.system
Parameters:
required | name | type | description |
---|---|---|---|
x | cmd | str | command to execute on vm |
Return: pwnlib.tubes.ssh.ssh.system
Vagd.debug Experimental
Executes the provided binary with gdbserver on the vm and and attaches gdb.
Parameters:
required | experimental | name | type | description |
---|---|---|---|---|
argv | list[str] | command line arguments for binary | ||
exe | str | exe to execute | ||
env | Dict[str, str] | Environment variables to pass through to binary | ||
ssh | Any | ignored | ||
gdbscript | str | gdbscript to execute after gdb sessions hast attached to server | ||
X | api | bool | if a gdb python api interface should be created, is set as attribute gdb in return object |
|
X | sysroot | str | the sysroot to use for gdb. Not applicable if fast is set in Vagd constructor | |
X | gdb_args | list[str] | additonal gdb command line arguments to add to gdb | |
**kwargs | Any | allows the usage of other pwntool arguments |
Return: pwn.process
Vagd.process
Executes the provided binary as process on vm
required | name | type | description |
---|---|---|---|
argv | list[str] | command line arguments for binary | |
**kwargs | Any | allows the usage of other pwntool arguments |
Return: pwn.process
Vagd.pwn_debug
Executes the provided binary with gdbserver on the vm and and attaches gdb.
required | name | type | description |
---|---|---|---|
argv | list[str] | command line arguments for binary | |
**kwargs | Any | allows the usage of other pwntool arguments |
Return: pwn.process
Vagd.start
uses pwn.args
to swap between Vagd.process
, Vagd.pwn_debug
and Vagd.debug
if experimental is enabled (in constructor or via ex=True
)
Parameters:
required | experimental | name | type | description |
---|---|---|---|---|
argv | list[str] | command line arguments for binary | ||
gdbscript | str | gdbscript to execute after gdb sessions hast attached to server | ||
X | api | bool | if a gdb python api interface should be created, is set as attribute gdb in return object |
|
X | sysroot | str | the sysroot to use for gdb. Not applicable if fast is set in Vagd constructor | |
X | gdb_args | list[str] | additonal gdb command line arguments to add to gdb | |
X | ex | bool | enables experimental features if not already enabled in constructor | |
**kwargs | Any | allows the usage of other pwntool arguments |
Return: pwn.process
wrapper.GDB
receives target: pwn.process
and returns gdb python api with type hinting from types-gdb or a wrapper.Empty
object, that returns None for every methode.
required | name | type | description |
---|---|---|---|
x | target | pwn.process | a pwn.process object. If tehe gdb attribute is set a gdb python api is returned, else wrapper.Empty |
Return: gdb python api or wrapper.Empty
Boxes
the following boxes were tested and work, box constants are inside Vagd.box
- ubuntu/jammy64
- ubuntu/focal64
- ubuntu/bionic64
- ubuntu/xenial64
currently Vagrantfile generation is only compatible distributions that use apt
Future plans
preconfigured Vagrant boxes
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file vagd-0.1.4.tar.gz
.
File metadata
- Download URL: vagd-0.1.4.tar.gz
- Upload date:
- Size: 28.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.10.9
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | ea22387f8bd588b08ac8c342c3fcba39aeafa6556aa82bb20d5bca067c25c846 |
|
MD5 | 0d34d877053247ea6a4200ac64a17f02 |
|
BLAKE2b-256 | 15fe06b82e7fb08856f408cea13e2cf998d8a2e3053f9c53c1617e69761bd1b5 |
File details
Details for the file vagd-0.1.4-py3-none-any.whl
.
File metadata
- Download URL: vagd-0.1.4-py3-none-any.whl
- Upload date:
- Size: 27.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.10.9
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | c8c1d6d3fd5a9f6a29772229d8b000526a2f73b3ee6f75793afdc07b38fd2018 |
|
MD5 | d51977c0e0b697f42f86a33e8fff74df |
|
BLAKE2b-256 | cbce84084af63169b1d2742aad64cbaef740586df2a70b650c4e2f12b5598d5e |