Skip to main content

pwntools with vagrant integration

Project description

VAGD

Vagrant integration in pwntools

Installation

pip install vagd pwntools

or

pip install .
pip install -r requirements.txt

Usage

use template.py and copy it to exploit.py fill out the constants

# run as process in VM
./exploit.py
# run as gdb server in VM requires tmux
./exploit.py GDB
# run on remote IP:PORT
./exploit.py REMOTE

I recommend using pwndbg.

Features

Vagd

Constructor for Vagd, initializes a new vagrant machine (if non existent)

Parameters:

required experimental name type description
X binary str binary to debug on vagrant vm
vagrantfile str location of Vagrantfile
vbox str vagrant box to use
files str | tuple other files to upload to vm, all files are uploaded to current working directory (home or tmp)
tmp bool if the created directory in the vm should be temporary, requires new upload after each execution
X fast bool fast debug, mounts library files locally with sshfs in newly created directory ./sysroot/lib/ for faster symbol reading
x ex bool enables experimental features for the whole object

Vagd.put

upload file or directory to vm

Parameters:

required name type description
x file str path of file to upload
remote str remote location of file, no location means working directory (home or tmp if enabled)

Return: None

Vagd.system

executes command on vm, interface to pwnlib.tubes.ssh.ssh.system

Parameters:

required name type description
x cmd str command to execute on vm

Return: pwnlib.tubes.ssh.ssh.system

Vagd.debug Experimental

Executes the provided binary with gdbserver on the vm and and attaches gdb.

Parameters:

required experimental name type description
argv list[str] command line arguments for binary
exe str exe to execute
env Dict[str, str] Environment variables to pass through to binary
ssh Any ignored
gdbscript str gdbscript to execute after gdb sessions hast attached to server
X api bool if a gdb python api interface should be created, is set as attribute gdb in return object
X sysroot str the sysroot to use for gdb. Not applicable if fast is set in Vagd constructor
X gdb_args list[str] additonal gdb command line arguments to add to gdb
**kwargs Any allows the usage of other pwntool arguments

Return: pwn.process

Vagd.process

Executes the provided binary as process on vm

required name type description
argv list[str] command line arguments for binary
**kwargs Any allows the usage of other pwntool arguments

Return: pwn.process

Vagd.pwn_debug

Executes the provided binary with gdbserver on the vm and and attaches gdb.

required name type description
argv list[str] command line arguments for binary
**kwargs Any allows the usage of other pwntool arguments

Return: pwn.process

Vagd.start

uses pwn.args to swap between Vagd.process, Vagd.pwn_debug and Vagd.debug if experimental is enabled (in constructor or via ex=True)

Parameters:

required experimental name type description
argv list[str] command line arguments for binary
gdbscript str gdbscript to execute after gdb sessions hast attached to server
X api bool if a gdb python api interface should be created, is set as attribute gdb in return object
X sysroot str the sysroot to use for gdb. Not applicable if fast is set in Vagd constructor
X gdb_args list[str] additonal gdb command line arguments to add to gdb
X ex bool enables experimental features if not already enabled in constructor
**kwargs Any allows the usage of other pwntool arguments

Return: pwn.process

wrapper.GDB

receives target: pwn.process and returns gdb python api with type hinting from types-gdb or a wrapper.Empty object, that returns None for every methode.

required name type description
x target pwn.process a pwn.process object. If tehe gdb attribute is set a gdb python api is returned, else wrapper.Empty

Return: gdb python api or wrapper.Empty

Boxes

the following boxes were tested and work, box constants are inside Vagd.box

  • ubuntu/jammy64
  • ubuntu/focal64
  • ubuntu/bionic64
  • ubuntu/xenial64

currently Vagrantfile generation is only compatible distributions that use apt

Future plans

preconfigured Vagrant boxes

Project details


Release history Release notifications | RSS feed

This version

0.1.4

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

vagd-0.1.4.tar.gz (28.0 kB view details)

Uploaded Source

Built Distribution

vagd-0.1.4-py3-none-any.whl (27.9 kB view details)

Uploaded Python 3

File details

Details for the file vagd-0.1.4.tar.gz.

File metadata

  • Download URL: vagd-0.1.4.tar.gz
  • Upload date:
  • Size: 28.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.2 CPython/3.10.9

File hashes

Hashes for vagd-0.1.4.tar.gz
Algorithm Hash digest
SHA256 ea22387f8bd588b08ac8c342c3fcba39aeafa6556aa82bb20d5bca067c25c846
MD5 0d34d877053247ea6a4200ac64a17f02
BLAKE2b-256 15fe06b82e7fb08856f408cea13e2cf998d8a2e3053f9c53c1617e69761bd1b5

See more details on using hashes here.

File details

Details for the file vagd-0.1.4-py3-none-any.whl.

File metadata

  • Download URL: vagd-0.1.4-py3-none-any.whl
  • Upload date:
  • Size: 27.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.2 CPython/3.10.9

File hashes

Hashes for vagd-0.1.4-py3-none-any.whl
Algorithm Hash digest
SHA256 c8c1d6d3fd5a9f6a29772229d8b000526a2f73b3ee6f75793afdc07b38fd2018
MD5 d51977c0e0b697f42f86a33e8fff74df
BLAKE2b-256 cbce84084af63169b1d2742aad64cbaef740586df2a70b650c4e2f12b5598d5e

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page