VirtuAlization GDb integrations in pwntools

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for 0x6fe1be2 from gravatar.com 0x6fe1be2

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: GNU General Public License v3 (GPLv3)
  • Author: 0x6fe1be2
  • Requires: Python >=3.7
Classifiers

Project description

PyPI docs

VAGD

VirtuAlization GDb integrations in pwntools

Installation

pip install vagd

or from repo with

git clone https://github.com/gfelber/vagd
pip install ./vagd/

Usage

use python -m vagd to generate a template

# run as process in VM
./exploit.py
# run as gdb server in VM requires tmux
./exploit.py GDB
# run on remote IP:PORT
./exploit.py REMOTE

I recommend using pwndbg.

Files

All created files ares stored in the local ./.vagd/ directory. Additional large files (e.g. cloudimages) are stored in the home directory ~/.vagd/ or handled by tools themselfs (e.g. Vagrant, Docker).

Recommendations

Consider adding these aliases to either ~./.bash_aliases, ~./.bashrc or other

alias vagd='python -m vagd'
# example use to ssh to guest
# vagdssh
alias vagdssh='VAGRANT_CWD=.vagd vagrant ssh'
# example use to copy flag.txt from host to guest (only works if Port is 2222)
# vagdscp ./flag.txt ./
vagdscp() {
  scp -P 2222 -o StrictHostKeyChecking=no -i ./vagd/.vagrant/machines/default/virtualbox/private_key ${@:3} $1 vagrant@localhost:$2
}
# example use to ssh to guest
# dogdssh
alias dogdssh='ssh -o "StrictHostKeyChecking=no" -i ~/.vagd/keyfile -p $(cut -d":" -f 2 .vagd/docker.lock) vagd@0.0.0.0'
# example use to copy flag.txt from host to guest
# dogdscp ./flag.txt
dogdscp() {
  scp -P $(cut -d":" -f 2 .vagd/docker.lock) -o StrictHostKeyChecking=no -i ~/.vagd/keyfile ${@:3} $1 vagd@localhost:$2
}
# example use to spawn shell in guest 
# dogdexec sh
alias dogdexec='docker exec -it $(cut ./.vagd/docker.lock -d":" -f 1)'
# example use to copy /etc/passwd from guest to host
# dogdcp /etc/passwd ./
dogdcp() {
  docker cp "$(cut ./.vagd/docker.lock -d":" -f 1):$1" $2
}
# example use to ssh to guest
# qegdssh
alias qegdssh='ssh -o "StrictHostKeyChecking=no" -i ~/.vagd/keyfile -p $(cat .vagd/qemu.lock) ubuntu@0.0.0.0'
# example use to copy flag.txt from host to guest
# qegdscp ./flag.txt
qegdscp() {
  scp -P $(cat .vagd/qemu.lock) -o StrictHostKeyChecking=no -i ~/.vagd/keyfile ${@:3} $1 ubuntu@localhost:$2
}

Documentation

Boxes

the following boxes were tested and work, box constants are inside vagd.box.Box

  • Vagrant
    • UBUNTU_JAMMY64 = 'ubuntu/jammy64'
    • UBUNTU_FOCAL64 = 'ubuntu/focal64'
    • UBUNTU_BIONIC64 = 'ubuntu/bionic64'
    • UBUNTU_XENIAL64 = 'ubuntu/xenial64'
  • QEMU (cached in ~/.vagd/qemu-imgs)
  • Docker
    • DOCKER_JAMMY = 'ubuntu:jammy'
    • DOCKER_FOCAL = 'ubuntu:focal'
    • DOCKER_BIONIC = 'ubuntu:bionic'
    • DOCKER_XENIAL = 'ubuntu:xenial'
    • DOCKER_ALPINE_316 = 'alpine:3.16.6'

currently only distributions that use apt and alpine for Docker are supported

Future plans

pre configured Vagrant boxes / QEMU Images / Docker Image

created pre configured environments with preinstalled lib debug symbols and gdbserver to lower init runtime.

Better Docker integration

created a Docker integration that allows loading existing Dockerfiles (maybe docker-compose), also add a feature that additionally virtualizes (Vagrant/Qemu) them to change the used kernel.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for 0x6fe1be2 from gravatar.com 0x6fe1be2

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: GNU General Public License v3 (GPLv3)
  • Author: 0x6fe1be2
  • Requires: Python >=3.7
Classifiers

Release history Release notifications | RSS feed

1.5.5

1.5.4

1.5.3

1.5.2

1.5.1

1.5.0

1.4.5

1.4.4

1.4.3

1.4.2

1.4.1

1.4.0

1.3.10

1.3.9

1.3.8

1.3.7

1.3.6

1.3.5

1.3.4

1.3.3

1.3.2

1.3.1

1.3.0

1.2.7

1.2.6

1.2.5

1.2.4

1.2.3

1.2.2

1.2.1

1.2.0

1.1.7

1.1.6

1.1.5

1.1.4

1.1.3

1.1.2

1.1.1

1.1.0

1.0.11

1.0.10

1.0.9

1.0.8

1.0.7

1.0.6

1.0.5

1.0.4

1.0.3

1.0.2

1.0.1

1.0.0

0.4.8

This version

0.4.7

0.4.6

0.4.5

0.4.4

0.4.3

0.4.2

0.4.1

0.4.0

0.3.9

0.3.8

0.3.6

0.3.5

0.3.4

0.3.3

0.3.2

0.3.1

0.3.0

0.2.1

0.2.0

0.1.9

0.1.8

0.1.7

0.1.6

0.1.5

0.1.4

0.1.3

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

vagd-0.4.7.tar.gz (37.8 kB view details)

Uploaded Source

Built Distribution

vagd-0.4.7-py3-none-any.whl (40.6 kB view details)

Uploaded Python 3

File details

Details for the file vagd-0.4.7.tar.gz.

File metadata

  • Download URL: vagd-0.4.7.tar.gz
  • Upload date:
  • Size: 37.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.2 CPython/3.11.3

File hashes

Hashes for vagd-0.4.7.tar.gz
Algorithm Hash digest
SHA256 0b89da991aa215a448bfa89cdc760fc788b4420c706aa7d76737ef38cf2537bb
MD5 71828af8ff586529b9ba7211eebcd0b1
BLAKE2b-256 65e3f5918a92c4b2fb7e135a0726a82b8112ef0e7ee16c2dc8f628b9acb385d6

See more details on using hashes here.

File details

Details for the file vagd-0.4.7-py3-none-any.whl.

File metadata

  • Download URL: vagd-0.4.7-py3-none-any.whl
  • Upload date:
  • Size: 40.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.2 CPython/3.11.3

File hashes

Hashes for vagd-0.4.7-py3-none-any.whl
Algorithm Hash digest
SHA256 3f5d16b6ae73833dad89b0e7b5350a581cd10a625516d6ae34b44d33b81a3c97
MD5 95abb487cfde984ce5dda83540944f3c
BLAKE2b-256 2430632ba56ce5cb0ece5d630b836aaf15a074d900126b33ff3fddfe76d702f9

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page