VirtuAlization GDb integrations in pwntools
Project description
VAGD
VirtuAlization GDb integrations in pwntools
Installation
pip install vagd
or from repo with
git clone https://github.com/gfelber/vagd
pip install ./vagd/
Usage
use python -m vagd to generate a template
# run as process in VM
./exploit.py
# run as gdb server in VM requires tmux
./exploit.py GDB
# run on remote IP:PORT
./exploit.py REMOTE
I recommend using pwndbg.
Files
All created files ares stored in the local ./.vagd/ directory. Additional large files (e.g. cloudimages) are stored in the home directory ~/.vagd/ or handled by tools themselfs (e.g. Vagrant, Docker).
Recommendations
Consider adding these aliases to either ~./.bash_aliases, ~./.bashrc or other
alias vagd='python -m vagd'
# example use to ssh to guest
# vagdssh
alias vagdssh='VAGRANT_CWD=.vagd vagrant ssh'
# example use to copy flag.txt from host to guest (only works if Port is 2222)
# vagdscp ./flag.txt ./
vagdscp() {
scp -P 2222 -o StrictHostKeyChecking=no -i ./vagd/.vagrant/machines/default/virtualbox/private_key ${@:3} $1 vagrant@localhost:$2
}
# example use to ssh to guest
# dogdssh
alias dogdssh='ssh -o "StrictHostKeyChecking=no" -i ~/.vagd/keyfile -p $(cut -d":" -f 2 .vagd/docker.lock) vagd@0.0.0.0'
# example use to copy flag.txt from host to guest
# dogdscp ./flag.txt
dogdscp() {
scp -P $(cut -d":" -f 2 .vagd/docker.lock) -o StrictHostKeyChecking=no -i ~/.vagd/keyfile ${@:3} $1 vagd@localhost:$2
}
# example use to spawn shell in guest
# dogdexec sh
alias dogdexec='docker exec -it $(cut ./.vagd/docker.lock -d":" -f 1)'
# example use to copy /etc/passwd from guest to host
# dogdcp /etc/passwd ./
dogdcp() {
docker cp "$(cut ./.vagd/docker.lock -d":" -f 1):$1" $2
}
# example use to ssh to guest
# qegdssh
alias qegdssh='ssh -o "StrictHostKeyChecking=no" -i ~/.vagd/keyfile -p $(cat .vagd/qemu.lock) ubuntu@0.0.0.0'
# example use to copy flag.txt from host to guest
# qegdscp ./flag.txt
qegdscp() {
scp -P $(cat .vagd/qemu.lock) -o StrictHostKeyChecking=no -i ~/.vagd/keyfile ${@:3} $1 ubuntu@localhost:$2
}
Documentation
Boxes
A listed of known working Boxes can be found in the Documentation.
Other images might also work but currently only distributions that use apt and alpine for Docker are supported.
This limitation may be circumvented by creating a target yourself (with the dependencies gdbserver, python, openssh) and creating a ssh connection via Shgd.
Future plans
pre configured Vagrant boxes / QEMU Images / Docker Image
created pre configured environments with preinstalled lib debug symbols and gdbserver to lower init runtime.
Better Docker integration
created a Docker integration that allows loading existing Dockerfiles (maybe docker-compose), also add a feature that additionally virtualizes (Vagrant/Qemu) them to change the used kernel.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file vagd-1.0.5.tar.gz.
File metadata
- Download URL: vagd-1.0.5.tar.gz
- Upload date:
- Size: 39.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.11.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 5893fcf3f63e93d324ec452216bddf2e7e3af460dc87f2885d864b092c867996 |
|
| MD5 | ebeca9a116d880d88a1325b218ef2ec8 |
|
| BLAKE2b-256 | 32f03eeb19d511cda1d7caa59f73f8fb73bff58d650a5efa43eca3d39a76e952 |
File details
Details for the file vagd-1.0.5-py3-none-any.whl.
File metadata
- Download URL: vagd-1.0.5-py3-none-any.whl
- Upload date:
- Size: 43.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.11.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 1e084cb05c9e77e6f05877ed1752b18926ec219f94e6e2a6ab2d8aa55b579ab8 |
|
| MD5 | b712c50cf2f26926d2224bc2cff3c0f5 |
|
| BLAKE2b-256 | 087fa892ca3991a8bbd14c2b25f009b8f05124f478a50cb88f9e85e1796c5688 |
