VirtuAlization GDb integrations in pwntools

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for 0x6fe1be2 from gravatar.com 0x6fe1be2

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: GNU General Public License v3 (GPLv3)
  • Author: 0x6fe1be2
  • Tags vagd, exploit, ctf, capture, the, flag, binary, vagrant, qemu, docker
  • Requires: Python >=3.7
Classifiers

Project description

PyPI docs

VAGD

VirtuAlization GDb integrations in pwntools

Installation

pip install vagd

or from repo with

git clone https://github.com/gfelber/vagd
pip install ./vagd/

Usage

  • vagd template [OPTIONS] [BINARY] [IP] [PORT] to generate a template, list OPTIONS with help -h

  • vagd info BINARY to print info about binary

# run as process in VM
./exploit.py
# run as gdb server in VM requires tmux
./exploit.py GDB
# run on remote IP:PORT
./exploit.py REMOTE

I recommend using pwndbg.

Files

All created files ares stored in the local ./.vagd/ directory. Additional large files (e.g. cloudimages) are stored in the home directory ~/.vagd/ or handled by tools themselfs (e.g. Vagrant, Docker).

Recommendations

Consider adding these aliases to either ~./bash_aliases, ~./bashrc or other

# example use to ssh to guest
# vagdssh
alias vagdssh='VAGRANT_CWD=.vagd vagrant ssh'
# example use to copy flag.txt from host to guest (only works if Port is 2222)
# vagdscp ./flag.txt ./
vagdscp() {
  scp -P 2222 -o StrictHostKeyChecking=no -i ./vagd/.vagrant/machines/default/virtualbox/private_key ${@:3} $1 vagrant@localhost:$2
}
# example use to ssh to guest
# dogdssh
alias dogdssh='ssh -o "StrictHostKeyChecking=no" -i ~/.vagd/keyfile -p $(cut -d":" -f 2 .vagd/docker.lock) vagd@0.0.0.0'
# example use to copy flag.txt from host to guest
# dogdscp ./flag.txt
dogdscp() {
  scp -P $(cut -d":" -f 2 .vagd/docker.lock) -o StrictHostKeyChecking=no -i ~/.vagd/keyfile ${@:3} $1 vagd@localhost:$2
}
# example use to spawn shell in guest 
# dogdexec sh
alias dogdexec='docker exec -it $(cut ./.vagd/docker.lock -d":" -f 1)'
# example use to copy /etc/passwd from guest to host
# dogdcp /etc/passwd ./
dogdcp() {
  docker cp "$(cut ./.vagd/docker.lock -d":" -f 1):$1" $2
}
# example use to ssh to guest
# qegdssh
alias qegdssh='ssh -o "StrictHostKeyChecking=no" -i ~/.vagd/keyfile -p $(cat .vagd/qemu.lock) ubuntu@0.0.0.0'
# example use to copy flag.txt from host to guest
# qegdscp ./flag.txt
qegdscp() {
  scp -P $(cat .vagd/qemu.lock) -o StrictHostKeyChecking=no -i ~/.vagd/keyfile ${@:3} $1 ubuntu@localhost:$2
}

Documentation

Boxes

A listed of known working Boxes can be found in the Documentation. Other images might also work but currently only distributions that use apt and alpine for Docker are supported. This limitation may be circumvented by creating a target yourself (with the dependencies gdbserver, python, openssh) and creating a ssh connection via Shgd.

Future plans

pre configured Vagrant boxes / QEMU Images / Docker Image

created pre configured environments with preinstalled lib debug symbols and gdbserver to lower init runtime.

Better Docker integration

created a Docker integration that allows loading existing Dockerfiles (maybe docker-compose), also add a feature that additionally virtualizes (Vagrant/Qemu) them to change the used kernel.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for 0x6fe1be2 from gravatar.com 0x6fe1be2

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: GNU General Public License v3 (GPLv3)
  • Author: 0x6fe1be2
  • Tags vagd, exploit, ctf, capture, the, flag, binary, vagrant, qemu, docker
  • Requires: Python >=3.7
Classifiers

Release history Release notifications | RSS feed

1.5.5

1.5.4

1.5.3

1.5.2

1.5.1

1.5.0

1.4.5

1.4.4

1.4.3

1.4.2

1.4.1

1.4.0

1.3.10

1.3.9

1.3.8

1.3.7

1.3.6

1.3.5

1.3.4

1.3.3

1.3.2

1.3.1

1.3.0

1.2.7

1.2.6

1.2.5

1.2.4

1.2.3

1.2.2

1.2.1

1.2.0

1.1.7

1.1.6

1.1.5

1.1.4

1.1.3

1.1.2

1.1.1

1.1.0

1.0.11

1.0.10

This version

1.0.9

1.0.8

1.0.7

1.0.6

1.0.5

1.0.4

1.0.3

1.0.2

1.0.1

1.0.0

0.4.8

0.4.7

0.4.6

0.4.5

0.4.4

0.4.3

0.4.2

0.4.1

0.4.0

0.3.9

0.3.8

0.3.6

0.3.5

0.3.4

0.3.3

0.3.2

0.3.1

0.3.0

0.2.1

0.2.0

0.1.9

0.1.8

0.1.7

0.1.6

0.1.5

0.1.4

0.1.3

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

vagd-1.0.9.tar.gz (39.9 kB view details)

Uploaded Source

Built Distribution

vagd-1.0.9-py3-none-any.whl (44.2 kB view details)

Uploaded Python 3

File details

Details for the file vagd-1.0.9.tar.gz.

File metadata

  • Download URL: vagd-1.0.9.tar.gz
  • Upload date:
  • Size: 39.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.2 CPython/3.11.3

File hashes

Hashes for vagd-1.0.9.tar.gz
Algorithm Hash digest
SHA256 97f697f6f0a63ab782960dd89e90241f943251a8a75d7e33d7da783071d0e7ee
MD5 e092faceebdfbf0a62948243ad856599
BLAKE2b-256 c6bf0d45b9ce5b8bfc7d7006a1477866d476b1ee3d3b41ff39c930c271104045

See more details on using hashes here.

File details

Details for the file vagd-1.0.9-py3-none-any.whl.

File metadata

  • Download URL: vagd-1.0.9-py3-none-any.whl
  • Upload date:
  • Size: 44.2 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.2 CPython/3.11.3

File hashes

Hashes for vagd-1.0.9-py3-none-any.whl
Algorithm Hash digest
SHA256 a0dc774966f88b8801e739090a216edc0ef68c9a22f39862ae0348e89038a48b
MD5 fd9b965a2a561d5aac882c8a0ead11d7
BLAKE2b-256 f588877dc7c579f0dda05db073995c622ef9c8905964e0b8f22e73fcb9e5e5b7

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page