TODO

Install pwntools - Python framework
Install pwndbg - Extension for GDB
Look at ROP Gadget
Look at Ropper

Using pwntools

Generally, start with from pwn import *

1
2
3
4
5
6
7
8
9
from pwn import *

p = process("./intro")

"""
Automation
"""

p.interactive() # Allow us to interact with the program after we finish the automated parts

Debug

Adding DEBUG at the end of a pwntools python script will show debug data.

Debugger

We can use pause() to pause a pwntools script

Useful commands

strings <file> - find strings inside files
strace <program> - syscall trace
ltrace <program> - library trace
file <file> / objdump -f <file> - Inspects the header of a file
objdump -d <program> - Disassemble a program
- Note: Uses AT&T syntax (left to right)
- For Intel: -M intel
checksec <program> - (PWNtools) Security feature detection
xxd <file> - Hex editor

pwndbg

stack
s - step
ni - next instruction (run over the next instruction)
n - next
si - step instruction (explicitly step by next instruction)
fin - finish a function
x <addr> - examine
- x/10bx <addr> - examine the next 10 bytes as hex
set *<address>=value - Modify a value at an address
attach <pid> - attach to a PID
context - show useful stuff!

Memory

esp - stack pointer
ebp - frame pointer
eax - common return register

Tutorial 1

Contents

TODO

Using pwntools

Debug

Debugger

Useful commands

pwndbg

Memory