Tutorial 1
Contents
TODO
- Install
pwntools
- Python framework Install
pwndbg
- Extension for GDBLook at ROP Gadget
Look at Ropper
Using pwntools
Generally, start with
from pwn import *
1 2 3 4 5 6 7 8 9
from pwn import * p = process("./intro") """ Automation """ p.interactive() # Allow us to interact with the program after we finish the automated parts
Debug
- Adding DEBUG at the end of a pwntools python script will show debug data.
Debugger
We can use pause()
to pause a pwntools script
Useful commands
strings <file>
- find strings inside filesstrace <program>
- syscall traceltrace <program>
- library tracefile <file>
/objdump -f <file>
- Inspects the header of a fileobjdump -d <program>
- Disassemble a program- Note: Uses AT&T syntax (left to right)
- For Intel:
-M intel
checksec <program>
- (PWNtools) Security feature detectionxxd <file>
- Hex editor
pwndbg
stack
s
- stepni
- next instruction (run over the next instruction)n
- nextsi
- step instruction (explicitly step by next instruction)fin
- finish a functionx <addr>
- examinex/10bx <addr>
- examine the next 10 bytes as hex
set *<address>=value
- Modify a value at an addressattach <pid>
- attach to a PIDcontext
- show useful stuff!
Memory
esp
- stack pointerebp
- frame pointereax
- common return register