- pwntools 사용법
# import
from pwn import *
# access 1
shell = ssh("id", "127.0.0.1", port=9999, password="passwd")
proc = shell.run("./program")
# access 2
proc = process("./program")
proc = process(["cat", "test"]) # 2017.05.16
# access 3
proc = remote("localhost", 9002)
# send
proc.send("test\n")
proc.sendline("test")
# recv
proc.recv() # EOF deadlock
proc.recvline() # \n deadlock
proc.recvlines() # EOF deadlock
proc.recvrepeat(0.3)
proc.recvall() # EOF deadlock
proc.recvuntil(str) # str deadlock
# p32 | p64 <==> u32 | u64 (반대되는 함수)
addr = proc.recvline()
addr = int(addr, 16)
addr = p64(addr) # p32 or p64
# poll : exit code 반환 (실행 중일 경우 None 반환)
// proc.poll(False) # 매개변수는 deadlock 여부
proc.poll() # 2017.05.16
# ELF
program = ELF('./program')
libc = ELF('./libc')
setvbuf_plt = program.plt['setvbuf']
setvbuf_got = program.got['setvbuf']
system_offset = libc.symbols['system']
- libc.rand 사용법
# import
from ctypes import *
import time
# setting
libc = CDLL('libc.so.6')
seed = libc.time()
libc.srand(seed)
# rand
libc.rand()
'Hack' 카테고리의 다른 글
[Python] pwntools log 없애기 (0) | 2017.06.17 |
---|