forked from Naetw/CTF-pwn-tips
    
        
        - 
                Notifications
    You must be signed in to change notification settings 
- Fork 1
Pwntools and GDB PwnDBG
        Rahul Sridhar edited this page Apr 10, 2022 
        ·
        7 revisions
      
    - To attach gdb,
gdb.attach(process, '''
set disassembly-flavor intel
set height 0
b *0x40104f
c
''')
- You can control what kind of pane the gdb.attach opens, such as tmux:
context.terminal = ['tmux', 'splitw', '-h']
- You'll want command line flags for remote and gdb usage.
if len(sys.argv) > 1 and sys.argv[1] == 'remote':
    p = remote( , )
else:
    p = process( )
    if len(sys.argv) > 1 and sys.argv[1] == 'gdb':
        gdb.attach(p, """
              set disassembly-flavor intel
               b main
               """)
- Set the log level with
contex.log_level = "debug"
- 
To easily calculate offsets of strings that you input, use pwntools De Bruijn or Metasploit patterns in the cyclic module. Input the string, then use the cyclic_*_findfunctions to find the offset.
- 
In GDB, you can run a python script and send input to stdin with r < <(./payload.py)
- 
To construct a payload that has specific values at certain offsets, use the pwntools fitfunction:
>>> from pwn import *
>>> fit({
...     0x8  : 1234,
...     0x16 : 'HELLO',
...     }, filler='A', length = 0x24)
'AAAAAAAA\xd2\x04\x00\x00AAAAAAAAAAHELLOAAAAAAAAA'- To find a string in memory use search "asdf"in pwndbg
- To dump some bytes in memory to binary file do dump binary memory dump.bin buf buf+100