使用说明:
- 确保下载好tmux后,使用tmux命令进入tmux终端
- 根据ELF文件位数选择context
- elfFile添加ELF文件路径
- remoteIp添加远程连接的IP
- remotePort添加远程连接的Port
- libFile添加本地库
- REMOTE表示远程连接,1开启,0关闭
- DEBUG表示使用本地调试,1开启,0关闭
- BREAK表示调试初始化后使用gdb命令,1开启,0关闭
- ATTACH表示使用attach模式启动调试,1使用attach附加进程,0使用debug创建进程,后者命中断点更可靠,但要ubuntu22以上
- LIBC表示使用本地库
# -*- coding:utf-8 -*-
from pwn import *
from LibcSearcher import LibcSearcher
context(arch='i386', os='linux', log_level='debug')
# context(arch = 'amd64', os = 'linux', log_level='debug')
context.terminal = ['tmux', 'splitw', '-h']
elfFile = "./"
elf = ELF(elfFile)
libFile = ""
remoteIp = "117.21.200.166"
remotePort = 28696
REMOTE = 1
DEBUG = 1
BREAK = 1
ATTACH = 1
LIBC = 0
commands='''
b *0x08048483
c
'''
# --------------------------Func-----------------------------
s = lambda data :p.send(data)
sa = lambda delim,data :p.sendafter(delim, data)
sl = lambda data :p.sendline(data)
sla = lambda delim,data :p.sendlineafter(delim, data)
rc = lambda num :p.recv(num)
rl = lambda :p.recvline()
ru = lambda delims :p.recvuntil(delims)
uu32 = lambda :u32(rc(4))
ia = lambda :p.interactive()
sd = lambda strs,addr :log.success(strs+': '+hex(addr))
li = lambda x :log.info(x)
prl = lambda :print('[recv-line]: ', rl())
pru = lambda strs :print('[recv-until]: ', ru(strs))
prc = lambda num :print('[recv-num]: ', rc(num))
# --------------------------Exploit--------------------------
def exploit():
pass
def finish():
ia()
# --------------------------Main-----------------------------
if __name__ == '__main__':
if LIBC:
libc = ELF(libFile)
if REMOTE:
p = remote(remoteIp, remotePort)
else:
if DEBUG:
if ATTACH:
if LIBC:
p = elf.process(env={"LD_PRELOAD": libFile})
else:
p = elf.process()
if BREAK:
gdb.attach(p, commands)
else:
gdb.attach(p)
else:
if BREAK:
p = gdb.debug(elfFile, commands)
else:
p = gdb.debug(elfFile)
else:
p = elf.process()
exploit()
finish()
本代码部分内容有所借鉴