[PWN.03] Exploitation with pwntools

pwntools is a python tool used for exploitation.
We can use it and exploit easier than in the past.

#!/usr/bin/python
from pwn import *

# remote connection
r = remote("{IP}", PORT)

# Write payload to exploit
payload = ...

# Send data to {IP}
r.send(payload)
r.sendline(payload)
r.sendafter("{STRING FROM REMOTE}", payload)
r.sendlineafter("{STRING FROM REMOTE}", payload)

# Receive data from Remote
r.recv(int)
r.recvline()
r.recvuntil("{STRING}")
... and more

# Change to Little endian or Big Endian
# Little endian
hex(u32(VALUE))
hex(u64(VALUE))

# Big Endian
hex(p32(VALUE))
hex(p64(VALUE))

# for PLT(Procedure Linkage Table) and GOT(Global Offset 
Table)
e = ELF('{FILE}')
puts_plt = e.plt['puts']
read_got = e.got['read']

# Set architecture
context.arch = "amd64" # or i386, arm

# SHELL making AUTOMATICALLY
s = shellcraft.sh()

We can easily perform exploits using the above.

Speedy emails, satisfied customers

Are delayed transactional emails costing you user satisfaction? Postmark delivers your emails almost instantly, keeping your customers happy and connected.

DEV Community

[PWN.03] Exploitation with pwntools

Speedy emails, satisfied customers

Top comments (0)

The Next Generation Developer Platform

Read next

Revolutionizing Open Source Licensing with Smart Contracts

Exploring OpenSource on OpenSea: A Fusion of Art and Collaboration

Navigating the World of Open Source Funding Strategies

How Does Vue.js Compare to React and Angular for Front-end Development?

Okay