我的Pwn模板

使用说明:

  • 确保下载好tmux后,使用tmux命令进入tmux终端
  • 根据ELF文件位数选择context
  • elfFile添加ELF文件路径
  • remoteIp添加远程连接的IP
  • remotePort添加远程连接的Port
  • libFile添加本地库
  • REMOTE表示远程连接,1开启,0关闭
  • DEBUG表示使用本地调试,1开启,0关闭
  • BREAK表示调试初始化后使用gdb命令,1开启,0关闭
  • ATTACH表示使用attach模式启动调试,1使用attach附加进程,0使用debug创建进程,后者命中断点更可靠,但要ubuntu22以上
  • LIBC表示使用本地库
# -*- coding:utf-8 -*-
from pwn import *
from LibcSearcher import LibcSearcher

context(arch='i386', os='linux', log_level='debug')
# context(arch = 'amd64', os = 'linux', log_level='debug')

context.terminal = ['tmux', 'splitw', '-h']

elfFile = "./"
elf = ELF(elfFile)
libFile = ""

remoteIp = "117.21.200.166"
remotePort = 28696


REMOTE = 1
DEBUG = 1
BREAK = 1
ATTACH = 1
LIBC = 0
commands='''	
         b *0x08048483
         c
         '''
# --------------------------Func-----------------------------
s       = lambda data               :p.send(data) 
sa      = lambda delim,data         :p.sendafter(delim, data)
sl      = lambda data               :p.sendline(data)
sla     = lambda delim,data         :p.sendlineafter(delim, data)
rc      = lambda num                :p.recv(num)
rl      = lambda                    :p.recvline()
ru      = lambda delims             :p.recvuntil(delims)
uu32    = lambda 			:u32(rc(4))
ia	= lambda                   :p.interactive()
sd 	= lambda strs,addr	:log.success(strs+': '+hex(addr))
li 	= lambda x		:log.info(x)
prl 	= lambda   	 	:print('[recv-line]: ', rl())
pru	= lambda	strs		:print('[recv-until]: ', ru(strs))
prc	= lambda	num		:print('[recv-num]: ', rc(num))


# --------------------------Exploit--------------------------
def exploit():
	
	pass
	


def finish():
    ia()


# --------------------------Main-----------------------------
if __name__ == '__main__':
    if LIBC:
        libc = ELF(libFile)

    if REMOTE:
        p = remote(remoteIp, remotePort)
    else:
        if DEBUG:
            if ATTACH:
                if LIBC:
                    p = elf.process(env={"LD_PRELOAD": libFile})
                else:
                    p = elf.process()
                if BREAK:
                    gdb.attach(p, commands)
                else:
                    gdb.attach(p)
            else:
                if BREAK:
                    p = gdb.debug(elfFile, commands)
                else:
                    p = gdb.debug(elfFile)
        else:
            p = elf.process()
        

    exploit()
    finish()

本代码部分内容有所借鉴

posted @ 2023-06-25 14:58  noahze  阅读(63)  评论(0编辑  收藏  举报