matrix1001 / welpwn Goto Github PK
View Code? Open in Web Editor NEW💖CTF pwn framework.
License: MIT License
💖CTF pwn framework.
License: MIT License
can you introduce your code more detail?
execute 'find' in libc-database,output like this:
'ubuntu-xenial-amd64-libc6-i386 (id libc6-i386_2.23-0ubuntu10_amd64)'
utils.libc_search:
libc_name = '{}.so'.format(re.findall(r'\((.*?)\)',result[choice])[0])
the regex pattern will return:
'id libc6-i386_2.23-0ubuntu10_amd64'
join to libc-database path:
libc_path = os.path.join(DB, libc_name)
libc_path = 'libc-database-path/id libc6-i386_2.23-0ubuntu10_amd64'
it will issue 'no folder or file ERROR'
FIX:
libc_name = '{}.so'.format(re.findall(r'\(id (.*?)\)',result[choice])[0])
您好,
请问本项目是在什么开源许可证下开源的?
另外,每发布一个新的版本能否打了一个 tag 或者打一个 release 整理一下?
谢谢。
docker环境为Ubuntu16.04和Ubuntu18.04都出现这个问题,然后我到vmware虚拟机中测试也是出现这个问题,测试代码如下
from PwnContext import *
ctx.binary = "./E99"
ctx.remote_libc = "./libc-2.23.so"
ctx.debug_remote_libc = True
p = ctx.start()
p.interactive()
运行之后直接EOF
然后我用glibc_all_in_one导出文件夹之后,通过custom_libc_dir指定libc目录,却可以运行成功,且gdb调试时确定libc加载为制定libc
python2已经过时了,我用welpwn在py3下面可以安装,修改了一些str和bytes的错误以后可以运行,但是用python2可以正常getshell的,用python3就死活不行,我发现程序刚运行的时候有报错:
[*] set env={'LD_PRELOAD': '/home/test/tools/glibc-all-in-one/libs/2.23-0ubuntu11.2_amd64/libc.so.6', 'LD_LIBRARY_PATH': '/home/test/tools/glibc-all-in-one/libs/2.23-0ubuntu11.2_amd64/'} for debugging remote libc
[+] Starting local process '/tmp/pwn/tls_debug' env={b'LD_PRELOAD': b'/home/test/tools/glibc-all-in-one/libs/2.23-0ubuntu11.2_amd64/libc.so.6', b'LD_LIBRARY_PATH': b'/home/test/tools/glibc-all-in-one/libs/2.23-0ubuntu11.2_amd64/'} : pid 54081
error writing: 0x7fff426b5f43:0x0
error writing: 0x7fff426b5f96:0x0
请问这是啥问题?怎么解决下?
File "try.py", line 38, in <module>
ctx.start()
File "/home/user/.local/share/virtualenvs/pwn-iTljS8O7/local/lib/python2.7/site-packages/welpwn-0.93-py2.7.egg/PwnContext/core.py", line 310, in start
File "/usr/lib/python2.7/shutil.py", line 119, in copy
copyfile(src, dst)
File "/usr/lib/python2.7/shutil.py", line 82, in copyfile
with open(src, 'rb') as fsrc:
IOError: [Errno 20] Not a directory: '/home/user/.local/share/virtualenvs/pwn-iTljS8O7/lib/python2.7/site-packages/welpwn-0.93-py2.7.egg/PwnContext/libs/libc-2.27/64bit/ld.so.2'
环境是ubuntu16.04, 指定18.04的libc无法顺利执行
rt
welpwn是个非常好的工具,最近发现一个问题,就是当我打开debug_remote_libc(ctx.debug_remote_libc=True)时pwndbg的有些命令就报错,比如bin和heap等,而且和libc的版本没有关系,我用本地的libc复制过来一样报错。
详细日志如下:
pwndbg> version
Gdb: 7.7.1
Python: 3.4.3 (default, Nov 28 2017, 16:44:58) [GCC 4.8.4]
Pwndbg: 1.0.0 build: 2bc872c
Capstone: 4.0.1024
Unicorn: 1.0.1
pwndbg> bin
'bins': Prints out the contents of the tcachebins, fastbins, unsortedbin, smallbins, and largebins from the
main_arena or the specified address.
Exception occured: bins: Could not convert Python object: None. (<class 'TypeError'>)
For more info invoke set exception-verbose on
and rerun the command
pwndbg> set exception-verbose on
Set whether to print a full stacktracefor exceptions raised in Pwndbg commands to True
pwndbg> bin
'bins': Prints out the contents of the tcachebins, fastbins, unsortedbin, smallbins, and largebins from the
main_arena or the specified address.
Traceback (most recent call last):
File "/home/test/tools/pwndbg/pwndbg/commands/init.py", line 109, in call
return self.function(*args, **kwargs)
File "/home/test/tools/pwndbg/pwndbg/commands/init.py", line 200, in _OnlyWhenRunning
return function(*a, **kw)
File "/home/test/tools/pwndbg/pwndbg/commands/init.py", line 208, in _OnlyWhenHeapIsInitialized
if pwndbg.heap.current.is_initialized():
File "/home/test/tools/pwndbg/pwndbg/heap/ptmalloc.py", line 526, in is_initialized
return self.global_max_fast != 0
File "/home/test/tools/pwndbg/pwndbg/heap/ptmalloc.py", line 177, in global_max_fast
return pwndbg.memory.u(addr)
File "/home/test/tools/pwndbg/pwndbg/memory.py", line 245, in u
}size
File "/home/test/tools/pwndbg/pwndbg/memory.py", line 228, in u64
return readtype(pwndbg.typeinfo.uint64, addr)
File "/home/test/tools/pwndbg/pwndbg/memory.py", line 87, in readtype
return int(gdb.Value(addr).cast(gdb_type.pointer()).dereference())
TypeError: Could not convert Python object: None.
If that is an issue, you can report it on https://github.com/pwndbg/pwndbg/issues
(Please don't forget to search if it hasn't been reported before)
PS: Pull requests are welcome
context.log_level = 'debug'
context.terminal = ['tmux', 'splitw', '-h']
# ctx.debug_remote_libc = True
if args.G:
rs('gdb', gdbscript='b read\nc')
elif args.R:
rs('remote')
else:
rs()
代码如上,使用命令python exp.py G
会报错
Traceback (most recent call last):
File "exp.py", line 82, in <module>
main()
File "exp.py", line 50, in main
rs('gdb', gdbscript='b read\nc')
File "exp.py", line 36, in <lambda>
rs = lambda *args, **kwargs :ctx.start(*args, **kwargs)
File "/root/miniconda3/envs/pwn/lib/python3.8/site-packages/welpwn-0.97-py3.8.egg/PwnContext/core.py", line 344, in start
self.io = binary.debug(**kwargs)
File "/root/miniconda3/envs/pwn/lib/python3.8/site-packages/pwntools-4.9.0b0-py3.8.egg/pwnlib/elf/elf.py", line 459, in debug
return pwnlib.gdb.debug([self.path] + argv, *a, **kw)
File "/root/miniconda3/envs/pwn/lib/python3.8/site-packages/pwntools-4.9.0b0-py3.8.egg/pwnlib/context/__init__.py", line 1578, in setter
return function(*a, **kw)
File "/root/miniconda3/envs/pwn/lib/python3.8/site-packages/pwntools-4.9.0b0-py3.8.egg/pwnlib/gdb.py", line 580, in debug
tmp = attach((host, port), exe=exe, gdbscript=gdbscript, ssh=ssh, sysroot=sysroot, api=api)
File "/root/miniconda3/envs/pwn/lib/python3.8/site-packages/pwntools-4.9.0b0-py3.8.egg/pwnlib/context/__init__.py", line 1578, in setter
return function(*a, **kw)
File "/root/miniconda3/envs/pwn/lib/python3.8/site-packages/pwntools-4.9.0b0-py3.8.egg/pwnlib/gdb.py", line 1048, in attach
gdb_pid = misc.run_in_new_terminal(cmd, preexec_fn = preexec_fn)
File "/root/miniconda3/envs/pwn/lib/python3.8/site-packages/pwntools-4.9.0b0-py3.8.egg/pwnlib/util/misc.py", line 409, in run_in_new_terminal
pid = int(out)
ValueError: invalid literal for int() with base 10: b''
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.