matrix1001 / welpwn Goto Github PK
View Code? Open in Web Editor NEW💖CTF pwn framework.
License: MIT License
welpwn's People
Contributors
Stargazers
Watchers
Forkers
pxx199181 zzorz shuixi2013 escapingbug skysider 0xdd96 hustcw nyamisty fengjixuchui qaqmander binlep wooy0ung demon-wang icebagw imulmul junknet sprayman1999 n0vice21 lybobob1 ret2ver flag-porter luoxhei whalectf imlonghao leejaehyeon 0xc4se fly8wo alexsandershaw dung-2000 yangshuangfu 0x6b7966 flack3r mining8 devil8123665 a1gx l1nf reckon4 xsphenwelpwn's Issues
can you introduce your code ?
can you introduce your code more detail?
fix 'utils.libc_search' function bug
execute 'find' in libc-database,output like this:
'ubuntu-xenial-amd64-libc6-i386 (id libc6-i386_2.23-0ubuntu10_amd64)'
utils.libc_search:
libc_name = '{}.so'.format(re.findall(r'\((.*?)\)',result[choice])[0])
the regex pattern will return:
'id libc6-i386_2.23-0ubuntu10_amd64'
join to libc-database path:
libc_path = os.path.join(DB, libc_name)
libc_path = 'libc-database-path/id libc6-i386_2.23-0ubuntu10_amd64'
it will issue 'no folder or file ERROR'
FIX:
libc_name = '{}.so'.format(re.findall(r'\(id (.*?)\)',result[choice])[0])
License?
您好,
请问本项目是在什么开源许可证下开源的?
另外,每发布一个新的版本能否打了一个 tag 或者打一个 release 整理一下?
谢谢。
remote_libc指定libc失败,但是custom_libc_dir指定成功的问题
docker环境为Ubuntu16.04和Ubuntu18.04都出现这个问题,然后我到vmware虚拟机中测试也是出现这个问题,测试代码如下
from PwnContext import *
ctx.binary = "./E99"
ctx.remote_libc = "./libc-2.23.so"
ctx.debug_remote_libc = True
p = ctx.start()
p.interactive()
运行之后直接EOF
然后我用glibc_all_in_one导出文件夹之后,通过custom_libc_dir指定libc目录,却可以运行成功,且gdb调试时确定libc加载为制定libc
python3 support?
python2已经过时了,我用welpwn在py3下面可以安装,修改了一些str和bytes的错误以后可以运行,但是用python2可以正常getshell的,用python3就死活不行,我发现程序刚运行的时候有报错:
[*] set env={'LD_PRELOAD': '/home/test/tools/glibc-all-in-one/libs/2.23-0ubuntu11.2_amd64/libc.so.6', 'LD_LIBRARY_PATH': '/home/test/tools/glibc-all-in-one/libs/2.23-0ubuntu11.2_amd64/'} for debugging remote libc
[+] Starting local process '/tmp/pwn/tls_debug' env={b'LD_PRELOAD': b'/home/test/tools/glibc-all-in-one/libs/2.23-0ubuntu11.2_amd64/libc.so.6', b'LD_LIBRARY_PATH': b'/home/test/tools/glibc-all-in-one/libs/2.23-0ubuntu11.2_amd64/'} : pid 54081
error writing: 0x7fff426b5f43:0x0
error writing: 0x7fff426b5f96:0x0
请问这是啥问题?怎么解决下?
指定libc加载的时候报错
File "try.py", line 38, in <module>
ctx.start()
File "/home/user/.local/share/virtualenvs/pwn-iTljS8O7/local/lib/python2.7/site-packages/welpwn-0.93-py2.7.egg/PwnContext/core.py", line 310, in start
File "/usr/lib/python2.7/shutil.py", line 119, in copy
copyfile(src, dst)
File "/usr/lib/python2.7/shutil.py", line 82, in copyfile
with open(src, 'rb') as fsrc:
IOError: [Errno 20] Not a directory: '/home/user/.local/share/virtualenvs/pwn-iTljS8O7/lib/python2.7/site-packages/welpwn-0.93-py2.7.egg/PwnContext/libs/libc-2.27/64bit/ld.so.2'环境是ubuntu16.04, 指定18.04的libc无法顺利执行
能不能加上带调试符号的libc
rt
welpwn开启debug_remote_libc后pwndbg问题
welpwn是个非常好的工具,最近发现一个问题,就是当我打开debug_remote_libc(ctx.debug_remote_libc=True)时pwndbg的有些命令就报错,比如bin和heap等,而且和libc的版本没有关系,我用本地的libc复制过来一样报错。
详细日志如下:
pwndbg> version
Gdb: 7.7.1
Python: 3.4.3 (default, Nov 28 2017, 16:44:58) [GCC 4.8.4]
Pwndbg: 1.0.0 build: 2bc872c
Capstone: 4.0.1024
Unicorn: 1.0.1
pwndbg> bin
'bins': Prints out the contents of the tcachebins, fastbins, unsortedbin, smallbins, and largebins from the
main_arena or the specified address.
Exception occured: bins: Could not convert Python object: None. (<class 'TypeError'>)
For more info invoke set exception-verbose on and rerun the command
pwndbg> set exception-verbose on
Set whether to print a full stacktracefor exceptions raised in Pwndbg commands to True
pwndbg> bin
'bins': Prints out the contents of the tcachebins, fastbins, unsortedbin, smallbins, and largebins from the
main_arena or the specified address.
Traceback (most recent call last):
File "/home/test/tools/pwndbg/pwndbg/commands/init.py", line 109, in call
return self.function(*args, **kwargs)
File "/home/test/tools/pwndbg/pwndbg/commands/init.py", line 200, in _OnlyWhenRunning
return function(*a, **kw)
File "/home/test/tools/pwndbg/pwndbg/commands/init.py", line 208, in _OnlyWhenHeapIsInitialized
if pwndbg.heap.current.is_initialized():
File "/home/test/tools/pwndbg/pwndbg/heap/ptmalloc.py", line 526, in is_initialized
return self.global_max_fast != 0
File "/home/test/tools/pwndbg/pwndbg/heap/ptmalloc.py", line 177, in global_max_fast
return pwndbg.memory.u(addr)
File "/home/test/tools/pwndbg/pwndbg/memory.py", line 245, in u
}size
File "/home/test/tools/pwndbg/pwndbg/memory.py", line 228, in u64
return readtype(pwndbg.typeinfo.uint64, addr)
File "/home/test/tools/pwndbg/pwndbg/memory.py", line 87, in readtype
return int(gdb.Value(addr).cast(gdb_type.pointer()).dereference())
TypeError: Could not convert Python object: None.
If that is an issue, you can report it on https://github.com/pwndbg/pwndbg/issues
(Please don't forget to search if it hasn't been reported before)
PS: Pull requests are welcome
terminal参数指定问题
context.log_level = 'debug'
context.terminal = ['tmux', 'splitw', '-h']
# ctx.debug_remote_libc = True
if args.G:
rs('gdb', gdbscript='b read\nc')
elif args.R:
rs('remote')
else:
rs()
代码如上,使用命令python exp.py G
会报错
Traceback (most recent call last):
File "exp.py", line 82, in <module>
main()
File "exp.py", line 50, in main
rs('gdb', gdbscript='b read\nc')
File "exp.py", line 36, in <lambda>
rs = lambda *args, **kwargs :ctx.start(*args, **kwargs)
File "/root/miniconda3/envs/pwn/lib/python3.8/site-packages/welpwn-0.97-py3.8.egg/PwnContext/core.py", line 344, in start
self.io = binary.debug(**kwargs)
File "/root/miniconda3/envs/pwn/lib/python3.8/site-packages/pwntools-4.9.0b0-py3.8.egg/pwnlib/elf/elf.py", line 459, in debug
return pwnlib.gdb.debug([self.path] + argv, *a, **kw)
File "/root/miniconda3/envs/pwn/lib/python3.8/site-packages/pwntools-4.9.0b0-py3.8.egg/pwnlib/context/__init__.py", line 1578, in setter
return function(*a, **kw)
File "/root/miniconda3/envs/pwn/lib/python3.8/site-packages/pwntools-4.9.0b0-py3.8.egg/pwnlib/gdb.py", line 580, in debug
tmp = attach((host, port), exe=exe, gdbscript=gdbscript, ssh=ssh, sysroot=sysroot, api=api)
File "/root/miniconda3/envs/pwn/lib/python3.8/site-packages/pwntools-4.9.0b0-py3.8.egg/pwnlib/context/__init__.py", line 1578, in setter
return function(*a, **kw)
File "/root/miniconda3/envs/pwn/lib/python3.8/site-packages/pwntools-4.9.0b0-py3.8.egg/pwnlib/gdb.py", line 1048, in attach
gdb_pid = misc.run_in_new_terminal(cmd, preexec_fn = preexec_fn)
File "/root/miniconda3/envs/pwn/lib/python3.8/site-packages/pwntools-4.9.0b0-py3.8.egg/pwnlib/util/misc.py", line 409, in run_in_new_terminal
pid = int(out)
ValueError: invalid literal for int() with base 10: b''
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.