Pwntools is a well-known and powerful attack framework for CTFers. Its official document has great details. However, there is few tutorials introducing pwntools with examples in basic level. In this post, I will use several pwn tasks to demonstrate the power and ways of using pwntools.
The tutorial won’t be difficult, I will guide you line by line.
First, you need a 64 byte linux machine with python2 and pip. Then, type:
sudo pip install pwntools
sudo pip2 install pwntools if your default pip is for python3.
Begin with simple StackOverflow
Because we mainly introduce the framwork rather than explain advanced attack techniques. I will use relative simple and straightforward example. Here, I choose the Overflow 4 in picoCTF 2013 as an example.
Link to question and the vullnerable part is at line 13.
Make sure you close ASLR:
echo '0' > /proc/sys/kernel/randomize_va_space. Do not compile the source code and use the binary from github. As for sure, you need to run
checksec overflow4-4834efeff17abdfb and check wehter you get following result:
Arch: i386-32-little RELRO: Partial RELRO Stack: No canary found NX: NX disabled PIE: No PIE (0x8048000) RWX: Has RWX segments
Now, you meet the first tool, checksec. It helps us to identify mitigations used in a binary file.
Let’s write our exploit script.
…to be continue