About

Pwntools is a well-known and powerful attack framework for CTFers. Its official document has great details. However, there is few tutorials introducing pwntools with examples in basic level. In this post, I will use several pwn tasks to demonstrate the power and ways of using pwntools.

The tutorial won’t be difficult, I will guide you line by line.

Installation

First, you need a 64 byte linux machine with python2 and pip. Then, type:

sudo pip install pwntools

or sudo pip2 install pwntools if your default pip is for python3.

Begin with simple StackOverflow

Because we mainly introduce the framwork rather than explain advanced attack techniques. I will use relative simple and straightforward example. Here, I choose the Overflow 4 in picoCTF 2013 as an example.

Link to question and the vullnerable part is at line 13.

Make sure you close ASLR: echo '0' > /proc/sys/kernel/randomize_va_space. Do not compile the source code and use the binary from github. As for sure, you need to run checksec overflow4-4834efeff17abdfb and check wehter you get following result:

    Arch:     i386-32-little
    RELRO:    Partial RELRO
    Stack:    No canary found
    NX:       NX disabled
    PIE:      No PIE (0x8048000)
    RWX:      Has RWX segments

Now, you meet the first tool, checksec. It helps us to identify mitigations used in a binary file.

Let’s write our exploit script.

…to be continue