Exemple #1
0
def main():
    if args.GDB:
        p = gdb.debug(binary, gdbscript=gs)
    else:
        p = process(binary)

    launch_attack(p)
Exemple #2
0
def main():
    if args.GDB:
        p = gdb.debug(binary, gdbscript=gs)
    else:
        p = process(binary, aslr=False)

    p.recvuntil(END_OF_MENU)
    launch_attack(p)
Exemple #3
0
def r2dbg(args,
          r2script=None,
          exe=None,
          ssh=None,
          env=None,
          sysroot=None,
          **kwargs):
    gdbscript = ""
    if r2script:
        gdbscript += '\n'.join(cmd for cmd in r2script.split('\n'))
    # this calls pwntools-gdb internally
    return gdb.debug(args, gdbscript, exe, ssh, env, sysroot, **kwargs)
Exemple #4
0
def main():
    if args.GDB:
        p = gdb.debug(binary, gdbscript=gs)
    else:
        p = process(binary)

    attack = b'attack'

    if args.RECORD:
        with open("input", "wb") as f:
            f.write(attack)

    p.send(attack)

    # Make sure that this is kept for gdb
    p.interactive()
Exemple #5
0
    r = gdb.debug("./spb",
                  '''
# Break right after first call to malloc assigned to party
    break *(main+1f9)
    #break *(main+cd)
    break *(choose_song+62)
    break *(choose_song+a9)
    #disable 1
    disable 2
    disable 3
    break *(choose_song+67)
    break *(get_drink+11b)
    disable 4
    disable 5

commands 4
print/x $rax
continue
end

commands 1
print (void*)party
x/10gx (long*)party - 2
disable 1
#watch &__malloc_hook
break system
continue
end

# Run
continue
''',
                  env={"LD_PRELOAD": "./libc-2.27.so"})