zafirr31/pwntools_example.py

## pwntools_example.py


from pwn import *

BINARY = '<path_to_binary>'
IP, PORT = '<ip>', 8080
LOCAL = True

if LOCAL:
	p = process(BINARY)				# Makes pipe fd
if not LOCAL
	p = remote(IP, PORT)			# Makes socket fd


p.recv(1024, timeout=3)				# Accepts 1024 bytes from 'p'
									# If the pipe/socket is closed, p with return EOF Error
									# After 3 seconds, execution will continue, except if EOF Error occurs

p.recvuntil('Zafirr', timeout=3)	# Accepts all bytes until string "Zafirr" is found
									# If the pipe/socket is closed, p with return EOF Error
									# After 3 seconds, execution will continue, except if EOF Error occurs

p.send("<3")						# Will send "<3" to 'p'
									# If the pipe/socket is closed, p with return EOF Error

p.sendline("<3")					# Will send "<3\n" to 'p'
									# If the pipe/socket is closed, p with return EOF Error

p.sendafter("Zafirr", "<3")			# Will send "<3" to 'p' IF AND ONLY IF "Zafirr" is recieved first
									# If the pipe/socket is closed, p with return EOF Error

p.sendlineafter("Zafirr", "<3")		# Will send "<3\n" to 'p' IF AND ONLY IF "Zafirr" is recieved first
									# If the pipe/socket is closed, p with return EOF Error

p.interactive()						# Will dup pipe/socket fd's to /dev/tty
									# Will run even is p is closed

p.close()							# Closes 'p'


p32(0x1)							# Equivalent to struct.pack("<I", 0x1)
									# Packs number to little endien equivalent
									# Returns 4 bytes long string

p64(0x1)							# Equivalent to struct.pack("<Q", 0x1)
									# Packs number to little endien equivalent
									# Returns 8 bytes long string

u32('asdf')							# Equivalent to struct.unpack("<I", 'asdf')
									# Unpacks string to integer equivalent
									# Must be 4 bytes long

u64('asdfasdf')						# Equivalent to struct.unpack("<Q", 'asdfasdf')
									# Unpacks string to long integer equivalent
									# Must be 8 bytes long

# Important
context.arch = 'i386'				# Sets architecture context to 32-bit
# Important
context.arch = 'amd64'				# Sets architecture context to 64-bit
# etc


shellcode = 'mov eax, 0'
asm(shellcode)						# Assembles assembly language into machine language

disasm('\x58')						# Disassembles machine language into assembly language


# Happy Pwning :)


	from pwn import *

	BINARY = '<path_to_binary>'
	IP, PORT = '<ip>', 8080
	LOCAL = True

	if LOCAL:
	p = process(BINARY) # Makes pipe fd
	if not LOCAL
	p = remote(IP, PORT) # Makes socket fd


	p.recv(1024, timeout=3) # Accepts 1024 bytes from 'p'
	# If the pipe/socket is closed, p with return EOF Error
	# After 3 seconds, execution will continue, except if EOF Error occurs

	p.recvuntil('Zafirr', timeout=3) # Accepts all bytes until string "Zafirr" is found
	# If the pipe/socket is closed, p with return EOF Error
	# After 3 seconds, execution will continue, except if EOF Error occurs

	p.send("<3") # Will send "<3" to 'p'
	# If the pipe/socket is closed, p with return EOF Error

	p.sendline("<3") # Will send "<3\n" to 'p'
	# If the pipe/socket is closed, p with return EOF Error

	p.sendafter("Zafirr", "<3") # Will send "<3" to 'p' IF AND ONLY IF "Zafirr" is recieved first
	# If the pipe/socket is closed, p with return EOF Error

	p.sendlineafter("Zafirr", "<3") # Will send "<3\n" to 'p' IF AND ONLY IF "Zafirr" is recieved first
	# If the pipe/socket is closed, p with return EOF Error

	p.interactive() # Will dup pipe/socket fd's to /dev/tty
	# Will run even is p is closed

	p.close() # Closes 'p'




	p32(0x1) # Equivalent to struct.pack("<I", 0x1)
	# Packs number to little endien equivalent
	# Returns 4 bytes long string

	p64(0x1) # Equivalent to struct.pack("<Q", 0x1)
	# Packs number to little endien equivalent
	# Returns 8 bytes long string

	u32('asdf') # Equivalent to struct.unpack("<I", 'asdf')
	# Unpacks string to integer equivalent
	# Must be 4 bytes long

	u64('asdfasdf') # Equivalent to struct.unpack("<Q", 'asdfasdf')
	# Unpacks string to long integer equivalent
	# Must be 8 bytes long

	# Important
	context.arch = 'i386' # Sets architecture context to 32-bit
	# Important
	context.arch = 'amd64' # Sets architecture context to 64-bit
	# etc



	shellcode = 'mov eax, 0'
	asm(shellcode) # Assembles assembly language into machine language

	disasm('\x58') # Disassembles machine language into assembly language



	# Happy Pwning :)