Establishing Connection
Pwntools establishes a standard interface for connecting to binaries, both locally and remotely. This is accomplished via the pwnlib.tubes
module.
What is a tube?
A tube is a generic object which can be used to send or receive data. It is the base class for all connections, and is the primary interface for interacting with a remote process.
Connecting to a Remote Process
Use remote()
for easy connection to remote processes.
p = remote('vunrotc.cole-ellis.com', 1100)
You can also use a listener to connect to a remote process.
l = listen(1100)
r = remote('vunrotc.cole-ellis.com', l.lport)
p = l.wait_for_connection()
Connecting to a Local Process
Use process()
for easy connection to local processes.
p = process('./win32')
Using GDB with Pwntools
We can use gdb.debug()
to run a local process within gdb
. This takes a secondary argument, gdbscript
, which is a string of commands to run in gdb
. This is useful for setting breakpoints, etc.
p = gdb.debug('./win32', gdbscript='b *main\nc')
People commonly use a separate variable for their gdbscript
because it's easier to read. Using a separate string allows you to use triple quotes, which makes it easier to write multi-line scripts.
cmds = '''
b *main
c
'''
p = gdb.debug('./win32', gdbscript=cmds)
This allowed us to write commands without using the newline character. It also generally makes the code easier to read.
We can use gdb.attach()
to attach to a process. It takes the target to attach to (which, under the hood, is the process ID).
p = process('./win32')
gdb.attach(p)
Last updated
Was this helpful?