Cyber Training Guide
CTF WriteupsOther NotesHow-To: Radare2How-To: GDB
  • Cyber Training Guide
  • 0x0: Introduction
    • git-good
    • root-1
    • root-2
    • intro
  • Binary Exploitation (pwn)
    • What is Binary Exploitation?
    • 0x1: ret2win
      • win32
      • win64
      • args
    • 0x2: shellcodes
      • location
      • shell
      • constrained
    • 0x3: format strings
      • format
      • chase
      • bbpwn
    • 0x4: stack canaries
      • canary
      • findme
    • 0x5: ROP
      • rop2win
      • split
      • callme
      • write4
      • badchars
    • 0x6: PIE
      • gimme
      • leak32
      • leak64
    • 0x7: ASLR
      • groundzero
      • stepup
      • ret2plt
    • 0x8: GOT overwrites
      • gotem
      • gotem64
  • Programming
    • What is the Programming Section?
    • 0x9: Data Serialization
      • LinkedOps
      • Tree
      • TeLeVision
    • 0xA: Programming
      • Calorie Counting
      • Hash
      • Rock Paper Scissors
      • Watch the Register
      • Supply Stacks
      • Rope Bridge
      • Mountain Climbers
  • Reverse Engineering (RE)
    • What is Reverse Engineering?
    • 0xB: Ghidra
      • hardcode
      • undo
      • snake
  • Toolkit
    • Using Pwntools
      • Establishing Connection
      • Context
      • Sending/Receiving Data
      • The ELF Class
    • My Workflow
      • Tmux
      • Vim
Powered by GitBook
On this page
  • Connecting to a Remote Process
  • Connecting to a Local Process
  • Using GDB with Pwntools

Was this helpful?

  1. Toolkit
  2. Using Pwntools

Establishing Connection

Pwntools establishes a standard interface for connecting to binaries, both locally and remotely. This is accomplished via the pwnlib.tubes module.

What is a tube?

A tube is a generic object which can be used to send or receive data. It is the base class for all connections, and is the primary interface for interacting with a remote process.

Connecting to a Remote Process

Use remote() for easy connection to remote processes.

p = remote('vunrotc.cole-ellis.com', 1100)

You can also use a listener to connect to a remote process.

l = listen(1100)
r = remote('vunrotc.cole-ellis.com', l.lport)
p = l.wait_for_connection()

Connecting to a Local Process

Use process() for easy connection to local processes.

p = process('./win32')

Using GDB with Pwntools

We can use gdb.debug() to run a local process within gdb. This takes a secondary argument, gdbscript, which is a string of commands to run in gdb. This is useful for setting breakpoints, etc.

p = gdb.debug('./win32', gdbscript='b *main\nc')

People commonly use a separate variable for their gdbscript because it's easier to read. Using a separate string allows you to use triple quotes, which makes it easier to write multi-line scripts.

cmds = '''
b *main
c
'''

p = gdb.debug('./win32', gdbscript=cmds)

This allowed us to write commands without using the newline character. It also generally makes the code easier to read.

We can use gdb.attach() to attach to a process. It takes the target to attach to (which, under the hood, is the process ID).

p = process('./win32')
gdb.attach(p)
PreviousUsing PwntoolsNextContext

Last updated 1 year ago

Was this helpful?