forked from Naetw/CTF-pwn-tips
-
Notifications
You must be signed in to change notification settings - Fork 1
Pwntools and GDB PwnDBG
Ray Wang edited this page Nov 4, 2017
·
7 revisions
- To attach gdb,
gdb.attach(process, '''
set disassembly-flavor intel
set height 0
b *0x40104f
c
''')
- You'll want command line flags for remote and gdb usage.
if len(sys.argv) > 1 and sys.argv[1] == 'remote':
p = remote( , )
else:
p = process( )
if len(sys.argv) > 1 and sys.argv[1] == 'gdb':
gdb.attach(p, """
set disassembly-flavor intel
b main
""")
- Set the log level with
contex.log_level = debug
-
To easily calculate offsets of strings that you input, use pwntools De Bruijn or Metasploit patterns in the cyclic module. Input the string, then use the
cyclic_*_findfunctions to find the offset. -
In GDB, you can run a python script and send input to stdin with
r < <(./payload.py)