pwntools
...
π» To-do π»
Stuff that I found, but never read/used yet.
# pip install pwntools
from pwn import *
ssh = ssh("xxx", "yyy", 22, password="zzz")
def send_payload(payload):
p = ssh.process(["/path/to/my_binary", payload], "/path/to/my_binary")
return p.recvall()
print(FmtStr(execute_fmt=send_payload).offset)
# [*] Found format string offset: XXX
# fmtstr_payload(X, {elf.got.exit: elf.sym.win}, numbwritten=0)
target = remote("host", port)
target = process("./xxx.bin")
gdb.attach(target)
target.send(x)
target.sendline(x)
target.recvline()
target.recvuntil("out")
target.interactive()
p64(x),u64(x)p32(x),u32(x)