IronForgeCyber

Log In

Establishing Connection

Pwntools establishes a standard interface for connecting to locally and remotely binaries. This is accomplished via the pwnlib.tubes module.

What is a tube?

A tube is a generic object that can send or receive data. It is the base class for all connections and the primary interface for interacting with a remote process.

Connecting to a Remote Process

Use remote() for easy connection to remote processes.

p = remote('ctf.ironforgecyber.com', 1100)

You can also use a listener to connect to a remote process.

l = listen(1100)
r = remote('ctf.ironforgecyber.com', l.lport)
p = l.wait_for_connection()

Connecting to a Local Process

Use process() for easy connection to local processes.

p = process('./win32')

Using GDB with Pwntools

We can use gdb.debug() to run a local process within gdb. This takes a secondary argument, gdbscript, which is a string of commands to run in gdb. This is useful for setting breakpoints, etc.

p = gdb.debug('./win32', gdbscript='b *main\nc')

People commonly use a separate variable for their gdbscript because it's easier to read. Using a separate string allows you to use triple quotes, making writing multi-line scripts easier.

cmds = '''
b *main
c
'''

p = gdb.debug('./win32', gdbscript=cmds)

Success

This allowed us to write commands without using the newline character. It also generally makes the code easier to read.

We can use gdb.attach() to attach to a process. It takes the target to attach to (which, under the hood, is the process ID).

p = process('./win32')
gdb.attach(p)