Skip to content

Instantly share code, notes, and snippets.

@thinkycx
Last active November 26, 2018 01:31
Show Gist options
  • Save thinkycx/b579b259931f9a8833fc1940fe038d35 to your computer and use it in GitHub Desktop.
Save thinkycx/b579b259931f9a8833fc1940fe038d35 to your computer and use it in GitHub Desktop.
my exploit template for CTF PWN
#!/usr/bin/env python
# coding=utf-8
# author: thinkycx
# date: 2018-10-31
from pwn import *
context.local(arch='amd64', os='linux')
def pwn(io):
if local&debug: gdb.attach(io,'break *0x400641')
if __name__ == '__main__':
global io, elf, libc, debug
local, debug = 1, 0
context.log_level = 'debug'
filename = './scanf'
elf = ELF(filename)
if local:
io = process(filename, env={"LD_PRELOAD":"/tmp/libc.so"})
libc = ELF('/lib/x86_64-linux-gnu/libc.so.6')
# context.terminal = ['tmux', '-x', 'sh', '-c']
context.terminal = ['tmux', 'splitw', '-h' ]
pwn(io)
io.interactive()
@thinkycx
Copy link
Author

thinkycx commented Nov 26, 2018

how to run binary as local?

socat tcp-l:10001,fork exec:./filename

change terminal to terminator

context.terminal = ['terminator', '-x', 'sh', '-c']

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment