Pwntools Cheatsheet

19 阅读1分钟
Making a Connection
import pwnImport the pwn module.
conn = pwn.process(path)Start and connect to the local executable at path.
conn = pwn.remote(host, port)Connect to TCP port port on host.
Sending and Receiving Data
conn.send(s)Send the string s.
conn.sendline(s)Send the string s and a newline.
s = conn.recv(n)Receive up to n bytes.
s = conn.recvn(n)Receive exactly n bytes.
s = conn.recvline()Receive up to and including a newline.
s = conn.recvuntil(prompt)Receive up to and including the string prompt.
s = conn.recvregex(regex)Receive up to and including something that matches regex.
s = conn.recvall()Receive everything until the connection closes.
conn.sendlineafter(prompt, s)Receive until prompt, then send the string s.
conn.interactive()Drop into interactive mode.
Packing and Unpacking Integers
s = pwn.p<N>(n)Pack unsigned N-bit integer n into a string.
n = pwn.u<N>(s)Unpack string s into an unsigned N-bit integer.
s = pwn.p<N>(n, sign=True)Pack signed N-bit integer n into a string.
n = pwn.u<N>(s, sign=True)Unpack string s into a signed N-bit integer.
Shellcraft
asm = pwn.shellcraft.sh()Generate assembly that opens an interactive shell.
asm = pwn.shellcraft.cat(path)Generate assembly that dumps the file at path.
asm = pwn.shellcraft.exit(code)Generate assembly that exits with code code.
asm = pwn.shellcraft.nop()Generate assembly for a single-byte no-op.
bin = pwn.asm(asm)Assembles asm into a binary snippet.
asm = pwn.disasm(bin)Disassembles bin into assembly.
Context Control
pwn.context.log_level = "debug"Log all traffic through your connection.
pwn.context.log_level = "warn"Don't log unless something goes wrong.
pwn.context.arch = "i386"Set the target CPU architecture.
pwn.context.os = "linux"Set the target operating system.
pwn.context.endian = "big"Set the target endianness.
pwn.context.word_size = 32Set the target word size.
pwn.context(arch="arm", ...)Set any of the above in a single line.