Merge branch 'dev' into dev3

Gallopsled · Oct 30, 2019 · e0af5e8 · e0af5e8
2 parents f49f931 + 5a23b22
commit e0af5e8
Show file tree

Hide file tree

Showing 2 changed files with 33 additions and 9 deletions.
diff --git a/pwnlib/elf/elf.py b/pwnlib/elf/elf.py
@@ -209,10 +209,6 @@ def __init__(self, path, checksec=True):
 
         super(ELF,self).__init__(self.mmap)
 
-        #: IntervalTree which maps all of the loaded memory segments
-        self.memory = intervaltree.IntervalTree()
-        self._populate_memory()
-
         #: :class:`str`: Path to the file
         self.path = os.path.abspath(path)
 
@@ -269,6 +265,10 @@ def __init__(self, path, checksec=True):
                 self.arch = 'mips64'
                 self.bits = 64
 
+        #: IntervalTree which maps all of the loaded memory segments
+        self.memory = intervaltree.IntervalTree()
+        self._populate_memory()
+
         # Is this a native binary? Should we be checking QEMU?
         try:
             with context.local(arch=self.arch):
@@ -1009,7 +1009,8 @@ def _populate_memory(self):
             # Check for holes which we can fill
             if self._fill_gaps and i+1 < len(load_segments):
                 next_start = load_segments[i+1].header.p_vaddr
-                if stop_mem < next_start:
+
+                if stop_mem < next_start and stop_mem>>(self.bits-1) == next_start>>(self.bits-1):
                     self.memory.addi(stop_mem, next_start, None)
             else:
                 page_end = (stop_mem + 0xfff) & ~(0xfff)

diff --git a/pwnlib/tubes/ssh.py b/pwnlib/tubes/ssh.py
@@ -435,9 +435,18 @@ def __init__(self, parent, host, port, *a, **kw):
                 self.exception(e.message)
                 raise
 
-            sockname = self.sock.get_transport().sock.getsockname()
-            self.lhost = sockname[0]
-            self.lport = sockname[1]
+            try:
+                # Iterate all layers of proxying to get to base-level Socket object
+                curr = self.sock.get_transport().sock
+                while getattr(curr, "get_transport", None):
+                    curr = curr.get_transport().sock
+
+                sockname = curr.getsockname()
+                self.lhost = sockname[0]
+                self.lport = sockname[1]
+            except Exception as e:
+                self.exception("Could not find base-level Socket object.")
+                raise e
 
             h.success()
 
@@ -547,7 +556,21 @@ def __init__(self, user, host, port = 22, password = None, key = None,
             ssh_agent: If :const:`True`, enable usage of keys via ssh-agent
 
         NOTE: The proxy_command and proxy_sock arguments is only available if a
-        fairly new version of paramiko is used."""
+        fairly new version of paramiko is used.
+
+        Example proxying:
+
+            >>> s1 = ssh(host='example.pwnme',
+            ...          user='travis',
+            ...          password='demopass')
+            >>> r1 = s1.remote('localhost', 22)
+            >>> s2 = ssh(host='example.pwnme',
+            ...          user='travis',
+            ...          password='demopass',
+            ...          proxy_sock=r1.sock)
+            >>> r2 = s2.remote('localhost', 22) # and so on...
+            >>> for x in r2, s2, r1, s1: x.close()
+        """
         super(ssh, self).__init__(*a, **kw)
 
         Logger.__init__(self)