ValueError while launch process with gdb.debug()

[diegoxcn]

Hi there,

I always got ValueError: invalid literal for int() with base 10: b'' when I try to launch gdb.debug(). Is it problem with pwntools or tmux? How should I workaround it?
I have the latest version of pwntools/gdbserver.

$ python3 -V               
Python 3.9.2

$ pwn version
[*] Pwntools v4.5.0

$ gdbserver --version
GNU gdbserver (Debian 10.1-1.7) 10.1.90.20210103-git
Copyright (C) 2021 Free Software Foundation, Inc.
gdbserver is free software, covered by the GNU General Public License.
This gdbserver was configured as "x86_64-linux-gnu"

And when I try to do io = gdb.debug("/bin/bash", gdbscript='continue') I will get below error:

[x] Starting local process '/usr/bin/gdbserver'
[+] Starting local process '/usr/bin/gdbserver': pid 14822
[*] running in new terminal: /usr/bin/gdb -q  "/bin/bash" -x /tmp/pwncxztung0.gdb
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/home/htb/.local/lib/python3.9/site-packages/pwnlib/context/__init__.py", line 1543, in setter
    return function(*a, **kw)
  File "/home/htb/.local/lib/python3.9/site-packages/pwnlib/gdb.py", line 577, in debug
    tmp = attach((host, port), exe=exe, gdbscript=gdbscript, ssh=ssh, sysroot=sysroot, api=api)
  File "/home/htb/.local/lib/python3.9/site-packages/pwnlib/context/__init__.py", line 1543, in setter
    return function(*a, **kw)
  File "/home/htb/.local/lib/python3.9/site-packages/pwnlib/gdb.py", line 1051, in attach
    gdb_pid = misc.run_in_new_terminal(cmd, preexec_fn = preexec_fn)
  File "/home/htb/.local/lib/python3.9/site-packages/pwnlib/util/misc.py", line 297, in run_in_new_terminal
    pid = int(out)
ValueError: invalid literal for int() with base 10: b''

Or
If I do io = process('/bin/sh'); gdb.attach(io, gdbscript='continue'), I will have below:

[*] running in new terminal: /usr/bin/gdb -q  "/bin/sh" 14834 -x /tmp/pwn0d1dol1k.gdb
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/home/htb/.local/lib/python3.9/site-packages/pwnlib/context/__init__.py", line 1543, in setter
    return function(*a, **kw)
  File "/home/htb/.local/lib/python3.9/site-packages/pwnlib/gdb.py", line 1051, in attach
    gdb_pid = misc.run_in_new_terminal(cmd, preexec_fn = preexec_fn)
  File "/home/htb/.local/lib/python3.9/site-packages/pwnlib/util/misc.py", line 297, in run_in_new_terminal
    pid = int(out)
ValueError: invalid literal for int() with base 10: b''

So far no other error when I try to do remote, etc. by pwntools. I'm very appreciate if anyone can help me to find the problem.

Thanks in advance.

[heapcrash]

This is a dupe of #1898 which was just fixed in v4.5.1. Update your pwntools and it should work!

$ pwn update

[diegoxcn]

Hi heapcrash,

I'm sorry, but I still have the same issue after update pwntools to 4.5.1, here's my code, I'm new to pwntools:

from pwn import *
context(terminal=['tmux','new-window'])
p = gdb.debug('./adminhelper', 'b main')
context(os='linux', arch='amd64')

junk = "A" * 72
pop_rdi = p64(0x8c3)
got_puts = p64(0x201020)
plt_puts = p64(0x650)

gadget_leak = pop_rdi + got_puts + plt_puts

p.sendline(junk + gadget_leak)

p.interactive()

Then I got the error after I execute it:

└─$ python3 exploit.py

[+] Starting local process '/usr/bin/gdbserver': pid 37036
[*] running in new terminal: /usr/bin/gdb -q  "./adminhelper" -x /tmp/pwn2jro4gpt.gdb
Traceback (most recent call last):
  File "/dev/shm/exploit.py", line 3, in <module>
    p = gdb.debug('./adminhelper', 'b main')
  File "/home/htb/.local/lib/python3.9/site-packages/pwnlib/context/__init__.py", line 1543, in setter
    return function(*a, **kw)
  File "/home/htb/.local/lib/python3.9/site-packages/pwnlib/gdb.py", line 577, in debug
    tmp = attach((host, port), exe=exe, gdbscript=gdbscript, ssh=ssh, sysroot=sysroot, api=api)
  File "/home/htb/.local/lib/python3.9/site-packages/pwnlib/context/__init__.py", line 1543, in setter
    return function(*a, **kw)
  File "/home/htb/.local/lib/python3.9/site-packages/pwnlib/gdb.py", line 1051, in attach
    gdb_pid = misc.run_in_new_terminal(cmd, preexec_fn = preexec_fn)
  File "/home/htb/.local/lib/python3.9/site-packages/pwnlib/util/misc.py", line 303, in run_in_new_terminal
    pid = int(out)
ValueError: invalid literal for int() with base 10: b''
[*] Stopped process './adminhelper' (pid 37040)

I had double confirmed that the new change is applied into misc.py for the tmux switch of -F or -P.

Thank you very much.

[Arusekk]

I believe we should catch the ValueError anyway, and provide more details in case of failure,
You can also debug your case adding DEBUG to your command line, like python3 exploit.py DEBUG, see what command is actually being executed, try to execute it yourself, and see what the error is.

[diegoxcn]

Hi Arusekk,

Thanks for the advice, this error of mine, was issued after launching a new terminal of tmux.

Should tmux version be consider as part of the reason?

└─$ tmux -V
tmux 3.1c

└─$ python3 exploit.py DEBUG
[+] Starting local process '/usr/bin/gdbserver' argv=[b'/usr/bin/gdbserver', b'--multi', b'--no-disable-randomization', b'localhost:0', b'./adminhelper'] : pid 40642

[DEBUG] Received 0x43 bytes:
    b'Process ./adminhelper created; pid = 40646\n'
    b'Listening on port 33569\n'

[DEBUG] Wrote gdb script to '/tmp/pwn9chlrr06.gdb'
    target remote 127.0.0.1:33569
    b main
[*] running in new terminal: /usr/bin/gdb -q  "./adminhelper" -x /tmp/pwn9chlrr06.gdb

[DEBUG] Launching a new terminal: ['/usr/bin/tmux', 'new-window', '-F#{pane_pid}', '-P', '/usr/bin/gdb -q  "./adminhelper" -x /tmp/pwn9chlrr06.gdb']

Traceback (most recent call last):
  File "/dev/shm/exploit.py", line 3, in <module>
    p = gdb.debug('./adminhelper', 'b main')
  File "/home/htb/.local/lib/python3.9/site-packages/pwnlib/context/__init__.py", line 1543, in setter
    return function(*a, **kw)
  File "/home/htb/.local/lib/python3.9/site-packages/pwnlib/gdb.py", line 577, in debug
    tmp = attach((host, port), exe=exe, gdbscript=gdbscript, ssh=ssh, sysroot=sysroot, api=api)
  File "/home/htb/.local/lib/python3.9/site-packages/pwnlib/context/__init__.py", line 1543, in setter
    return function(*a, **kw)
  File "/home/htb/.local/lib/python3.9/site-packages/pwnlib/gdb.py", line 1051, in attach
    gdb_pid = misc.run_in_new_terminal(cmd, preexec_fn = preexec_fn)
  File "/home/htb/.local/lib/python3.9/site-packages/pwnlib/util/misc.py", line 303, in run_in_new_terminal
    pid = int(out)
ValueError: invalid literal for int() with base 10: b''
[*] Stopped process './adminhelper' (pid 40646)

Any further suggestion please? Thank you very much.

[Arusekk]

So try to launch tmux new-window -F'#{pane_pid}' -P gdb and see why it does not output the pid of gdb. It might be a feature of tmux itself. https://github.com/tmux/tmux

Try using splitw instead of new-window for now, and use ^B z to zoom active pane instead.

BTW try to format your pasted terminal output as code, either by doing this

Normal text...

    code

more normal text

or this:

```py
code with python highlighting
```

or by reading more about GitHub markdown.

[heapcrash]

I don’t think pane-pid will work with new-window, maybe?

[heapcrash]

Just investigated, seems like it should work...

$ tmux new-window -F '#{pane_pid}' -P bash
270

Update: Works for me. Maybe update tmux?

>>> from pwn import *
>>> context.terminal = ['tmux', 'new-window']
>>> run_in_new_terminal('bash')
3694

[nicolaipre]

For anyone else experiencing the same issue, just open tmux before you run your pwntools script.

[songyhinf]

For anyone else experiencing the same issue, just open tmux before you run your pwntools script.

You're right.

[Arusekk]

Error message fixed by #2314