pwntools. This has been tested to work in combination with
tmux - other combinations may or may not work. This might also work with other setups without
tmux but that's not supported currently.
As of now, only the Python2 version of
pwntools is being actively maintained.
A version for the currently unmaintained Python3 fork of
pwntools will be released as soon as it's being actively maintained and updated with
pwntools-gdb environment variable support.
Ok How To Use This?
- Create a new pipenv:
pipenv --python 2.7
- Install this:
pipenv install pwntools-r2
- Enter the virtual environment:
- Code your 1337 exploit:
#!/usr/bin/env python2 from pwntools_r2 import * # You might want to change this context.terminal = ['tmux', 'splitw', '-v'] r2script = """ #r2.cmd('db sym.main') #r2.cmd('aaa') #r2.cmd('V!') """ p = r2dbg('./a', r2script=r2script) p.interactive()
Be sure to not forget
interactive() at the end :)
Please note that the commands for
r2 have to be prefixed with a
#. If you want to pass additional parameters, you can use the same in the function prototype of
- Do stuff:
Ok But How To Pass argv Values?
- Write your payload to a temporary file before running the target process
- Use this:
#r2.cmd('ood `!cat /tmp/payload`')
- You can debug any errors with
context.log_level = 'DEBUG'via your
- If no terminal can be found or any weird errors come up, try setting
context.terminalaccordingly - e.g. to
['tmux', 'splitw', '-v']