pwntools cheatsheet
Personal pwntools cheatsheet
1. Fix terminal for GDB
context.terminal = ['st', '-e']
2. get address/offset of a function
addr_main = elf.symbols['main']
Then to pack the address:
p64(addr_main) # 64 bits p32(addr_main) # 32 bits
3. Manipulate bytes
crafted_username = b"adminAAAAAAAAA" + bytes([255, 255])
4. Run program with custom enviroment
In the template generated, when you start the process:
io = start(env = {'LD_PRELOAD': './rand.so'})
You can put whatever you want
5. Convert bytearray to int
addr = int(bytearray(recv),16)
6. Easily search through the received data
text = io.recvall().decode().split("\n")
Or in a more secure manner:
text= io.recvall().decode(encoding='UTF-8', errors='ignore').split(",")
Just change the split