lab1/exp_template.py

#!/usr/bin/env python
# -*- coding: utf-8 -*-

'''
~Author
'''

from pwn import *
import re
import argparse
import subprocess
from binascii import *


BINARY_FILE = './challenges/crackme0x01'  # path to binary
REMOTE = (None,None)  # (host,port)


def setup_connection():
    binary, libc, preload = None, None, False
    local_libc = '/lib/x86_64-linux-gnu/libc.so.6'
    task_libc = './libc.so.6'

    # env vars, for preloading
    env = {}
    if args.PRELOAD:
        local_libc = task_libc
        env = {'LD_PRELOAD': task_libc}

    # if we need stuff from binary file
    if args.BINARY:
        binary = ELF(BINARY_FILE)
        context.arch = binary.arch

    if args.REMOTE:
        if args.LIBC:
            libc = ELF(task_libc)
        # connect to remote host
        s = remote(*REMOTE)
    else:
        if args.LIBC:
            libc = ELF(local_libc)
        
        # run local process
        s = process(BINARY_FILE, stderr=open('/dev/null', 'w+'), env=env)

        # open debugger
        if args.GDB:
            context.terminal = ['gnome-terminal', '-e']  # for gnome
            # context.terminal = ['tmux', '-h' '-e']  # for tmux
            breakpoints = []
            gdb.attach(s, exe=BINARY_FILE, gdbscript='\n'.join(['b *'+str(x) for x in breakpoints]))
            
    return s, binary, libc


if __name__ == '__main__':
    # run this script like: python ./exp_template.py GDB BINARY
    s, binary, libc = setup_connection()

    print('msg:', s.recvuntil('\n'))
    s.sendline('test')
    print('result: ', s.recvuntil('\n'))

    s.interactive()
    s.close()