Pwntools


CIS 5510

Pwntools is a legendary toolkit, a beacon for those who dare to challenge the conventions of cybersecurity. This isn’t just a library—it’s the key to unlocking the secrets buried deep within the code, transforming the chaotic dance of bits and bytes into a symphony of controlled exploits.

With Pwntools, you command the power to:

With a single line, you summon this power:

from pwn import *

In that moment, you stand at the crossroads of creation and destruction, ready to shape the digital realm to your will. Pwntools is not just a tool; it’s your passage into the realm of digital dominance, where every command is a stroke of genius, and every exploit is a masterpiece waiting to be realized.


Lectures and Reading


Challenges

This level is a tutorial and fairly straightforward. You could just run /challenge/pwntools-tutorials-level0.0 in the terminal and enter a specific string (which you can find by reading the bypass_me function), but that’s not the main goal here.

This level is designed to teach you how to use pwntools to complete the challenge. Your task is to use the process, send, recv, and other pwntools APIs to write an exploit script, send the right input to bypass the check, and retrieve the flag. Check out the example pwntools code below (hint: don’t forget to replace FIXME with the specific string mentioned earlier):

from pwn import *

# Set architecture, os and log level
context(arch="amd64", os="linux", log_level="info")

# Load the ELF file and execute it as a new process.
challenge_path = "/challenge/pwntools-tutorials-level0.0"
p = process(challenge_path)

payload = b'FIXME'

# Send the payload after the string "pwn me :)\n" is found.
p.sendlineafter(b"pwn me :)\n", payload)

# Receive flag from the process
flag = p.recvline()
print(f"flag is: {flag}")

To tackle this level, you'll need to dive into the bypass_me function in the challenge and use pwntools to complete it. Your task is to use the p64, p32, p16, p8, and other pwntools APIs to craft an exploit script. The goal is to send the right input to bypass the check and retrieve the flag.

To tackle this level, you'll need to dive into the bypass_me function in the challenge and use pwntools to complete it. Your task is to use the p64, p32, p16, p8, and other pwntools APIs to craft an exploit script. The goal is to send the right input to bypass the check and retrieve the flag.

In this level, your task is to write an assembly code snippet that meets the following condition to bypass the check. You'll then use the asm API from pwntools to compile the assembly code and complete the challenge. The condition for this challenge is:

rax = 0xdeadbeef

Refer to the pwntools example code below to help you complete the script (Hint: make sure to replace the NOP instruction with the specific assembly instruction you need):

from pwn import *

# Set architecture, os and log level
context(arch="amd64", os="linux", log_level="info")

# Load the ELF file and execute it as a new process.
challenge_path = "/challenge/pwntools-tutorials-level2.0"

p = process(challenge_path)

shellcode = """
    nop
"""

payload = asm(shellcode)

# Send the payload after the string "(up to 0x1000 bytes): \n" is found.
p.sendafter("Please give me your assembly in bytes", payload)

p.interactive()

In this level, you'll need to write an assembly code snippet that swaps the values of specific registers to bypass the check. You'll use the asm API from pwntools to compile the assembly code and complete the challenge. The condition for this challenge is:

Swap the values of specific registers.

In this level, you'll need to write an assembly code snippet that swaps the values of specific registers to bypass the check. You'll use the asm API from pwntools to compile the assembly code and complete the challenge. The condition for this challenge is:

Calculate a specific formula.

In this level, you'll need to write an assembly code snippet that swaps the values of specific registers to bypass the check. You'll use the asm API from pwntools to compile the assembly code and complete the challenge. The condition for this challenge is:

Modify the value of a specific global data area.

In this level, you'll need to write an assembly code snippet that swaps the values of specific registers to bypass the check. You'll use the asm API from pwntools to compile the assembly code and complete the challenge. The condition for this challenge is:

Set a specific stack memory area.

In this level, you'll need to write an assembly code snippet that swaps the values of specific registers to bypass the check. You'll use the asm API from pwntools to compile the assembly code and complete the challenge. The condition for this challenge is:

Write an `if` statement to set a specific stack memory area.

In this level, you'll need to write an assembly code snippet that swaps the values of specific registers to bypass the check. You'll use the asm API from pwntools to compile the assembly code and complete the challenge. The condition for this challenge is:

Write a `for` loop to calculate a specific formula.

In this level, you'll need to analyze the bypass_me function in the challenge and use pwntools to solve it. Your next step is to use the interaction API in pwntools to write an exploit script, send the right input to bypass the checks, and retrieve the /flag.

In this level, without access to the source code, you'll need to use cyclic patterns and core dump analysis to automatically locate the return address. Then, exploit a stack overflow to read the flag.

In this level, you need to generate shellcode that will read the flag using pwntools. You'll need to use the pwntools.shellcraft module to automatically create the necessary assembly instructions and system calls for reading the flag from the system.