@TOC
0x0 安装
sudo pip install pwntools
0x1 导入包
from pwn import*
0x2 链接远程服务器或者链接本地文件
远程 r = remote(‘目的IP或目标URL’,目标端口号) 本地 r = process('./文件名')
0x3 接收远端回传的数据
interactive() //在取得shell之后使用,直接进行交互,相当于回到shell的模式 recv(numb = 字节大小,timeout = default) //接收指定字节数 recall() //一直接收知道达到文件EOF recvline(keepends = True)接收一行,keepends为是否保留行尾的\n recvuntil(delims,drop = False)一直读到delims的pattern出现为止 recvrepeat(timeout=default)持续接收世道EOF或timeout
0x4 向远端发送数据
send(data)发送数据 sendline(data)发送一行数据,相当于在数据末尾+ \n
0x5 设置运行时变量
context(arch='',os = '', log_level = 'debug')
0x6 格式转换
p32() 数字转换为字符串 u32() 字符串转换为数字
0x7 cyclic
cyclic 需要的长度 cyclic -l 异常的地点
0x8 ELF 操作ELF文件的工具
elf = ELF('pwn') hex(elf.address) hex(elf.symbols['write'] hex(elf.got['write']) hex(elf.plt['write'])
![[PWN][高级篇]ROP-ret2libc-32/64位实例 (共四个)(上)](https://ucc.alicdn.com/pic/developer-ecology/96b3bb9db6d7479785f5d31e9c27a24a.png?x-oss-process=image/resize,h_160,m_lfit)
![[PWN][知识小节]shellcode生成和测试](https://ucc.alicdn.com/pic/developer-ecology/6a5045a0370d4ce584712212ff0200e2.png?x-oss-process=image/resize,h_160,m_lfit)
![[PWN][基础篇]printf漏洞介绍](https://ucc.alicdn.com/pic/developer-ecology/5d8919112d4144e6b7eeb25dbfa3ed9c.png?x-oss-process=image/resize,h_160,m_lfit)
![[PWN][进阶篇]Rop-Ret2Text介绍及实例教学](https://ucc.alicdn.com/pic/developer-ecology/2e0fa6b933ee4f5fb758d032b4878465.png?x-oss-process=image/resize,h_160,m_lfit)
![[PWN][基础篇]如何利用printf漏洞突破canary保护](https://ucc.alicdn.com/pic/developer-ecology/65e1ee8350184402a2d936d14d4964e1.png?x-oss-process=image/resize,h_160,m_lfit)
![[PWN][高级篇]ROP-ret2libc基础知识](https://ucc.alicdn.com/pic/developer-ecology/4bbb345c1edd4425a6e7b42eed3f06da.png?x-oss-process=image/resize,h_160,m_lfit)
![[PWN][基础篇]保护函数和溢出实例](https://ucc.alicdn.com/pic/developer-ecology/2ddbd4d4b90845efb0dfd7865fcd64b0.png?x-oss-process=image/resize,h_160,m_lfit)
![[PWN][基础篇]基础理论](https://ucc.alicdn.com/pic/developer-ecology/1d84516d688c482e8569a8099ab18de4.png?x-oss-process=image/resize,h_160,m_lfit)