Pwntools


Pwntools Tutorials

Pwntools is a toolkit (including various handy tools) and a software library designed to simplify the process of exploitation in CTF competitions as much as possible, while also enhancing the readability of the exploit code.

You can use the following python code to import the pwntools library:

from pwn import *


Lectures and Reading


Challenges

This level is a tutorial and relatively simple. You can directly run /challenge/pwntools-tutorials-level0.0 in the terminal and then input a specific string (which you can find by reading the bypass_me function), but that is not the goal of this level.

This level will guide you on how to use pwntools to complete the challenge. Next, you need to use the process, send, recv, and other APIs in pwntools to write an exploit script, send a specific input to bypass the check, and read the /flag. Please refer to the following pwntools example code (hint: be sure to replace FIXME with the specific string mentioned above):

from pwn import *

# Set architecture, os and log level
context(arch="amd64", os="linux", log_level="info")

# Load the ELF file and execute it as a new process.
challenge_path = "/challenge/pwntools-tutorials-level0.0"
p = process(challenge_path)

payload = b'FIXME'
# Send the payload after the string ":)\n###\n" is found.
p.sendafter(":)\n###\n", payload)

# Receive flag from the process
flag = p.recvline()
print(f"flag is: {flag}")

This level requires you to read the bypass_me function in the challenge and use pwntools to complete the challenge. Next, you need to use the p64, p32, p16, p8, and other APIs in pwntools to write an exploit script, send a specific input to bypass the check, and read the /flag.

This level requires you to read the bypass_me function in the challenge and use pwntools to complete the challenge. You need to use Python string concatenation and the p64, p32, p16, p8 APIs from pwntools to write an exploit script, send a specific input to bypass the check, and read the /flag.

In this level, you need to write an assembly code snippet to meet the following condition to bypass the check, and use the asm API from pwntools to compile the assembly code and complete the challenge. The condition for this challenge is:

rax = 0x12345678

Please refer to the following pwntools example code to complete the script (Hint: make sure to replace the NOP instruction with the specific assembly instruction):

from pwn import *

def print_lines(io):
    info("Printing io received lines")
    while True:
        try:
            line = io.recvline()
            success(line.decode())
        except EOFError:
            break

# Set architecture, os and log level
context(arch="amd64", os="linux", log_level="info")

# Load the ELF file and execute it as a new process.
challenge_path = "/challenge/pwntools-tutorials-level2.0"

p = process(challenge_path)

# Send the payload after the string "(up to 0x1000 bytes): \n" is found.
p.sendafter("Please give me your assembly in bytes", asm("NOP"))

print_lines(p)

This level requires you to write an assembly code snippet to meet the following condition to bypass the check, and use the asm API from pwntools to compile the assembly code and complete the challenge. The condition for this challenge is:

Swap the values of specific registers (refer to the `trace` method of the `ASMChallenge` class).

This level requires you to write an assembly code snippet to meet the following condition to bypass the check, and use the asm API from pwntools to compile the assembly code and complete the challenge. The condition for this challenge is:

Calculate a specific formula (refer to the `trace` method of the `ASMChallenge` class)

This level requires you to write an assembly code snippet to meet the following condition to bypass the check, and use the asm API from pwntools to compile the assembly code and complete the challenge. The condition for this challenge is:

Modify the value of a specific global data area.(refer to the `trace` method of the `ASMChallenge` class)

This level requires you to write an assembly code snippet to meet the following condition to bypass the check, and use the asm API from pwntools to compile the assembly code and complete the challenge. The condition for this challenge is:

Set a specific stack memory area.(refer to the `trace` method of the `ASMChallenge` class)

This level requires you to write an assembly code snippet to meet the following condition to bypass the check, and use the asm API from pwntools to compile the assembly code and complete the challenge. The condition for this challenge is:

Write an `if` statement to set a specific stack memory area.(refer to the `trace` method of the `ASMChallenge` class)

This level requires you to write an assembly code snippet to meet the following condition to bypass the check, and use the asm API from pwntools to compile the assembly code and complete the challenge. The condition for this challenge is:

Write a `for` loop to calculate a specific formula.(refer to the `trace` method of the `ASMChallenge` class)

当前关卡需要你阅读挑战关卡的 bypass_me 函数,使用 pwntools 完成本关卡挑战。接下来,你需要使用 pwntools 中的交互 API 编写利用脚本,发送特定输入绕过检查,并读取 /flag

In this level, without the aid of source code, use cyclic patterns and core dump analysis to automatically find the return address and exploit a stack overflow to read the /flag file.


Ranking

This scoreboard reflects solves for challenges in this module after the module launched in this dojo.

Week | Month | All Time

Rank Hacker Badges Score