Writing Stealth Exploit with Python CTF framework

Written on June 4, 2019 .

Last update on Dec. 11, 2020.

Pwntools is a CTF framework and exploit development library. Written in Python, it is designed for rapid prototyping and development, and intended to make exploit writing as simple as possible

Exploits have evolved from simple one to complex exploits used to exploit large industrial systems over a network. Nothing has fueled exploit development than the complicated exploit development frameworks out there. There are a couple of exploit development frameworks that make developing exploits easy and quick. Today we want to have a keen look at one written entirely in python Pwntools CT Framework.

Pwntools is a CTF framework and exploit development library. Written in Python, it is designed for rapid prototyping and development, and intended to make exploit writing as simple as possible.

from pwn import *
context(arch = 'i386', os = 'linux')

r = remote('exploitme.example.com', 31337)
# EXPLOIT CODE GOES HERE
r.send(asm(shellcraft.sh()))
r.interactive()

That's how easy it is to get started with Pwntools

How to install Installation on ubuntu 18.04

pwntools is best supported on Ubuntu 14.04 and above, but most functionality should work on any Posix-like distribution (Debian, Arch, FreeBSD, OSX, etc.). today we are going to install it on ubuntu 18.04 LTS.

Prerequisites of Pwntools

pwntools is available as a pip package.

$ apt-get update
$ apt-get install python2.7 python-pip python-dev git libssl-dev libffi-dev build-essential
$ pip install --upgrade pip
$ pip install --upgrade pwntools

However, some of the features (assembling/disassembling foreign architectures) require non-Python dependencies.

Development

If you are hacking on Pwntools locally, you’ll want to do something like this:

$ git clone https://github.com/Gallopsled/pwntools
$ pip install --upgrade --editable ./pwntools

Installing Binutils On Ubuntu and Debian

Assembly of foreign architectures (e.g. assembling Sparc shellcode on Mac OS X) requires cross-compiled versions of binutils to be installed. We’ve made this process as smooth as we can.

In these examples, replace $ARCH with your target architecture (e.g., arm, mips64, vax, etc.).

Building binutils from source takes about 60 seconds on a modern 8-core machine.

$ apt-get install software-properties-common
$ apt-add-repository ppa:pwntools/binutils
$ apt-get update

Then, install the binutils for your architecture.

$ apt-get install binutils-$ARCH-linux-gnu

Comments

Comments are closed.