J-Miller1
commented
1 year ago I am getting this exact same error when trying to run on any binary. I see that the issue was marked as closed. Does anyone know how I could fix it? Thanks.
Closed phgg7 closed 1 year ago
J-Miller1
commented
1 year ago I am getting this exact same error when trying to run on any binary. I see that the issue was marked as closed. Does anyone know how I could fix it? Thanks.
ChrisTheCoolHut
commented
1 year ago Are you able to run the ret binary without zeratool? I think that one might be a 32bit binary, so if you're using a 64bit system you'll need to install 32bit libsOn Jun 15, 2023 9:36 PM, J-Miller1 @.***> wrote:
I am getting this exact same error when trying to run on any binary. I see that the issue was marked as closed. Does anyone know how I could fix it? Thanks.
—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you are subscribed to this thread.Message ID: @.***>
J-Miller1
commented
1 year ago Are you able to run the
retbinary without zeratool? I think that one might be a 32bit binary, so if you're using a 64bit system you'll need to install 32bit libsOn Jun 15, 2023 9:36 PM, J-Miller1 @.> wrote: I am getting this exact same error when trying to run on any binary. I see that the issue was marked as closed. Does anyone know how I could fix it? Thanks. —Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you are subscribed to this thread.Message ID: @.>
Thanks for responding so quickly. When I try to run ret I get "exec format error: challenges/ret".
But I get the same error from the original post when I run zeratool on 64bit binaries like bof_64 as well. I'll try installing 32bit libs anyways.
Thanks again for the help.
ChrisTheCoolHut
commented
1 year ago Something like https://askubuntu.com/questions/522372/installing-32-bit-libraries-on-ubuntu-14-04-lts-64-bit will help you install 32bit libraries. Also make sure the 64bit ones are marked executable chmod +x challenges/ret
root@ubuntu:~/Desktop/Zeratool/bin# python zerapwn.py ../challenges/ret INFO | 2023-03-14 07:54:10,515 | pyvex.lifting.util.lifter_helper | Trying RDMSR INFO | 2023-03-14 07:54:10,515 | pyvex.lifting.util.lifter_helper | Trying XGETBV INFO | 2023-03-14 07:54:10,515 | pyvex.lifting.util.lifter_helper | Trying AAD INFO | 2023-03-14 07:54:10,515 | pyvex.lifting.util.lifter_helper | Trying AAM INFO | 2023-03-14 07:54:10,528 | main | [+] Checking pwn type... INFO: Analyze all flags starting with sym. and entry0 (aa) INFO: Analyze all functions arguments/locals (afva@@@F) INFO: Analyze function calls (aac) INFO: Analyze len bytes of instructions for references (aar) INFO: Finding and parsing C++ vtables (avrr) INFO: Type matching analysis for all functions (aaft) INFO: Propagate noreturn information (aanr) INFO: Use -AA or aaaa to perform additional experimental analysis INFO | 2023-03-14 07:54:10,596 | zeratool.winFunctionDetector | [+] Found win function sym.win INFO | 2023-03-14 07:54:10,596 | main | [+] Checking for overflow pwn type... INFO | 2023-03-14 07:54:14,092 | zeratool.simgr_helper | Found vulnerable state. INFO | 2023-03-14 07:54:14,121 | zeratool.simgr_helper | [+] Vulnerable path found b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xef\xbe\xad\xde\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00CCCC\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' INFO | 2023-03-14 07:54:14,121 | zeratool.simgr_helper | [+] Offset to bytes : 80 INFO | 2023-03-14 07:54:14,121 | main | [+] Getting binary protections INFO | 2023-03-14 07:54:14,141 | main | [+] Exploiting overflow ERROR: Cannot open 'dbg:///home/panghu/Desktop/Zeratool/challenges/ret' for writing Traceback (most recent call last): File "/home/panghu/.local/lib/python3.8/site-packages/r2pipe/open_sync.py", line 80, in init self.process.stdin.write(("?V\n").encode("utf8")) BrokenPipeError: [Errno 32] Broken pipe
During handling of the above exception, another exception occurred:
Traceback (most recent call last): File "zerapwn.py", line 246, in
main()
File "zerapwn.py", line 180, in main
properties["pwn_type"]["results"] = overflowExploiter.exploitOverflow(
File "/home/panghu/.local/lib/python3.8/site-packages/zeratool/overflowExploiter.py", line 131, in exploitOverflow
reg_values = getRegValues(binary_name, start_addr)
File "/home/panghu/.local/lib/python3.8/site-packages/zeratool/radare_helper.py", line 11, in getRegValues
r2 = r2pipe.open(filename, flags=["-d"])
File "/home/panghu/.local/lib/python3.8/site-packages/r2pipe/open_sync.py", line 88, in init
raise Exception("ERROR: Cannot open %s" % filename)
Exception: ERROR: Cannot open /home/panghu/Desktop/Zeratool/challenges/ret
root@ubuntu:~/Desktop/Zeratool/bin#