search

Gallopsled / pwntools

CTF framework and exploit development library
http://pwntools.com
Other
12.05k stars 1.71k forks source link

work in google colab #2064

Closed ihsinme closed 2 years ago

ihsinme commented 2 years ago 
!pip install --upgrade pwntools
import os
os.environ['PWNLIB_NOTERM'] = '1'
os.environ['JUPYTER_DETECTED'] ='yes'
from pwn import *
process("ls").corefile
[x] Starting local process '/bin/ls'
[+] Starting local process '/bin/ls': pid 200
[*] Process '/bin/ls' stopped with exit code 0 (pid 200)
[!] Unsupported core_pattern: b'|/sbin/crash_reporter --user=%P:%s:%u:%g:%f'
[ERROR] Could not find core file for pid 200
PwnlibException: Could not find core file for pid 200

if the use cases pwntools in colab

Arusekk commented 2 years ago

Corefile makes sense only if a deadly core-dropping signal arrives to the process (the core file preserves the death state), or if it is still alive (the core file preserves a snapshot of the process state). If the process has terminated, it does not exist, so its state cannot be captured.

I am not sure what your expectations are in this case, and what do you need the core file for. Nevertheless, this /sbin/crash_reporter thing is not supported by pwntools, so even if your ls process crashed, we have no idea what colab does with core files.

EDIT: see signal(7) manpage.

ihsinme commented 2 years ago

Thank you for your prompt response.

so pwntools doesn't work with colab kernel files?

Arusekk commented 2 years ago

It does work with colab, but what is not supported is two things: capturing a core file of an exited process (anywhere), and capturing a core file of a crashed process on colab. Pwntools is a tool kit, and only this single tool does not work: you need to work this around either by capturing a core file of an alive process, or by changing the core_pattern from |/sbin/crash_reporter to core, or finally by not using core files inspection at all.

In most cases when the actual exploitation happens, you do not have access to core files dropped by incorrect exploitation attempts anyway (suid launches or only I/O remote access), so your final exploit should not rely on the corefile functionality.

EDIT: what is it you want to acheive? What do you actually want to happen?

ihsinme commented 2 years ago

thanks for the answer.

I want to use the simple example from article https://mudongliang.github.io/2021/05/11/use-pwntools-for-your-exploits.html, make a sample collab notebook and start learning about your tool.

thanks

ihsinme commented 2 years ago

thanks