Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/Gallopsled/pwntools-tutorial
Tutorials for getting started with Pwntools
https://github.com/Gallopsled/pwntools-tutorial
Last synced: about 1 month ago
JSON representation
Tutorials for getting started with Pwntools
- Host: GitHub
- URL: https://github.com/Gallopsled/pwntools-tutorial
- Owner: Gallopsled
- License: mit
- Created: 2015-06-11T06:03:31.000Z (over 9 years ago)
- Default Branch: master
- Last Pushed: 2024-10-01T23:16:19.000Z (2 months ago)
- Last Synced: 2024-11-04T21:23:01.382Z (about 1 month ago)
- Language: Jupyter Notebook
- Homepage: http://pwntools.com
- Size: 85 KB
- Stars: 1,399
- Watchers: 34
- Forks: 246
- Open Issues: 5
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-rainmana - Gallopsled/pwntools-tutorial - Tutorials for getting started with Pwntools (Jupyter Notebook)
- awesome-security - Pwntools Tutorial
README
# Pwntools Tutorials
This repository contains some basic tutorials for getting started with pwntools (and pwntools).
These tutorials do not make any effort to explain reverse engineering or exploitation primitives, but assume this knowledge.
# Introduction
[`Pwntools`](https://pwntools.com) is a grab-bag of tools to make exploitation during CTFs as painless as possible, and to make exploits as easy to read as possible.
There are bits of code everyone has written a million times, and everyone has their own way of doing it. Pwntools aims to provide all of these in a semi-standard way, so that you can stop copy-pasting the same `struct.unpack('>I', x)` code around and instead use more slightly more legible wrappers like `pack` or `p32` or even `p64(..., endian='big', sign=True)`.
Aside from convenience wrappers around mundane functionality, it also provides a very rich set of `tubes` which wrap all of the IO that you'll ever perform in a single, unifying interface. Switching from a local exploit to a remote exploit, or local exploit over SSH becomes a one-line change.
Last but not least, it also includes a wide array of exploitation assistance tools for intermediate-to-advanced use cases. These include remote symbol resolution given a memory disclosure primitive (`MemLeak` and `DynELF`), ELF parsing and patching (`ELF`), and ROP gadget discovery and call-chain building (`ROP`).
# Table of Contents
- [Installing Pwntools](installing.md)
- [Tubes](tubes.md)
+ Basic Tubes
+ Interactive Shells
+ Processes
+ Networking
+ Secure Shell
+ Serial Ports
- [Utility](utility.md)
+ Encoding and Hashing
+ Packing / unpacking integers
+ Pattern generation
+ Safe evaluation
- [Bytes vs. Strings](bytes.md)
+ Python2
- Python3
+ Gotchas
- [Context](context.md)
+ Architecture
+ Endianness
+ Log verbosity
+ Timeout
- [ELFs](elf.md)
+ Reading and writing
+ Patching
+ Symbols
- [Assembly](assembly.md)
+ Assembling shellcode
+ Disassembling bytes
+ Shellcraft library
+ Constants
- [Debugging](debugging.md)
+ Debugging local processes
+ Breaking at the entry point
+ Debugging shellcode
- [ROP](rop.md)
+ Dumping gadgets
+ Searching for gadgets
+ ROP stack generation
+ Helper functions
- [Logging](logging.md)
+ Basic logging
+ Log verbosity
+ Progress spinners
- [Leaking Remote Memory](leaking.md)
+ Declaring a leak function
+ Leaking arbitrary memory
+ Remote symbol resolution