Skip to main content
90 questions
Newest Active Bountied Unanswered
Filter by
Sorted by
Tagged with
2 votes
0 answers
89 views

I am using pwndbg, with tmux and splitmind. I have the layout the way I want, the only think I am trying to change is getting the stack pane to be inverted. Like what you would see when running 'stack ...
Jack Whitleigh's user avatar
  • 21
0 votes
0 answers
58 views

I'm having an issue with some code I'm writing. I'm getting this pwntools error about too many files being open. My code looks like. for a in range(0,2**3360): try: with open(&...
Michael Hearn's user avatar
  • 576
0 votes
1 answer
2k views

I'm working on arch linux. I need the python module 'pwntools'. First I did this: pipx install pwntools Then a warning: Note: '/home/woc/.local/bin' is not on your PATH environment variable. These ...
woc1111's user avatar
  • 3
0 votes
1 answer
175 views

I am connecting to a server, whereby the server will prompt me a question. To retrieve the question, I used recvline().strip().decode() to retrieve the line outputted. But it gets only the first line, ...
sjj's user avatar
  • 23
0 votes
1 answer
5k views

I'm encountering an issue while trying to run a binary file using both SPWN or Pwntools. Here's the context: SPWN Logs: [*] Binary: baskin [*] Libc: libc-2.27.so [*] Loader: ld-linux-x86-64.so.2 [*]...
user123125's user avatar
  • 67
0 votes
1 answer
100 views

I'm trying to convert a hexadecimal number, like the stack address 0x7ffd6fa90940, into its corresponding Byte representation b'\x40\x09\xa9\x6f\xfd\x7f\x00\x00'. Just like how it is represented in ...
PatrickSteiner's user avatar
  • 547
0 votes
1 answer
505 views

Hi so I have a 32 bit little endian executable on Intel arch so I used context.binary for that and tried context.arch = vax to resolve this issue but both are not working what should I do? Code below: ...
candpythonprogrammer's user avatar
  • 95
0 votes
1 answer
706 views

I am trying to run the following exploit but i am getting the error mentioned above. #!/usr/bin/env python from pwn import * sh = process('./ret2text') target = 0x804863a sh.sendline('A' * 108 + &...
Harry's user avatar
  • 1
0 votes
1 answer
3k views

Im have been doing a course on writting pwntools based exploits. While trying a challenge, after all my attemps I recieve the error "Got EOF while reading in iteractive". My shellcode in ...
Espartex200's user avatar
  • 1
0 votes
1 answer
523 views

OS: Arch Linux x86_64 This is my source code: // gcc source.c -o vuln -no-pie -fno-stack-protector -z execstack -m32 #include <stdio.h> void unsafe() { char buffer[40]; puts("...
CuB3y0nd's user avatar
  • 1
1 vote
1 answer
861 views

I have the pwntools-dev repo cloned to my machine. Using the instructions on the pwntools installation page, I am trying to install from this local repo, but am failing. The command I am typing and ...
David Shaw's user avatar
  • 85
1 vote
0 answers
445 views

I work on class exercice that involves on find a password on a remote server. The goal is to use the Python pwn library. When I access to the server with a nc IP port I have : [0000014075] ...
Julien's user avatar
  • 629
1 vote
1 answer
1k views

I am trying to identify the offset in which a buffer overflow occurs via pwntools and gdb. Here is the C code (x64): int input[8]; int count, num; count = 0; while(1) { printf("Enter:\n&...
tbb's user avatar
  • 25
0 votes
0 answers
353 views

Im trying to install pwntools on OSX but theres a little bump in the installation process, for some reason, there is this module called "unicorn" that uses a setup.py which is deprecated, is ...
Cheesewaffle's user avatar
  • 145
0 votes
2 answers
6k views

I am trying to install the pwn library on my MacBook Air (M2, 2022) but it's failing while building the wheel for unicorn. I'm using python version 3.10.6. This is the command I'm using: python3 -m ...
Kolliden's user avatar
  • 33
1 vote
1 answer
351 views

I have this simple code: from pwn import * e = ELF(r'/home/user/Documents/pwnexercise') print("Found hex:\n" + hex(e.symbols.main)) read_only_data = e.section('.rodata').split(b'\x00') ...
Mampenda's user avatar
  • 671
1 vote
1 answer
488 views

I am learning ret2shellcode, and try it in ubuntu 22.04 and kali 2022.2, and fail to get shell, but in virtualbox, I host a ubuntu 18.04.5, and same pwn script , it success, so could anyone point ...
Ma Paul's user avatar
  • 19
0 votes
1 answer
3k views

I work on a online program in which I should do a buffer Overflow. When I run the program, I have to complete a sum of two numbers generated randomly) : >>> 451389913 + 1587598959 = If I put ...
Julien's user avatar
  • 629
0 votes
1 answer
357 views

in order to solve a binary exploitation CTF-Challenge I have to create an array of arguments to pass to a syscall. I searched a lot on the internet, but I can't find a description on how to create an ...
pekusbill's user avatar
  • 3
1 vote
1 answer
2k views

As an example I am trying to "imitate" the behaviour of the following sets of commands is bash: mkfifo named_pipe /challenge/embryoio_level103 < named_pipe & cat > named_pipe In ...
Albert Waweru's user avatar
  • 39
0 votes
1 answer
2k views

this thing could easily be solves by writing a function that builds the string that I want. But it would be a bit nicer, and a bit more concise if there is something that I can just import and use, it ...
Grazosi's user avatar
  • 733
2 votes
1 answer
3k views

I'm using both pwntools and gdb to explore an ELF program and my question is how can I get the value of a variable like I do with "p <variable_name>" in gdb but in pwntools. I have ...
user avatar
1 vote
3 answers
1k views

I have an ELF 32-bit executable file named orw from the pwnable.tw: https://pwnable.tw/challenge/. In my Ubuntu18.04, the .bss segment can be executed: But in my Ubuntu20 and IDA Pro, the .bss ...
Alston's user avatar
  • 79
2 votes
1 answer
10k views

Let's say that I have a simple executable and I want to find the address of the main. Usually, I take the address from the objdump output, and then I use it in my pwn script. I want to make my script ...
Mocanu Gabriel's user avatar
  • 620
-1 votes
1 answer
74 views

I am retrieving simple assignment commands from a remote terminal connection in Python, and would like to execute them. The format will be like b = 3156, and I would like to execute it using exec(). ...
Power_tile's user avatar
  • 860

1
2