Launch radare2
from pwntools
. This has been tested to work in combination with tmux
- other combinations may or may not work. This might also work with other setups without tmux
but that's not supported currently.
As of now, only the Python2 version of pwntools
is being actively maintained.
A version for the currently unmaintained Python3 fork of pwntools
will be released as soon as it's being actively maintained and updated with pwntools-gdb
environment variable support.
- Create a new pipenv:
pipenv --python 2.7
- Install this:
pipenv install pwntools-r2
- Enter the virtual environment:
pipenv shell
- Code your 1337 exploit:
#!/usr/bin/env python2
from pwntools_r2 import *
# You might want to change this
context.terminal = ['tmux', 'splitw', '-v']
r2script = """
#r2.cmd('db sym.main')
#r2.cmd('aaa')
#r2.cmd('V!')
"""
p = r2dbg('./a', r2script=r2script)
p.interactive()
Be sure to not forget interactive()
at the end :)
Please note that the commands for r2
have to be prefixed with a #
. If you want to pass additional parameters, you can use the same in the function prototype of gdb.debug
from pwntools
.
- Do stuff:
python2.7 ./exploit.py
- Write your payload to a temporary file before running the target process
- Use this:
#r2.cmd('ood `!cat /tmp/payload`')
- You can debug any errors with
context.log_level = 'DEBUG'
via yourpwntools
python script. - If no terminal can be found or any weird errors come up, try setting
context.terminal
accordingly - e.g. tourxvtc
or['tmux', 'splitw', '-v']