Skip to main content

One post tagged with "Pwntools"

Pwntools is a Python framework designed for exploitation and post-exploitation of vulnerable systems. It provides a set of tools and libraries that enable developers and penetration testers to create exploits, interact with the target system, and automate tasks such as file manipulation, network communication, and process management. Pwntools aims to provide a simple and efficient way to write exploit code, making it a popular choice among security researchers and hackers.

View All Tags

HTB | You know 0xDiablos | Write-Up

· 22 min read

Summary:

We prepare for a challenge by preparing challenge files and testing the executable. Next, we perform static analysis using Ghidra to identify potential vulnerabilities. Upon discovering a buffer overflow vulnerability, we verify its existence and proceed to analyze the target architecture and endianness using pwntools' checksec feature.

With this information in hand, we use GDB and PEDA to identify the offset and address of the flag() function. We then craft a malicious payload using pwntools to smash the stack and exploit the vulnerability. Before submitting the exploit to the target machine, we verify its effectiveness against a local copy of the executable. After successfully exploiting the target, we submit our exploit and grab the recovered flag, declaring Challenge Completed once the task is accomplished.

Challenge Name: You know 0xDiablos | Difficulty: Easy | Category: Pwn