Monday, June 5, 2017

CTF Framework and Exploit Development Library: pwntools

12:50 PM Leave a Reply
CTF Framework and Exploit Development Library: pwntools
CTF Framework and Exploit Development Library

    pwntools is a CTF framework and exploit development library. Written in Python, it is designed for rapid prototyping and development, and intended to make exploit writing as simple as possible. Whether you’re using it to write exploits, or as part of another software project will dictate how you use it.

    Historically pwntools was used as a sort of exploit-writing DSL. Simply doing from pwn import * in a previous version of pwntools would bring all sorts of nice side-effects. When redesigning pwntools for 2.0 two different modules were desined. pwnlib, a  nice, clean Python module, and pwn which is to be used during CTFs.



CTF Framework and Exploit Development Library: pwntools



pwntools v3.5 Released



pwn — Toolbox optimized for CTFs

The purpose of this module lies in its ability to get a lot of side-effects by default. It does the following:

Imports everything from the toplevel pwnlib along with functions from a lot of submodules. This means that if you do import pwn or from pwn import *, you will get access to everything you need to write an exploit.
Calls pwnlib.term.init() to put your terminal in raw mode and implementing functionality to make it look like it is not.
Setting the pwnlib.context.log_level to “info”.
Tries to parse some of the values in sys.argv and every value it succeeds in parsing it removes.


pwnlib — Normal python library

    This module represents “clean” python-code. As a rule, importing pwnlib or any of the submodules shouldn’t have any significant side-effects (besides e.g. caching). For the most part, you will also only get the bits you import. You for instance will not get access to pwnlib.util.packing simply by doing import pwnlib.util. Though there are a few exceptions (such as pwnlib.shellcraft), that does not quite fit the goals of being simple and clean, but they can still be imported without implicit side-effects.



CTF Framework and Exploit Development Library: pwntools Documantation



Installation

     pwntools is best supported on Ubuntu 12.04 and 14.04, but most functionality should work on any Posix-like distribution (Debian, Arch, FreeBSD, OSX, etc.). Most of the functionality of pwntools is self-contained and Python-only. You should be able to get running quickly with

apt-get update
apt-get install python2.7 python-pip python-dev git libssl-dev libffi-dev build-essential
pip install --upgrade pip
pip install --upgrade pwntools
However, some of the features (assembling/disassembling foreign architectures) require non-Python dependencies. For more information, see the complete installation instructions here.



CTF Framework Prerequisites:

In order to get the most out of pwntools, you should have the following system libraries installed.

Binutils
Ubuntu
Mac OS X
Alternate OSes
Python Development Headers
Ubuntu
Mac OS X


Released Version

Pwntools is available as a pip package.

$ apt-get install python2.7 python2.7-dev python-pip
$ pip install pwntools

Download