How to properly capture output of process using pwntools

1

I'm currently confused on how to use the pwntools library for python3 for exploiting programs - mainly sending the input into a vulnerable program. This is my current python script.

from pwn import *
def executeVuln():
    vulnBin = process("./buf2", stdin=PIPE, stdout=PIPE)
    vulnBin.sendlineafter(': ','A'*90)
    output = vulnBin.recvline(timeout=5)

    print(output)

executeVuln()

The program I'm trying to exploit is below - This isn't about how to exploit the program, more on using the script to properly automate it.

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/types.h>

#define BUFSIZE 176
#define FLAGSIZE 64

void flag(unsigned int arg1, unsigned int arg2) {
  char buf[FLAGSIZE];
  FILE *f = fopen("flag.txt","r");
  if (f == NULL) {
    printf("Flag File is Missing. Problem is Misconfigured, please contact an Admin if you are running this on the shell server.\n");
    exit(0);
  }

  fgets(buf,FLAGSIZE,f);
  if (arg1 != 0xDEADBEEF)
    return;
  if (arg2 != 0xC0DED00D)
    return;
  printf(buf);
}

void vuln(){
  char buf[BUFSIZE];
  gets(buf);
  puts(buf);
}

int main(int argc, char **argv){

  setvbuf(stdout, NULL, _IONBF, 0);

  gid_t gid = getegid();
  setresgid(gid, gid, gid);

  puts("Please enter your string: ");
  vuln();
  return 0;
}

The process is opened fine. sendlineafter blocks until it sends the line and so if it doesn't match it waits indefinitely. However, it runs fine and so the input should be sent. output should receive 90 A's from recvLine due to

puts(buffer) outputting the inputted string.

However, all that is returned is b'', which seems to indicate that the vulnerable program isn't receiving the input and returning an empty string.

Anyone know what's causing this?

python
exploit
pwntools

0 Answers

Nobody has answered this question yet.


User contributions licensed under CC BY-SA 3.0