pwntools cheatsheet

Personal pwntools cheatsheet

1. Fix terminal for GDB

context.terminal = ['st', '-e']

2. get address/offset of a function

addr_main = elf.symbols['main']

Then to pack the address:

p64(addr_main) # 64 bits
p32(addr_main) # 32 bits

3. Manipulate bytes

crafted_username = b"adminAAAAAAAAA" + bytes([255, 255])

4. Run program with custom enviroment

In the template generated, when you start the process:

io = start(env = {'LD_PRELOAD': './'})

You can put whatever you want

5. Convert bytearray to int

addr = int(bytearray(recv),16)

6. Easily search through the received data

text = io.recvall().decode().split("\n")

Or in a more secure manner:

text= io.recvall().decode(encoding='UTF-8', errors='ignore').split(",")

Just change the split