7250412654

Committed 18 Dec 2023 03:44PM UTC coverage: 74.547% (+0.1%) from 74.452%

Build # 7250412654

Build Type

push

github

Committed by

web-flow

Commit Message

Merge branch 'dev' into retguard

Run Details

4565 of 7244 branches covered (0.0%)

350 of 507 new or added lines in 17 files covered. (69.03%)

13 existing lines in 5 files now uncovered.

12843 of 17228 relevant lines covered (74.55%)

0.75 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

28.77

/pwnlib/commandline/template.py

from __future__ import absolute_import
from __future__ import division

from pwn import *
from pwnlib.commandline import common

from mako.lookup import TemplateLookup, Template

parser = common.parser_commands.add_parser(
    'template',
    help = 'Generate an exploit template',
    description = 'Generate an exploit template. If no arguments are given, '
                    'the current directory is searched for an executable binary and ' 
                    'libc. If only one binary is found, it is assumed to be the '
                    'challenge binary.'
)

# change path to hardcoded one when building the documentation
printable_data_path = "pwnlib/data" if 'sphinx' in sys.modules else pwnlib.data.path

parser.add_argument('exe', nargs='?', help='Target binary. If not given, the current directory is searched for an executable binary.')
parser.add_argument('--host', help='Remote host / SSH server')
parser.add_argument('--port', help='Remote port / SSH port', type=int)
parser.add_argument('--user', help='SSH Username')
parser.add_argument('--pass', '--password', help='SSH Password', dest='password')
parser.add_argument('--libc', help='Path to libc binary to use. If not given, the current directory is searched for a libc binary.')
parser.add_argument('--path', help='Remote path of file on SSH server')
parser.add_argument('--quiet', help='Less verbose template comments', action='store_true')
parser.add_argument('--color', help='Print the output in color', choices=['never', 'always', 'auto'], default='auto')
parser.add_argument('--template', help='Path to a custom template. Tries to use \'~/.config/pwntools/templates/pwnup.mako\', if it exists. '
                                   'Check \'%s\' for the default template shipped with pwntools.' % 
                                        os.path.join(printable_data_path, "templates", "pwnup.mako"))
parser.add_argument('--no-auto', help='Do not automatically detect missing binaries', action='store_false', dest='auto')

def detect_missing_binaries(args):
    log.info("Automatically detecting challenge binaries...")
    # look for challenge binary, libc, and ld in current directory
    exe, libc, ld = args.exe, args.libc, None
    other_files = []
    for filename in os.listdir():
        if not os.path.isfile(filename):
            continue
        if not libc and ('libc-' in filename or 'libc.' in filename):
            libc = filename
        elif not ld and 'ld-' in filename:
            ld = filename
        else:
            if os.access(filename, os.X_OK):
                other_files.append(filename)
    if len(other_files) == 1:
        exe = other_files[0]
    elif len(other_files) > 1:
        log.warning("Failed to find challenge binary. There are multiple binaries in the current directory: %s", other_files)

    if exe != args.exe:
        log.success("Found challenge binary %r", exe)
    if libc != args.libc:
        log.success("Found libc binary %r", libc)
    return exe, libc

def main(args):

    lookup = TemplateLookup(
        directories      = [
            os.path.expanduser('~/.config/pwntools/templates/'),
            os.path.join(pwnlib.data.path, 'templates')
        ],
        module_directory = None
    )

    # For the SSH scenario, check that the binary is at the
    # same path on the remote host.
    if args.user:
        if not (args.path or args.exe):
            log.error("Must specify --path or a exe")

        with ssh(args.user, args.host, args.port or 22, args.password or None) as s:
            try:
                remote_file = args.path or args.exe
                s.download(remote_file)
            except Exception:
                log.warning("Could not download file %r, opening a shell", remote_file)
                s.interactive()
                return

        if not args.exe:
            args.exe = os.path.basename(args.path)

    if args.auto and (args.exe is None or args.libc is None):
        args.exe, args.libc = detect_missing_binaries(args)
    
    if args.template:
        template = Template(filename=args.template) # Failing on invalid file is ok
    else:
        template = lookup.get_template('pwnup.mako')
    
    output = template.render(args.exe,
                             args.host,
                             args.port,
                             args.user,
                             args.password,
                             args.libc,
                             args.path,
                             args.quiet)

    # Fix Mako formatting bs
    output = re.sub('\n\n\n', '\n\n', output)

    # Colorize the output if it's a TTY
    if args.color == 'always' or (args.color == 'auto' and sys.stdout.isatty()):
        from pygments import highlight
        from pygments.formatters import TerminalFormatter
        from pygments.lexers.python import PythonLexer
        output = highlight(output, PythonLexer(), TerminalFormatter())

    print(output)

    # If redirected to a file, make the resulting script executable
    if not sys.stdout.isatty():
        try: os.fchmod(sys.stdout.fileno(), 0o700)
        except OSError: pass

if __name__ == '__main__':
    pwnlib.commandline.common.main(__file__)
    

1	from __future__ import absolute_import	1✔
2	from __future__ import division	1✔
3
4	from pwn import *	1✔
5	from pwnlib.commandline import common	1✔
6
7	from mako.lookup import TemplateLookup, Template	1✔
8
9	parser = common.parser_commands.add_parser(	1✔
10	'template',
11	help = 'Generate an exploit template',
12	description = 'Generate an exploit template. If no arguments are given, '
13	'the current directory is searched for an executable binary and '
14	'libc. If only one binary is found, it is assumed to be the '
15	'challenge binary.'
16	)
17
18	# change path to hardcoded one when building the documentation
19	printable_data_path = "pwnlib/data" if 'sphinx' in sys.modules else pwnlib.data.path	1✔
20
21	parser.add_argument('exe', nargs='?', help='Target binary. If not given, the current directory is searched for an executable binary.')	1✔
22	parser.add_argument('--host', help='Remote host / SSH server')	1✔
23	parser.add_argument('--port', help='Remote port / SSH port', type=int)	1✔
24	parser.add_argument('--user', help='SSH Username')	1✔
25	parser.add_argument('--pass', '--password', help='SSH Password', dest='password')	1✔
26	parser.add_argument('--libc', help='Path to libc binary to use. If not given, the current directory is searched for a libc binary.')	1✔
27	parser.add_argument('--path', help='Remote path of file on SSH server')	1✔
28	parser.add_argument('--quiet', help='Less verbose template comments', action='store_true')	1✔
29	parser.add_argument('--color', help='Print the output in color', choices=['never', 'always', 'auto'], default='auto')	1✔
30	parser.add_argument('--template', help='Path to a custom template. Tries to use \'~/.config/pwntools/templates/pwnup.mako\', if it exists. '	1✔
31	'Check \'%s\' for the default template shipped with pwntools.' %
32	os.path.join(printable_data_path, "templates", "pwnup.mako"))
33	parser.add_argument('--no-auto', help='Do not automatically detect missing binaries', action='store_false', dest='auto')	1✔
34
35	def detect_missing_binaries(args):	1✔
NEW 36	log.info("Automatically detecting challenge binaries...")	×
37	# look for challenge binary, libc, and ld in current directory
NEW 38	exe, libc, ld = args.exe, args.libc, None	×
NEW 39	other_files = []	×
NEW 40	for filename in os.listdir():	×
NEW 41	if not os.path.isfile(filename):	×
NEW 42	continue	×
NEW 43	if not libc and ('libc-' in filename or 'libc.' in filename):	×
NEW 44	libc = filename	×
NEW 45	elif not ld and 'ld-' in filename:	×
NEW 46	ld = filename	×
47	else:
NEW 48	if os.access(filename, os.X_OK):	×
NEW 49	other_files.append(filename)	×
NEW 50	if len(other_files) == 1:	×
NEW 51	exe = other_files[0]	×
NEW 52	elif len(other_files) > 1:	×
NEW 53	log.warning("Failed to find challenge binary. There are multiple binaries in the current directory: %s", other_files)	×
54
NEW 55	if exe != args.exe:	×
NEW 56	log.success("Found challenge binary %r", exe)	×
NEW 57	if libc != args.libc:	×
NEW 58	log.success("Found libc binary %r", libc)	×
NEW 59	return exe, libc	×
60
61	def main(args):	1✔
62
63	lookup = TemplateLookup(	×
64	directories = [
65	os.path.expanduser('~/.config/pwntools/templates/'),
66	os.path.join(pwnlib.data.path, 'templates')
67	],
68	module_directory = None
69	)
70
71	# For the SSH scenario, check that the binary is at the
72	# same path on the remote host.
73	if args.user:	×
74	if not (args.path or args.exe):	×
75	log.error("Must specify --path or a exe")	×
76
NEW 77	with ssh(args.user, args.host, args.port or 22, args.password or None) as s:	×
NEW 78	try:	×
NEW 79	remote_file = args.path or args.exe	×
NEW 80	s.download(remote_file)	×
NEW 81	except Exception:	×
NEW 82	log.warning("Could not download file %r, opening a shell", remote_file)	×
NEW 83	s.interactive()	×
NEW 84	return	×
85
86	if not args.exe:	×
87	args.exe = os.path.basename(args.path)	×
88
NEW 89	if args.auto and (args.exe is None or args.libc is None):	×
NEW 90	args.exe, args.libc = detect_missing_binaries(args)	×
91
92	if args.template:	×
93	template = Template(filename=args.template) # Failing on invalid file is ok	×
94	else:
95	template = lookup.get_template('pwnup.mako')	×
96
97	output = template.render(args.exe,	×
98	args.host,
99	args.port,
100	args.user,
101	args.password,
102	args.libc,
103	args.path,
104	args.quiet)
105
106	# Fix Mako formatting bs
107	output = re.sub('\n\n\n', '\n\n', output)	×
108
109	# Colorize the output if it's a TTY
110	if args.color == 'always' or (args.color == 'auto' and sys.stdout.isatty()):	×
111	from pygments import highlight	×
112	from pygments.formatters import TerminalFormatter	×
113	from pygments.lexers.python import PythonLexer	×
114	output = highlight(output, PythonLexer(), TerminalFormatter())	×
115
116	print(output)	×
117
118	# If redirected to a file, make the resulting script executable
119	if not sys.stdout.isatty():	×
120	try: os.fchmod(sys.stdout.fileno(), 0o700)	×
121	except OSError: pass	×
122
123	if __name__ == '__main__':	1!
124	pwnlib.commandline.common.main(__file__)	×
125

Gallopsled / pwntools / 7250412654

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous