I'm new to exploit development and looking for advice.
My question is: how can I keep giving input from one terminal and debug my program on another?
I usually use gdb.debug from pwntools when having graphical interface, but now I can only SSH remote to the machine which runs the binary, which means gdb.debug cannot create a new terminal.
I saw a video of a demonstration doing that technique in VIM. How can I achieve that?
gdb.debug should still work if you're using SSH as long as you set context.terminal to the right value (e.g. tmux).
How to use pwnlib.gdb
Here's a copy and paste of a response to a similar question:
You can use the pwnlib.gdb to interface with gdb.
You can use the gdb.attach() function:
From the docs:
bash = process('bash')
# Attach the debugger
gdb.attach(bash, '''
set follow-fork-mode child
break execve
continue
''')
# Interact with the process
bash.sendline('whoami')
or you can use gdb.debug():
# Create a new process, and stop it at 'main'
io = gdb.debug('bash', '''
# Wait until we hit the main executable's entry point
break _start
continue
# Now set breakpoint on shared library routines
break malloc
break free
continue
''')
# Send a command to Bash
io.sendline("echo hello")
# Interact with the process
io.interactive()
The pwntools template contains code to get you started with debugging with gdb. You can create the pwntools template by running pwn template ./binary_name > template.py. Then you have to add the GDB arg when you run template.py to debug: ./template.py GDB.
If you get [ERROR] Could not find a terminal binary to use., you might need to set context.terminal before you use gdb.
If you're using tmux, the following will automatically open up a gdb debugging session in a new horizontally split window:
context.terminal = ["tmux", "splitw", "-h"]
And to split the screen with the new gdb session window vertically:
context.terminal = ["tmux", "splitw", "-v"]
(To use tmux, install tmux on your machine, and then just type tmux to start it. Then type python template.py GDB.
If none of the above works, then you can always just start your script, use ps aux, find the PID, and then use gdb -p PID to attach to the running process.
Vim Explanation
You don't need to use vim to use pwntools's gdb features like the guy did in the video you linked, but here's an explanation on what he did (vim's also a nice tool regardless):
While editing his pwn script in vim, the guy first executed the following command:
:!./%
: enters command mode in vim
! executes a shell command
% is basically the name of the file you're currently editing in vim
So if your exploit script was named template.py running :!./% in vim would be the same as running ./template.py in your terminal. This just runs the exploit and enters interactive mode.
It's just a way shortcut to execute your script in vim.
Later, the guy also uses :!./% GDB to actually launch the pwntools gdb session. It's the same thing as running python template.py GDB.
Related
does anyone know how to produce a similar result?(essentially tying the windows terminal to the open program)
For example, when you run "emacs" in bash (or another linux terminal) it will produce an output into the open terminal until the program is terminated (or silenced with emacs &)
I want to be able to reproduce this effect on windows, but have no idea how, running start(and similar commands) will only run the program in a new window, with a hidden command line, detached from the cmd line process.
You need the /B flag:
start /B myprogram
(Of course, this will only work with programs that actually use the console. If the program doesn't generate console output, this won't magically make it do so.)
You can do that by first installing Cygwin and then running emacs from Cygwin.
Cygwin is a collection of tools which provide functionality similar to a Linux distribution on Windows.
try typing edit into a windows command shell, it's actually a better program than notepad. there are versions of vi, emacs, for windows and dos, you could try any of them.
ftp://ftp.delorie.com/pub/djgpp/current/v2gnu/
http://www.vim.org/download.php#pc
Basically i'm connecting to a cygwin terminal on another computer and running a program(CodeWarrior) that has TCL support. Running tcl commands inside the program is not a problem.
What i am trying is to redirect output (from puts for example) in tcl to my running cygwin console.
Provided the terminal is the current one, you can do this:
set terminal [open /dev/tty]
puts $terminal "Hi there!"
You might make the terminal handle a global one and never close it (until the program exits).
Other terminals can be written to — provided you have permission — by just opening the correct device. Or you can open a file descriptor if you can find it in /proc, though that's a little bit of a black art in itself.
When I run the emacs text editor the process does not return so I cannot use the terminal which is obviously the default behavior.
I cannot find the switch or command in the man but I know it is something very simple.
How can I run emacs as a separate process so I can continue to use the terminal without opening a second one?
You can start any program in the background by appending an ampersand to the command, emacs &.
There's a whole framework for working with backgrounded processes, see for example man jobs, disown, fg, bg, and try Ctrl-Z on a running process, which will suspend it and give you the terminal, allowing you to resume that process either in the foreground or background at your pleasure. Normally when your shell closes, all those programs will end, disown allows you to tell a program to keep running after you end your session.
The emacs --help command is giving you a tip:
--batch do not do interactive display; implies -q
So run emacs --batch (or maybe emacs --executesomecommand ).
If you have a desktop (or some X11 display) and want emacs to open an X11 windows and give you back a shell prompt, run it in the background (e.g. emacs &) as many commented.
And I find very useful to start programs (or shells) within emacs, e.g. with Emacs commands: M-x shell, or M-x compile (for make etc...), or M-x gdb for a debugger.
You usually start one single emacs at the beginning of a working day. You could use emacsclient (or set your EDITOR environment variable to it) for other editions using the same emacs.
I'd like to add that Windows does have an equivalent to *nix's & for starting programs in a separate process:
start /b emacs Main.hs
I am using Ubuntu 12.04 and Octave:
$ octave
octave:1> _
I set my editor to gedit:
octave:1> edit editor "gedit %s"
I edit a function:
octave:2> edit someFunction
gedit opens someFunction.m as expected and prompt returns while gedit still has the file open:
octave:3> _
I run some other long-running function:
octave:3> runAllTests
While runAllTests is executing I press CTRL-C to interrupt it.
The observed behavior is that runAllTests is interrupted AND gedit is killed.
The expected behavior is that runAllTests is interrupted AND gedit is NOT killed.
Does anyone know how to stop CTRL-C from killing gedit in this circumstance? Alternatively is there another way to interrupt runAllTests without killing gedit?
The setting:
edit editor "gedit %s &"
causes octave to place the editor "in the background", so CTRL-C does not effect it and has the expected behaviour.
Try:
edit mode async
which specifies asynchronous mode of execution of the edit command
The problem is CTRL+C is also a copy command. IT may need to be customized as in Octave GUI Xoctave. They claim that customization is available.
Unfortunately, putting the forked process in background with '&' is not enough when working with the command line (octave-cli).
There is a bug open on the GNU Octave development webpage about this issue.
Of course it is not only an editor problem, but any new forked process is affected. For instance
octave> system("$TERM&")
creates a terminal in a new window, which would be killed by subsequent <ctrl-c>.
I propose a shell-based workaround. This consists in adding an additional layer of "forking in background", which would protect the final terminal (or text editor or whatever) from the signals sent to octave. In brief, I launch a terminal which launches another terminal in background, from which I kill the first terminal (so that it does not bother us).
Create an executable:
term-kill.sh
-----------------------------
#!/bin/sh
$TERM&
sleep 0.01
kill $1
-----------------------------
(note the sleep commands without which the second terminal does not have time to get detached from the first before the latter gets killed). Then, the command
octave> system("$TERM -e term-kill.sh $$&")
creates a single terminal which won't get killed.
To open a text editor, simply consider the executable
term-edit-kill.sh
------------------------
#!/bin/sh
$TERM -e $EDITOR $1&
sleep 0.01
kill $2
------------------------
and change the octave edit command through
octave> EDITOR('$TERM -e term-edit-kill.sh %s $$')
N.B.: I assumed that your system knows how to find term-kill.sh and term-edit-kill.sh, and that the variables $TERM and $EDITOR exist and suit your needs. The terminal emulator must support the -e option.
I'm working with a tool right now that requires me to putty to a remote host, login, run a series of commands to start an engine, open a new window (and login again) to start a different engine, then open a third window (and again, login) to actually use the tool (leaving the engines running in those first two windows). I'd like to write a shell script to automate the process so that I could just open one window, type "sh whatever.sh" and be off and running, without physically opening the new windows and logging in again. However, I can't find a command to get me from one window to the next. Any thoughts?
You can just background the first processes by adding an ampersand (&) to the command line or pressing Ctrl+Z when it is running (and then enter bg to let the process continue, more information about that with jobs).
If that's not enough, you can create virtual shells with screen or tmux.
If you've redirected X (i.e. you can access GUIs over ssh), you can also just start a new window by executing your favorite (GUI) console program, like xterm, konsole, gnome-terminal, etc.
Are you familiar with jobs on linux?
nohup whatever_1.sh &
nohup whatever_2.sh &
nohup whatever_3.sh &
Or perhaps screen would be of use here:
https://serverfault.com/questions/25301/job-control-and-ssh
See also, nohup:
http://en.wikipedia.org/wiki/Nohup
The bash command opens a Bourne-again shell (bash) session.
Try typing in "konsole". That should open a new bash window and set the focus to it.
On my Ubuntu 18 I just type the command:
gnome-terminal
and a new shell opens... I don't like the above answers because xterm and konsole most likely not already be installed.
Shell script on target machine cannot be aware of putty windows on client machine.
Consider using Screen : http://www.gnu.org/s/screen/ - it is clean and powerful way.
I think you need command line window then write:
$ xterm
# new window started
If you need python in new window:
$xterm python
#now a window will shown with python shell
Another nice option from Xfce's terminal:
xfce4-terminal