标签:libc header inf 自己的 invalid load mem import new
pwn加载题目给定的so
from pwn import *
import sys, os
def change_ld(binary, ld):
"""
Force to use assigned new ld.so by changing the binary
"""
if not os.access(ld, os.R_OK):
log.failure("Invalid path {} to ld".format(ld))
return None
if not isinstance(binary, ELF):
if not os.access(binary, os.R_OK):
log.failure("Invalid path {} to binary".format(binary))
return None
binary = ELF(binary)
for segment in binary.segments:
if segment.header[‘p_type‘] == ‘PT_INTERP‘:
size = segment.header[‘p_memsz‘]
addr = segment.header[‘p_paddr‘]
data = segment.data()
if size <= len(ld):
log.failure("Failed to change PT_INTERP from {} to {}".format(data, ld))
return None
binary.write(addr, ld.ljust(size, ‘\0‘))
if not os.access(‘/tmp/pwn‘, os.F_OK): os.mkdir(‘/tmp/pwn‘)
path = ‘/tmp/pwn/{}_debug‘.format(os.path.basename(binary.path))
if os.access(path, os.F_OK):
os.remove(path)
info("Removing exist file {}".format(path))
binary.save(path)
os.chmod(path, 0b111000000) #rwx------
success("PT_INTERP has changed from {} to {}. Using temp file {}".format(data, ld, path))
return ELF(path)
#example
elf = change_ld(‘./echo2‘, ‘./ld.so‘)
p = elf.process(env={‘LD_PRELOAD‘:‘./libc.so.6‘})
#后续步骤接着写先用strings libc.so.6 | grep GLIBC 查看自己的glibc是否兼容题目给的libc库
(libc.so.6 是我将题目给的改名的)
注意ld.so 是从安装的glibc 例如按照我的blog(编译glibc)的目录是/usr/glibc223/lib里的ld2.23.so拷贝出来的并且改了下名 libc.so.6 则是题目给的libc库改名的
此脚本需要pwn题 ld.so libc.so.6在一个文件夹
写的好像不太清楚,有问题就问 这破事烦了我两天才给搞好,真是为难新手
参考
https://bbs.pediy.com/thread-225849.htm
标签:libc header inf 自己的 invalid load mem import new
原文地址:https://www.cnblogs.com/0x636a/p/9157993.html
