pwntools
pwntools copied to clipboard
Published
20 hours ago •
Gallopsled
Gallopsled
gdb.debug with api=True fails on pwntools/pwntools:stable docker image
Running gdb.debug with api=True on the provided docker image, fails with Failed to connect to GDB: Unix socket /tmp/tmpp03qzrjf/socket was never created. See the provided log file.
This happened to me on multiple docker images, some of which I configured myself from ubuntu:24.04 and python:3.12.
works as expected without api=True
Minimal working example
pwntools version: 4.14.0 (as printed by pip show pwntools later)
host is Windows 11 (build 22631), Docker version 27.3.1, build ce12230
gist: https://gist.github.com/bary12/1e9a4b516ca6d304d72cf96c029f95ec
.
│ create_container.ps1
│
└───volume
run_script.sh
script.py
create_container.ps1
docker run -it `
--privileged `
--net=host `
--hostname localhost `
--ulimit core=-1:-1 `
--mount type=bind,source=.\volume,target=/home/pwntools/volume `
pwntools/pwntools:stable `
/bin/bash -c "cd /home/pwntools/volume && ./run_script.sh"
run_script.sh
sudo DEBIAN_FRONTEND=noninteractive apt-get update
sudo apt-get install -y gdb gdbserver xterm
pip install --upgrade pwntools
pip show pwntools
python3 /home/pwntools/volume/script.py DEBUG LOG_FILE=/home/pwntools/volume/log.txt
script.py
from pwn import *
context.terminal = ['xterm']
gdb.debug('/bin/ls', api=True)
(this happened with multiple processes including programs I compiled myself)
full output with stacktrace
[x] Starting local process '/usr/bin/gdbserver' argv=[b'/usr/bin/gdbserver', b'--multi', b'--no-disable-randomization', b'--[◢] Starting local process '/usr/bin/gdbserver' argv=[b'/usr/bin/gdbserver', b'--multi', b'--no-disable-randomization', b'--[+] tartup-with-shell', b'localhost:0', b'/bin/ls'] : pid 1053
[DEBUG] Received 0x3c bytes:
b'Process /bin/ls created; pid = 1056\n'
b'Listening on port 42807\n'
[DEBUG] Wrote gdb script to '/tmp/pwnlib-gdbscript-684lav7l.gdb'
python socket_path = '/tmp/tmpzakgk7s1/socket'
source /usr/local/lib/python3.10/dist-packages/pwnlib/gdb_api_bridge.py
target remote 127.0.0.1:42807
[*] running in new terminal: ['/usr/bin/gdb', '-q', '/bin/ls', '-x', '/tmp/pwnlib-gdbscript-684lav7l.gdb']
[DEBUG] Created script for new terminal:
#!/usr/bin/python3
import os
os.execve('/usr/bin/gdb', ['/usr/bin/gdb', '-q', '/bin/ls', '-x', '/tmp/pwnlib-gdbscript-684lav7l.gdb'], os.environ)
[DEBUG] Launching a new terminal: ['/usr/bin/xterm', '/tmp/tmp88s9hhy4']
[x] Starting local process '/usr/bin/gdb' argv=[b'/usr/bin/gdb', b'--nx', b'-batch', b'-ex', b'python import rpyc; import gd[|] Starting local process '/usr/bin/gdb' argv=[b'/usr/bin/gdb', b'--nx', b'-batch', b'-ex', b'python import rpyc; import gd[+] db.execute("quit 123")'] : pid 1059
[*] Process '/usr/bin/gdb' stopped with exit code 123 (pid 1059)
[ERROR] Failed to connect to GDB: Unix socket /tmp/tmpzakgk7s1/socket was never created
Traceback (most recent call last):
File "/home/pwntools/volume/script.py", line 5, in <module>
gdb.debug(
File "/usr/local/lib/python3.10/dist-packages/pwnlib/context/__init__.py", line 1690, in setter
return function(*a, **kw)
File "/usr/local/lib/python3.10/dist-packages/pwnlib/gdb.py", line 713, in debug
tmp = attach((host, port), exe=exe, gdbscript=gdbscript, gdb_args=gdb_args, ssh=ssh, sysroot=sysroot, api=api)
File "/usr/local/lib/python3.10/dist-packages/pwnlib/context/__init__.py", line 1690, in setter
return function(*a, **kw)
File "/usr/local/lib/python3.10/dist-packages/pwnlib/gdb.py", line 1285, in attach
log.error('Failed to connect to GDB: Unix socket %s was never created', socket_path)
File "/usr/local/lib/python3.10/dist-packages/pwnlib/log.py", line 439, in error
raise PwnlibException(message % args)
pwnlib.exception.PwnlibException: Failed to connect to GDB: Unix socket /tmp/tmpzakgk7s1/socket was never created
[*] Stopped process '/bin/ls' (pid 1056)
Debug Output
================================================================================
= Started at 2025-01-22T13:56:35 =
= sys.argv = [ =
= '/home/pwntools/volume/script.py', =
= ] =
================================================================================
================================================================================
= Started at 2025-01-22T13:56:35 =
= sys.argv = [ =
= '/home/pwntools/volume/script.py', =
= ] =
================================================================================
2025-01-22T13:56:35:INFO:pwnlib.tubes.process.process.140709030740944:Starting local process '/usr/bin/gdbserver' argv=[b'/usr/bin/gdbserver', b'--multi', b'--no-disable-randomization', b'--no-startup-with-shell', b'localhost:0', b'/bin/ls']
2025-01-22T13:56:35:INFO:pwnlib.tubes.process.process.140709030740944:Starting local process '/usr/bin/gdbserver' argv=[b'/usr/bin/gdbserver', b'--multi', b'--no-disable-randomization', b'--no-startup-with-shell', b'localhost:0', b'/bin/ls'] : pid 1032
2025-01-22T13:56:35:DEBUG:pwnlib.tubes.process.process.140709030740944:Received 0x3c bytes:
2025-01-22T13:56:35:DEBUG:pwnlib.tubes.process.process.140709030740944:b'Process /bin/ls created; pid = 1035\n'
2025-01-22T13:56:35:DEBUG:pwnlib.tubes.process.process.140709030740944:b'Listening on port 38113\n'
2025-01-22T13:56:35:DEBUG:pwnlib.gdb:Wrote gdb script to '/tmp/pwnlib-gdbscript-wl32k8vh.gdb'
python socket_path = '/tmp/tmpp03qzrjf/socket'
source /usr/local/lib/python3.10/dist-packages/pwnlib/gdb_api_bridge.py
target remote 127.0.0.1:38113
2025-01-22T13:56:35:INFO:pwnlib.gdb:running in new terminal: ['/usr/bin/gdb', '-q', '/bin/ls', '-x', '/tmp/pwnlib-gdbscript-wl32k8vh.gdb']
2025-01-22T13:56:35:DEBUG:pwnlib.util.misc:Created script for new terminal:
#!/usr/bin/python3
import os
os.execve('/usr/bin/gdb', ['/usr/bin/gdb', '-q', '/bin/ls', '-x', '/tmp/pwnlib-gdbscript-wl32k8vh.gdb'], os.environ)
2025-01-22T13:56:35:DEBUG:pwnlib.util.misc:Launching a new terminal: ['/usr/bin/xterm', '/tmp/tmp55xrczob']
================================================================================
= Started at 2025-01-22T13:56:45 =
= sys.argv = [ =
= '/home/pwntools/volume/script.py', =
= ] =
================================================================================
2025-01-22T13:56:45:INFO:pwnlib.tubes.process.process.140709030743632:Starting local process '/usr/bin/gdb' argv=[b'/usr/bin/gdb', b'--nx', b'-batch', b'-ex', b'python import rpyc; import gdb; gdb.execute("quit 123")']
2025-01-22T13:56:45:INFO:pwnlib.tubes.process.process.140709030743632:Starting local process '/usr/bin/gdb' argv=[b'/usr/bin/gdb', b'--nx', b'-batch', b'-ex', b'python import rpyc; import gdb; gdb.execute("quit 123")'] : pid 1038
2025-01-22T13:56:45:INFO:pwnlib.tubes.process.process.140709030743632:Process '/usr/bin/gdb' stopped with exit code 123 (pid 1038)
2025-01-22T13:56:45:ERROR:pwnlib.gdb:Failed to connect to GDB: Unix socket /tmp/tmpp03qzrjf/socket was never created
================================================================================
= Started at 2025-01-22T13:56:45 =
= sys.argv = [ =
= '/home/pwntools/volume/script.py', =
= ] =
================================================================================
================================================================================
= Started at 2025-01-22T13:56:45 =
= sys.argv = [ =
= '/home/pwntools/volume/script.py', =
= ] =
================================================================================
================================================================================
= Started at 2025-01-22T13:56:45 =
= sys.argv = [ =
= '/home/pwntools/volume/script.py', =
= ] =
================================================================================
2025-01-22T13:56:45:INFO:pwnlib.tubes.process.process.140709030740944:Stopped process '/bin/ls' (pid 1035)
Verify on Ubuntu
My host is a windows machine, however this probably shouldn't matter as the guest is the provided ubuntu container.
My attempts at debugging this - Attempt 1
I tried adding a log file to the gdb instance itself, using -ex set logging enabled on -ex set logging file /home/pwntools/volume/gdb_log.txt,
however said logfile was not created. Pwntools logfile shows:
os.execve('/usr/bin/gdb', ['/usr/bin/gdb', '-ex', 'set', 'logging', 'enabled', 'on', '-ex', 'set', 'logging', 'file', '/home/pwntools/volume/gdb_log.txt', '-q', '/bin/ls', '-x', '/tmp/pwnlib-gdbscript-7t8wsfvq.gdb'], os.environ)
2025-01-22T14:04:42:DEBUG:pwnlib.util.misc:Launching a new terminal: ['/usr/bin/xterm', '/tmp/tmpxjt57_oa']
================================================================================
= Started at 2025-01-22T14:04:52 =
= sys.argv = [ =
= '/home/pwntools/volume/script.py', =
= ] =
================================================================================
2025-01-22T14:04:52:INFO:pwnlib.tubes.process.process.140021372817456:Starting local process '/usr/bin/gdb' argv=[b'/usr/bin/gdb', b'--nx', b'-batch', b'-ex', b'python import rpyc; import gdb; gdb.execute("quit 123")']
2025-01-22T14:04:52:INFO:pwnlib.tubes.process.process.140021372817456:Starting local process '/usr/bin/gdb' argv=[b'/usr/bin/gdb', b'--nx', b'-batch', b'-ex', b'python import rpyc; import gdb; gdb.execute("quit 123")'] : pid 1038
2025-01-22T14:04:53:INFO:pwnlib.tubes.process.process.140021372817456:Process '/usr/bin/gdb' stopped with exit code 123 (pid 1038)
2025-01-22T14:04:53:ERROR:pwnlib.gdb:Failed to connect to GDB: Unix socket /tmp/tmpui0v1vuv/socket was never created
so the -ex es were passed correctly, but the process itself isn't launching.
My attempts at debugging this - Attempt 2
Because I didn't want to get into the code, here I try to catch the contents of the /tmp/pwnlib-gdbscript-*.gdb script using a watchdog on the /tmp dir. this is the contents:
shell rm /tmp/pwnlib-gdbscript-_pupa5y5.gdb
python socket_path = '/tmp/tmp8e1s99d1/socket'
source /usr/local/lib/python3.10/dist-packages/pwnlib/gdb_api_bridge.py
target remote 127.0.0.1:46601
let's try to run gdb_api_bridge.py ourselves and see the logs.
in bash file:
gdb -q /bin/ls -x /home/pwntools/volume/test_script.gdb
test_script.gdb
python socket_path = '/tmp/socket'
source /usr/local/lib/python3.10/dist-packages/pwnlib/gdb_api_bridge.py
target remote 127.0.0.1:46601
resulting in:
/home/pwntools/volume/test_script.gdb:3: Error in sourced command file:
127.0.0.1:46601: Connection timed out.
so it seems like gdb_api_bridge.py didn't error, we got to the target remote line. I didn't continue further from this point.
