pwntools
pwntools copied to clipboard
Published
20 hours ago •
Gallopsled
Gallopsled
Encoder alphanumeric is broken on amd64
encoder.alphanumeric doesn't encode the shellcode on amd64.
>>> context.binary = ELF('optimistic_patch')
[*] './hackthebox/chall/pwn/Optimistic/optimistic'
Arch: amd64-64-little
RELRO: Partial RELRO
Stack: No canary found
NX: NX disabled
PIE: PIE enabled
RWX: Has RWX segments
>>>
>>> asm(shellcraft.amd64.linux.sh())
b'jhH\xb8/bin///sPH\x89\xe7hri\x01\x01\x814$\x01\x01\x01\x011\xf6Vj\x08^H\x01\xe6VH\x89\xe61\xd2j;X\x0f\x05'
>>> encoder.alphanumeric(asm(shellcraft.sh()))
b'jhH\xb8/bin///sPH\x89\xe7hri\x01\x01\x814$\x01\x01\x01\x011\xf6Vj\x08^H\x01\xe6VH\x89\xe61\xd2j;X\x0f\x05'
Got another error with force=True
>>> from pwn import *
>>> context.arch = 'amd64'
>>> encoder.alphanumeric(asm(shellcraft.sh()+shellcraft.exit()),force=True)
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python3.10/site-packages/pwnlib/context/__init__.py", line 1578, in setter
return function(*a, **kw)
File "/usr/lib/python3.10/site-packages/pwnlib/encoders/encoder.py", line 145, in alphanumeric
return encode(raw_bytes, expr=re_alphanumeric, *a, **kw)
File "/usr/lib/python3.10/site-packages/pwnlib/context/__init__.py", line 1578, in setter
return function(*a, **kw)
File "/usr/lib/python3.10/site-packages/pwnlib/encoders/encoder.py", line 83, in encode
v = encoder(raw_bytes, bytes(avoid), pcreg)
TypeError: 'str' object cannot be interpreted as an integer
