pwntools v4.10 releases: CTF framework and exploit development library

There are bits of code everyone has written a million times, and everyone has their own way of doing it. Pwntools aims to provide all of these in a semi-standard way, so that you can stop copy-pasting the same struct.unpack(‘>I’, x) code around and instead use more slightly more legible wrappers like pack or p32 or even p64(…, endian=’big’, sign=True).

Aside from convenience wrappers around mundane functionality, it also provides a very rich set of tubes which wrap all of the IO that you’ll ever perform in a single, unifying interface. Switching from a local exploit to a remote exploit, or local exploit over SSH becomes a one-line change.

Last but not least, it also includes a wide array of exploitation assistance tools for intermediate-to-advanced use cases. These include remote symbol resolution given a memory disclosure primitive (MemLeak and DynELF), ELF parsing and patching (ELF), and ROP gadget discovery and call-chain building (ROP).

Changelog v4.10

In memoriam — Zach Riggle — long time contributor and maintainer of Pwntools.

• #2185 make fmtstr module able to create payload without $ notation
• #2062 make pwn cyclic -l work with entry larger than 4 bytes
• #2092 shellcraft: dup() is now called dupio() consistently across all supported arches
• #2093 setresuid() in shellcraft uses current euid by default
• #2103 Add search for libc binary by leaked function addresses libcdb.search_by_symbol_offsets()
• #2125 Allow tube.recvregex to return capture groups
• #2144 Removes p2align 2 asm() headers from x86-32, x86-64 and mips architectures to avoid inconsistent instruction length when patching binaries
• #2177 Support for RISC-V 64-bit architecture
• #2186 Enhance ELF.nx and ELF.execstack
• #2129 Handle context.newline correctly when typing in tube.interactive()

Install & Use

Copyright (c) 2015 Gallopsled et al.