`pwnlib.tubes.sock` — Sockets

class pwnlib.tubes.sock.sock[source]

Bases: tube

Base type used for tubes.remote and tubes.listen classes

class pwnlib.tubes.remote.remote(host, port, fam='any', typ='tcp', sock=None, ssl=False, ssl_context=None, ssl_args=None, sni=True, *args, **kwargs)[source]

Bases: sock

Creates a TCP or UDP-connection to a remote host. It supports both IPv4 and IPv6.

The returned object supports all the methods from pwnlib.tubes.sock and pwnlib.tubes.tube.

Parameters:

host (str) – The host to connect to.
port (int) – The port to connect to.
fam – The string “any”, “ipv4” or “ipv6” or an integer to pass to socket.getaddrinfo().
typ – The string “tcp” or “udp” or an integer to pass to socket.getaddrinfo().
timeout – A positive number, None or the string “default”.
sock (socket.socket) – Socket to inherit, rather than connecting
ssl (bool) – Wrap the socket with SSL
ssl_context (ssl.SSLContext) – Specify SSLContext used to wrap the socket.
ssl_args (dict) – Pass ssl.wrap_socket() named arguments in a dictionary.
sni (str,bool) – Set ‘server_hostname’ in ssl_args. Set to True to set it based on the host argument. Set to False to not provide any value. Default is True.

Examples

>>> r = remote('google.com', 443, ssl=True)
>>> r.send(b'GET /\r\n\r\n')
>>> r.recvn(4)
b'HTTP'

If a connection cannot be made, an exception is raised.

>>> r = remote('127.0.0.1', 1)
Traceback (most recent call last):
...
PwnlibException: Could not connect to 127.0.0.1 on port 1

You can also use remote.fromsocket() to wrap an existing socket.

>>> import socket
>>> s = socket.socket()
>>> s.connect(('google.com', 80))
>>> s.send(b'GET /' + b'\r\n'*2)
9
>>> r = remote.fromsocket(s)
>>> r.recvn(4)
b'HTTP'
>>> s = socket.socket(socket.AF_INET6, socket.SOCK_STREAM)
>>> s.connect(('2606:4700:4700::1111', 80))
>>> s.send(b'GET ' + b'\r\n'*2)
8
>>> r = remote.fromsocket(s)
>>> r.recvn(4)
b'HTTP'

classmethod fromsocket(socket)[source]

Helper method to wrap a standard python socket.socket with the tube APIs.

Parameters:: socket – Instance of socket.socket
Returns:: Instance of pwnlib.tubes.remote.remote.

__init__(host, port, fam='any', typ='tcp', sock=None, ssl=False, ssl_context=None, ssl_args=None, sni=True, *args, **kwargs)[source]

class pwnlib.tubes.listen.listen(port=0, bindaddr='::', fam='any', typ='tcp', *args, **kwargs)[source]

Bases: sock

Creates an TCP or UDP-socket to receive data on. It supports both IPv4 and IPv6. You need to call wait_for_connection() before using the listen socket.

The returned object supports all the methods from pwnlib.tubes.sock and pwnlib.tubes.tube.

Parameters:

port (int) – The port to connect to. Defaults to a port auto-selected by the operating system.
bindaddr (str) – The address to bind to. Defaults to 0.0.0.0 / ::.
fam – The string “any”, “ipv4” or “ipv6” or an integer to pass to socket.getaddrinfo().
typ – The string “tcp” or “udp” or an integer to pass to socket.getaddrinfo().

Examples

>>> l = listen(1234)
>>> r = remote('localhost', l.lport)
>>> _ = l.wait_for_connection()
>>> l.sendline(b'Hello')
>>> r.recvline()
b'Hello\n'
>>> l.close()
>>> r.close()

>>> # It works with ipv4 by default
>>> l = listen(1234)
>>> l.spawn_process('/bin/sh')
>>> r = remote('127.0.0.1', l.lport)
>>> r.sendline(b'echo Goodbye')
>>> r.recvline()
b'Goodbye\n'

>>> # and it works with ipv6 by defaut, too!
>>> l = listen()
>>> r = remote('::1', l.lport)
>>> _ = l.wait_for_connection()
>>> r.sendline(b'Bye-bye')
>>> l.recvline()
b'Bye-bye\n'

__init__(port=0, bindaddr='::', fam='any', typ='tcp', *args, **kwargs)[source]

close()[source]: Closes the tube.

spawn_process(*args, **kwargs)[source]

Spawns a new process having this tube as stdin, stdout and stderr.

Takes the same arguments as subprocess.Popen.

wait_for_connection()[source]: Blocks until a connection has been established.

canonname = None[source]: Canonical name of the listening interface

family = None[source]: Socket family

lhost = None[source]: Local host

lport = 0[source]: Local port

protocol = None[source]: Socket protocol

sockaddr = None[source]: Sockaddr structure that is being listened on

type = None[source]: Socket type (e.g. socket.SOCK_STREAM)

class pwnlib.tubes.server.server(port=0, bindaddr='::', fam='any', typ='tcp', callback=None, blocking=False, *args, **kwargs)[source]

Bases: sock

Creates an TCP or UDP-server to listen for connections. It supports both IPv4 and IPv6.

It can be used in two ways: either by calling next_connection() to get a tube for each incoming connection, or by providing a callback that is called with the tube for each incoming connection. When providing a callback, the accepter thread can either block while the callback is running or start the callback in a new thread. The next_connection() method only works when no callback is provided.

Parameters:

port (int) – The port to connect to. Defaults to a port auto-selected by the operating system.
bindaddr (str) – The address to bind to. Defaults to 0.0.0.0 / ::.
fam – The string “any”, “ipv4” or “ipv6” or an integer to pass to socket.getaddrinfo().
typ – The string “tcp” or “udp” or an integer to pass to socket.getaddrinfo().
callback – A function to be started on incoming connections. It should take a pwnlib.tubes.remote as its only argument.
blocking (bool) – Whether to block the accepter thread while the callback is running. The callback is executed in another thread when False. Only relevant if a callback is provided. Defaults to False.

Examples

>>> s = server(8888)
>>> client_conn = remote('localhost', s.lport)
>>> server_conn = s.next_connection()
>>> client_conn.sendline(b'Hello')
>>> server_conn.recvline()
b'Hello\n'
>>> client_conn.close()
>>> s.close()

>>> def cb(r):
...     client_input = r.readline()
...     r.send(client_input[::-1])
...
>>> t = server(8888, callback=cb)
>>> client_conn = remote('localhost', t.lport)
>>> client_conn.sendline(b'callback')
>>> client_conn.recv()
b'\nkcabllac'
>>> client_conn.close()
>>> t.close()

__init__(port=0, bindaddr='::', fam='any', typ='tcp', callback=None, blocking=False, *args, **kwargs)[source]

close() → None[source]: Closes the listening socket and waits for the accepter thread to finish.

next_connection() → tubes.remote[source]: Returns the next connection to the server if no callback was provided.

canonname = None[source]: Canonical name of the listening interface

family = None[source]: Socket family

lhost = None[source]: Local host

lport = 0[source]: Local port

protocol = None[source]: Socket protocol

sockaddr = None[source]: Sockaddr structure that is being listened on

type = None[source]: Socket type (e.g. socket.SOCK_STREAM)

pwnlib.tubes.sock — Sockets

`pwnlib.tubes.sock` — Sockets