pwnlib.tubes.sock
— Sockets
- class pwnlib.tubes.sock.sock[source]
Bases:
tube
Base type used for
tubes.remote
andtubes.listen
classes
- class pwnlib.tubes.remote.remote(host, port, fam='any', typ='tcp', ssl=False, sock=None, ssl_context=None, ssl_args=None, sni=True, *args, **kwargs)[source]
Bases:
sock
Creates a TCP or UDP-connection to a remote host. It supports both IPv4 and IPv6.
The returned object supports all the methods from
pwnlib.tubes.sock
andpwnlib.tubes.tube
.- Parameters
host (str) – The host to connect to.
port (int) – The port to connect to.
fam – The string “any”, “ipv4” or “ipv6” or an integer to pass to
socket.getaddrinfo()
.typ – The string “tcp” or “udp” or an integer to pass to
socket.getaddrinfo()
.timeout – A positive number, None or the string “default”.
ssl (bool) – Wrap the socket with SSL
ssl_context (ssl.SSLContext) – Specify SSLContext used to wrap the socket.
sni – Set ‘server_hostname’ in ssl_args based on the host parameter.
sock (socket.socket) – Socket to inherit, rather than connecting
ssl_args (dict) – Pass ssl.wrap_socket named arguments in a dictionary.
Examples
>>> r = remote('google.com', 443, ssl=True) >>> r.send(b'GET /\r\n\r\n') >>> r.recvn(4) b'HTTP'
If a connection cannot be made, an exception is raised.
>>> r = remote('127.0.0.1', 1) Traceback (most recent call last): ... PwnlibException: Could not connect to 127.0.0.1 on port 1
You can also use
remote.fromsocket()
to wrap an existing socket.>>> import socket >>> s = socket.socket() >>> s.connect(('google.com', 80)) >>> s.send(b'GET /' + b'\r\n'*2) 9 >>> r = remote.fromsocket(s) >>> r.recvn(4) b'HTTP' >>> s = socket.socket(socket.AF_INET6, socket.SOCK_STREAM) >>> s.connect(('2606:4700:4700::1111', 80)) >>> s.send(b'GET ' + b'\r\n'*2) 8 >>> r = remote.fromsocket(s) >>> r.recvn(4) b'HTTP'
- class pwnlib.tubes.listen.listen(port=0, bindaddr='::', fam='any', typ='tcp', *args, **kwargs)[source]
Bases:
sock
Creates an TCP or UDP-socket to receive data on. It supports both IPv4 and IPv6. You need to call
wait_for_connection()
before using the listen socket.The returned object supports all the methods from
pwnlib.tubes.sock
andpwnlib.tubes.tube
.- Parameters
port (int) – The port to connect to. Defaults to a port auto-selected by the operating system.
bindaddr (str) – The address to bind to. Defaults to
0.0.0.0
/ ::.fam – The string “any”, “ipv4” or “ipv6” or an integer to pass to
socket.getaddrinfo()
.typ – The string “tcp” or “udp” or an integer to pass to
socket.getaddrinfo()
.
Examples
>>> l = listen(1234) >>> r = remote('localhost', l.lport) >>> _ = l.wait_for_connection() >>> l.sendline(b'Hello') >>> r.recvline() b'Hello\n'
>>> # It works with ipv4 by default >>> l = listen() >>> l.spawn_process('/bin/sh') >>> r = remote('127.0.0.1', l.lport) >>> r.sendline(b'echo Goodbye') >>> r.recvline() b'Goodbye\n'
>>> # and it works with ipv6 by defaut, too! >>> l = listen() >>> r = remote('::1', l.lport) >>> _ = l.wait_for_connection() >>> r.sendline(b'Bye-bye') >>> l.recvline() b'Bye-bye\n'
- spawn_process(*args, **kwargs)[source]
Spawns a new process having this tube as stdin, stdout and stderr.
Takes the same arguments as
subprocess.Popen
.
- class pwnlib.tubes.server.server(port=0, bindaddr='::', fam='any', typ='tcp', callback=None, blocking=False, *args, **kwargs)[source]
Bases:
sock
Creates an TCP or UDP-server to listen for connections. It supports both IPv4 and IPv6.
- Parameters
port (int) – The port to connect to. Defaults to a port auto-selected by the operating system.
bindaddr (str) – The address to bind to. Defaults to
0.0.0.0
/ ::.fam – The string “any”, “ipv4” or “ipv6” or an integer to pass to
socket.getaddrinfo()
.typ – The string “tcp” or “udp” or an integer to pass to
socket.getaddrinfo()
.callback – A function to be started on incoming connections. It should take a
pwnlib.tubes.remote
as its only argument.
Examples
>>> s = server(8888) >>> client_conn = remote('localhost', s.lport) >>> server_conn = s.next_connection() >>> client_conn.sendline(b'Hello') >>> server_conn.recvline() b'Hello\n' >>> def cb(r): ... client_input = r.readline() ... r.send(client_input[::-1]) ... >>> t = server(8889, callback=cb) >>> client_conn = remote('localhost', t.lport) >>> client_conn.sendline(b'callback') >>> client_conn.recv() b'\nkcabllac'