pwnlib.tubes.sock — Sockets

class pwnlib.tubes.sock.sock[source]

Bases: tube

Base type used for tubes.remote and tubes.listen classes

class pwnlib.tubes.remote.remote(host, port, fam='any', typ='tcp', ssl=False, sock=None, ssl_context=None, ssl_args=None, sni=True, *args, **kwargs)[source]

Bases: sock

Creates a TCP or UDP-connection to a remote host. It supports both IPv4 and IPv6.

The returned object supports all the methods from pwnlib.tubes.sock and pwnlib.tubes.tube.

Parameters
  • host (str) – The host to connect to.

  • port (int) – The port to connect to.

  • fam – The string “any”, “ipv4” or “ipv6” or an integer to pass to socket.getaddrinfo().

  • typ – The string “tcp” or “udp” or an integer to pass to socket.getaddrinfo().

  • timeout – A positive number, None or the string “default”.

  • ssl (bool) – Wrap the socket with SSL

  • ssl_context (ssl.SSLContext) – Specify SSLContext used to wrap the socket.

  • sni – Set ‘server_hostname’ in ssl_args based on the host parameter.

  • sock (socket.socket) – Socket to inherit, rather than connecting

  • ssl_args (dict) – Pass ssl.wrap_socket named arguments in a dictionary.

Examples

>>> r = remote('google.com', 443, ssl=True)
>>> r.send(b'GET /\r\n\r\n')
>>> r.recvn(4)
b'HTTP'

If a connection cannot be made, an exception is raised.

>>> r = remote('127.0.0.1', 1)
Traceback (most recent call last):
...
PwnlibException: Could not connect to 127.0.0.1 on port 1

You can also use remote.fromsocket() to wrap an existing socket.

>>> import socket
>>> s = socket.socket()
>>> s.connect(('google.com', 80))
>>> s.send(b'GET /' + b'\r\n'*2)
9
>>> r = remote.fromsocket(s)
>>> r.recvn(4)
b'HTTP'
>>> s = socket.socket(socket.AF_INET6, socket.SOCK_STREAM) 
>>> s.connect(('2606:4700:4700::1111', 80)) 
>>> s.send(b'GET ' + b'\r\n'*2) 
8
>>> r = remote.fromsocket(s) 
>>> r.recvn(4) 
b'HTTP'
__init__(host, port, fam='any', typ='tcp', ssl=False, sock=None, ssl_context=None, ssl_args=None, sni=True, *args, **kwargs)[source]
classmethod fromsocket(socket)[source]

Helper method to wrap a standard python socket.socket with the tube APIs.

Parameters

socket – Instance of socket.socket

Returns

Instance of pwnlib.tubes.remote.remote.

class pwnlib.tubes.listen.listen(port=0, bindaddr='::', fam='any', typ='tcp', *args, **kwargs)[source]

Bases: sock

Creates an TCP or UDP-socket to receive data on. It supports both IPv4 and IPv6. You need to call wait_for_connection() before using the listen socket.

The returned object supports all the methods from pwnlib.tubes.sock and pwnlib.tubes.tube.

Parameters
  • port (int) – The port to connect to. Defaults to a port auto-selected by the operating system.

  • bindaddr (str) – The address to bind to. Defaults to 0.0.0.0 / ::.

  • fam – The string “any”, “ipv4” or “ipv6” or an integer to pass to socket.getaddrinfo().

  • typ – The string “tcp” or “udp” or an integer to pass to socket.getaddrinfo().

Examples

>>> l = listen(1234)
>>> r = remote('localhost', l.lport)
>>> _ = l.wait_for_connection()
>>> l.sendline(b'Hello')
>>> r.recvline()
b'Hello\n'
>>> # It works with ipv4 by default
>>> l = listen()
>>> l.spawn_process('/bin/sh')
>>> r = remote('127.0.0.1', l.lport)
>>> r.sendline(b'echo Goodbye')
>>> r.recvline()
b'Goodbye\n'
>>> # and it works with ipv6 by defaut, too!
>>> l = listen()
>>> r = remote('::1', l.lport)
>>> _ = l.wait_for_connection()
>>> r.sendline(b'Bye-bye')
>>> l.recvline()
b'Bye-bye\n'
__init__(port=0, bindaddr='::', fam='any', typ='tcp', *args, **kwargs)[source]
close()[source]

Closes the tube.

spawn_process(*args, **kwargs)[source]

Spawns a new process having this tube as stdin, stdout and stderr.

Takes the same arguments as subprocess.Popen.

wait_for_connection()[source]

Blocks until a connection has been established.

canonname = None[source]

Canonical name of the listening interface

family = None[source]

Socket family

lhost = None[source]

Local host

lport = 0[source]

Local port

protocol = None[source]

Socket protocol

sockaddr = None[source]

Sockaddr structure that is being listened on

type = None[source]

Socket type (e.g. socket.SOCK_STREAM)

class pwnlib.tubes.server.server(port=0, bindaddr='::', fam='any', typ='tcp', callback=None, blocking=False, *args, **kwargs)[source]

Bases: sock

Creates an TCP or UDP-server to listen for connections. It supports both IPv4 and IPv6.

Parameters
  • port (int) – The port to connect to. Defaults to a port auto-selected by the operating system.

  • bindaddr (str) – The address to bind to. Defaults to 0.0.0.0 / ::.

  • fam – The string “any”, “ipv4” or “ipv6” or an integer to pass to socket.getaddrinfo().

  • typ – The string “tcp” or “udp” or an integer to pass to socket.getaddrinfo().

  • callback – A function to be started on incoming connections. It should take a pwnlib.tubes.remote as its only argument.

Examples

>>> s = server(8888)
>>> client_conn = remote('localhost', s.lport)
>>> server_conn = s.next_connection()
>>> client_conn.sendline(b'Hello')
>>> server_conn.recvline()
b'Hello\n'
>>> def cb(r):
...     client_input = r.readline()
...     r.send(client_input[::-1])
...
>>> t = server(8889, callback=cb)
>>> client_conn = remote('localhost', t.lport)
>>> client_conn.sendline(b'callback')
>>> client_conn.recv()
b'\nkcabllac'
__init__(port=0, bindaddr='::', fam='any', typ='tcp', callback=None, blocking=False, *args, **kwargs)[source]
close()[source]

Closes the tube.

canonname = None[source]

Canonical name of the listening interface

family = None[source]

Socket family

lhost = None[source]

Local host

lport = 0[source]

Local port

protocol = None[source]

Socket protocol

sockaddr = None[source]

Sockaddr structure that is being listened on

type = None[source]

Socket type (e.g. socket.SOCK_STREAM)