diff options
Diffstat (limited to 'pwnlib/data/templates/pwnup.mako')
-rw-r--r-- | pwnlib/data/templates/pwnup.mako | 32 |
1 files changed, 31 insertions, 1 deletions
diff --git a/pwnlib/data/templates/pwnup.mako b/pwnlib/data/templates/pwnup.mako index 5690e26..e472170 100644 --- a/pwnlib/data/templates/pwnup.mako +++ b/pwnlib/data/templates/pwnup.mako @@ -1,4 +1,4 @@ -<%page args="binary, host=None, port=None, user=None, password=None, remote_path=None, quiet=False"/>\ +<%page args="binary, host=None, port=None, user=None, password=None, libc=None, remote_path=None, quiet=False"/>\ <% import os import sys @@ -31,6 +31,7 @@ elif host and not port: remote_path = remote_path or exe password = password or 'secret1234' binary_repr = repr(binary) +libc_repr = repr(libc) %>\ #!/usr/bin/env python3 # -*- coding: utf-8 -*- @@ -83,6 +84,35 @@ if not args.LOCAL: shell.set_working_directory(symlink=True) %endif +%if libc: +%if not quiet: +# Use the specified remote libc version unless explicitly told to use the +# local system version with the `LOCAL_LIBC` argument. +# ./exploit.py LOCAL LOCAL_LIBC +%endif +if args.LOCAL_LIBC: + libc = exe.libc +%if host: +elif args.LOCAL: +%else: +else: +%endif + library_path = libcdb.download_libraries(${libc_repr}) + if library_path: + %if ctx.binary: + exe = context.binary = ELF.patch_custom_libraries(${binary_repr}, library_path) + %else: + exe = ELF.patch_custom_libraries(exe, library_path) + %endif + libc = exe.libc + else: + libc = ELF(${libc_repr}) +%if host: +else: + libc = ELF(${libc_repr}) +%endif +%endif + %if host: def start_local(argv=[], *a, **kw): '''Execute the target binary locally''' |