pwn基本用法(PWN basic usage)

连接服务

#!/usr/bin/python3

from pwn import *

conn = remote('ftp.ubuntu.com',21)

str = conn.recvline()
print(str)

conn.send(b'USER anonymous\r\n')

str = conn.recvuntil(b' ', drop=True)
print(str)

str = conn.recvline()
print(str)

conn.close()

连接ssh

#!/usr/bin/python3

from pwn import *

shell = ssh('bandit0', 'bandit.labs.overthewire.org', password='bandit0', port=2220)

str = shell['whoami']
print(str)

shell.download_file('/etc/motd')

sh = shell.run('sh')

sh.sendline(b'sleep 3; echo hello world;') 
str = sh.recvline(timeout=1)
print(str)
str = sh.recvline(timeout=5)
print(str)

shell.close()

连接本地进程

#!/usr/bin/python3

from pwn import *

sh = process('/bin/sh')
sh.sendline(b'sleep 3; echo hello world;')

str = sh.recvline(timeout=1)
print(str)
str = sh.recvline(timeout=5)
print(str)

sh.close()
————————

Connection service

#!/usr/bin/python3

from pwn import *

conn = remote('ftp.ubuntu.com',21)

str = conn.recvline()
print(str)

conn.send(b'USER anonymous\r\n')

str = conn.recvuntil(b' ', drop=True)
print(str)

str = conn.recvline()
print(str)

conn.close()

Connect SSH

#!/usr/bin/python3

from pwn import *

shell = ssh('bandit0', 'bandit.labs.overthewire.org', password='bandit0', port=2220)

str = shell['whoami']
print(str)

shell.download_file('/etc/motd')

sh = shell.run('sh')

sh.sendline(b'sleep 3; echo hello world;') 
str = sh.recvline(timeout=1)
print(str)
str = sh.recvline(timeout=5)
print(str)

shell.close()

Connect to local process

#!/usr/bin/python3

from pwn import *

sh = process('/bin/sh')
sh.sendline(b'sleep 3; echo hello world;')

str = sh.recvline(timeout=1)
print(str)
str = sh.recvline(timeout=5)
print(str)

sh.close()