python - What does `@pwnlib.memleak.MemLeak.NoNewlines` mean? -


i stumbled upon following piece of code here:

@pwnlib.memleak.memleak.nonewlines def fmtleak(addr):     ...     return res  printf_leaked = fmtleak.q(printf_got) ...

can please explain @pwnlib.memleak.memleak.nonewlines (on beginning line) , fmtleak.q mean in context? sort of python syntax used, , they?

welcome pwntools -- pwnlib.

i'm going explain you're talking about. i'm assuming know call stack is, , exploitation techniques such information leakage , uncontrolled format string known format string bug; need learn don't know among them understand i'm going say.

dynelf

the writer of the article mentioned trying use dynelf, 1 of features provided pwntools resolves remote functions using leaks. dynelf requires python function or pwnlib.memleak.memleak object leaks data @ given address as possible.

class pwnlib.dynelf.dynelf(leak, pointer=none, elf=none)

dynelf knows how resolve symbols in remote processes via infoleak(information leakage) or memleak(memory leakage) vulnerability encapsulated pwnlib.memleak.memleak.

decorator

first of all,

@pwnlib.memleak.memleak.nonewlines def fmtleak(addr):     ...     return res  printf_leaked = fmtleak.q(printf_got)

is equivalent to

def fmtleak(addr):     ...     return res fmtleak = pwnlib.memleak.memleak.nonewlines(fmtleak) printf_leaked = fmtleak.q(printf_got)

; @ python syntax decorators.

so fmtleak becomes instance of memleak class, returned nonewlines method.

nonewlines

pwnlib.memleak.memleak.nonewlines, static method of pwnlib.memleak.memleak class, creates pwnlib.memleak.memleak object, leak function(function leak data) wrapped wrapper function ignores leakage request memory addresses memory representations contain byte newline character, 0x0a('\n'). reason why needed because there cases such as: leaking data @ address using uncontrolled format string function such fgets, stops read when reads newline, can lead unintended data resulting when address has newline byte.

from man page fgets function:

fgets() reads in @ 1 less size characters stream , stores them buffer pointed s. reading stops after eof or newline.

from pwnlib/memleak.py:

@staticmethod def nonewlines(function):     """wrapper leak functions such addresses contain newline     bytes not leaked.      useful if address used leak provided     e.g. ``fgets()``.     """      @functools.wraps(function, updated=[])     def whitespace_wrapper(address, *a, **kw):         if '\n' in pack(address):             log.info('ignoring leak request %#x: contains newlines' % address)             return none         return function(address, *a, **kw)      return memleak(whitespace_wrapper)

memleak class's q method

q method, of memleak class, tries leak 64 bits of value @ given memory address leak function provided. if cannot leak completely, returns none.

from pwnlib/memleak.py:

def q(self, addr, ndx = 0):     """q(addr, ndx = 0) -> int      leak qword @ ``((uint64_t*) addr)[ndx]``      examples:          >>> import string         >>> data = string.ascii_lowercase         >>> l = memleak(lambda a: data[a:a+16], reraise=false)         >>> l.q(0) == unpack('abcdefgh', 64)         true         >>> l.q(18) == unpack('stuvwxyz', 64)         true         >>> l.q(19) none         true     """     return self._b(addr, ndx, 8)

-

Comments

Post a Comment

Popular posts from this blog

python - How to insert QWidgets in the middle of a Layout? -

Image
i'm using qt framework build graphical user interface. use qgridlayout position qwidgets neatly. gui looks this: my application regularly adds new widgets gui @ runtime. these new widgets not added @ end of qlayout, somewhere in middle. the procedure bit cumbersome. applied on figure above, need take out widg_c , widg_d , ... qgridlayout. next, add widg_x and widg_y , , put other widgets again. how remove widgets qgridlayout: for in reversed(range(mygridlayout.count())): self.itemat(i).widget().setparent(none) ### as long you're dealing small amount of widgets, procedure not disaster. in application display lot of small widgets - perhaps 50 or more! application freezes second while procedure ongoing, annoying user. there way insert widgets somewhere in qlayout, without need take out other widgets? edit: apparently solution qvboxlayout simple. use function insertwidget(..) instead of addwidget(..) . docs can found link: http://doc.qt.io/qt-5/qboxlayou
Read more

python - serve multiple gunicorn django instances under nginx ubuntu -

i need serve 2 webs apps (django) on gunicorn under different domain names using nginx on ubuntu. started using tutorial: https://www.digitalocean.com/community/tutorials/how-to-set-up-django-with-postgres-nginx-and-gunicorn-on-ubuntu-16-04 it worked fine 1 using that. tried same thing second gives me 502 gateway second domain. tried following tutorial: http://michal.karzynski.pl/blog/2013/10/29/serving-multiple-django-applications-with-nginx-gunicorn-supervisor/ i'm @ part run gunicorn start script: sudo bin/gunicorn_start i response: starting webuildblack root traceback (most recent call last): file "/home/devin/webuildblack/bin/gunicorn", line 7, in <module> gunicorn.app.wsgiapp import run importerror: no module named 'gunicorn.app'; 'gunicorn' not package you have named program gunicorn.py gunicorn -package. rename file , remove gunicorn.pyc file.
Read more

module - Prestashop displayPaymentReturn hook url -

i new prestashop developer , trying create paymentmodule. have got show payment method can not proceed purchase because not know hot works. does know should redirect run hooddisplaypaymentreturn method? i happy if explain me complete navigation map make purchase. anyway, can find relation between hooks , pages? when have new module payment rely on simplest provided prestashop: bankwire. inside can find 3 hooks. hookpayment: public function hookpayment($params) { if (!$this->active) return; if (!$this->checkcurrency($params['cart'])) return; $this->smarty->assign(array( 'this_path' => $this->_path, 'this_path_bw' => $this->_path, 'this_path_ssl' => tools::getshopdomainssl(true, true).__ps_base_uri__.'modules/'.$this->name.'/' )); return $this->display(__file__, 'payment.tpl'); } hookdisplaypaymenteu: public fun
Read more