I'm new to exploit development and looking for advice.
My question is: how can I keep giving input from one terminal and debug my program on another?
I usually use gdb.debug from pwntools when having graphical interface, but now I can only SSH remote to the machine which runs the binary, which means gdb.debug cannot create a new terminal.
I saw a video of a demonstration doing that technique in VIM. How can I achieve that?
gdb.debug should still work if you're using SSH as long as you set context.terminal to the right value (e.g. tmux).
Here's a copy and paste of a response to a similar question:
You can use the pwnlib.gdb to interface with gdb.
You can use the gdb.attach() function: From the docs:
bash = process('bash')
# Attach the debugger
gdb.attach(bash, '''
set follow-fork-mode child
break execve
continue
''')
# Interact with the process
bash.sendline('whoami')
or you can use gdb.debug():
# Create a new process, and stop it at 'main'
io = gdb.debug('bash', '''
# Wait until we hit the main executable's entry point
break _start
continue
# Now set breakpoint on shared library routines
break malloc
break free
continue
''')
# Send a command to Bash
io.sendline("echo hello")
# Interact with the process
io.interactive()
The pwntools template contains code to get you started with debugging with gdb. You can create the pwntools template by running pwn template ./binary_name > template.py. Then you have to add the GDB arg when you run template.py to debug: ./template.py GDB.
If you get [ERROR] Could not find a terminal binary to use., you might need to set context.terminal before you use gdb.
If you're using tmux, the following will automatically open up a gdb debugging session in a new horizontally split window:
context.terminal = ["tmux", "splitw", "-h"]
And to split the screen with the new gdb session window vertically:
context.terminal = ["tmux", "splitw", "-v"]
(To use tmux, install tmux on your machine, and then just type tmux to start it. Then type python template.py GDB.
If none of the above works, then you can always just start your script, use ps aux, find the PID, and then use gdb -p PID to attach to the running process.
You don't need to use vim to use pwntools's gdb features like the guy did in the video you linked, but here's an explanation on what he did (vim's also a nice tool regardless):
While editing his pwn script in vim, the guy first executed the following command:
:!./%
: enters command mode in vim! executes a shell command% is basically the name of the file you're currently editing in vimSo if your exploit script was named template.py running :!./% in vim would be the same as running ./template.py in your terminal. This just runs the exploit and enters interactive mode.
It's just a way shortcut to execute your script in vim.
Later, the guy also uses :!./% GDB to actually launch the pwntools gdb session. It's the same thing as running python template.py GDB.
