pwnlib.tubes.sock — Sockets

class pwnlib.tubes.sock.sock[source]

Bases: pwnlib.tubes.tube.tube

Base type used for tubes.remote and tubes.listen classes

class pwnlib.tubes.remote.remote(host, port, fam='any', typ='tcp', ssl=False, sock=None, *args, **kwargs)[source]

Bases: pwnlib.tubes.sock.sock

Creates a TCP or UDP-connection to a remote host. It supports both IPv4 and IPv6.

The returned object supports all the methods from pwnlib.tubes.sock and pwnlib.tubes.tube.

Parameters:
  • host (str) – The host to connect to.
  • port (int) – The port to connect to.
  • fam – The string “any”, “ipv4” or “ipv6” or an integer to pass to socket.getaddrinfo().
  • typ – The string “tcp” or “udp” or an integer to pass to socket.getaddrinfo().
  • timeout – A positive number, None or the string “default”.
  • ssl (bool) – Wrap the socket with SSL
  • sock (socket.socket) – Socket to inherit, rather than connecting

Examples

>>> r = remote('google.com', 443, ssl=True)
>>> r.send('GET /\r\n\r\n')
>>> r.recvn(4)
'HTTP'

If a connection cannot be made, an exception is raised.

>>> r = remote('127.0.0.1', 1)
Traceback (most recent call last):
...
PwnlibException: Could not connect to 127.0.0.1 on port 1

You can also use remote.fromsocket() to wrap an existing socket.

>>> import socket
>>> s = socket.socket()
>>> s.connect(('google.com', 80))
>>> s.send('GET /' + '\r\n'*2)
9
>>> r = remote.fromsocket(s)
>>> r.recvn(4)
'HTTP'
classmethod fromsocket(socket)[source]

Helper method to wrap a standard python socket.socket with the tube APIs.

Parameters:socket – Instance of socket.socket
Returns:Instance of pwnlib.tubes.remote.remote.
class pwnlib.tubes.listen.listen(port=0, bindaddr='0.0.0.0', fam='any', typ='tcp', *args, **kwargs)[source]

Bases: pwnlib.tubes.sock.sock

Creates an TCP or UDP-socket to receive data on. It supports both IPv4 and IPv6.

The returned object supports all the methods from pwnlib.tubes.sock and pwnlib.tubes.tube.

Parameters:
  • port (int) – The port to connect to. Defaults to a port auto-selected by the operating system.
  • bindaddr (str) – The address to bind to. Defaults to 0.0.0.0 / ::.
  • fam – The string “any”, “ipv4” or “ipv6” or an integer to pass to socket.getaddrinfo().
  • typ – The string “tcp” or “udp” or an integer to pass to socket.getaddrinfo().

Examples

>>> l = listen(1234)
>>> r = remote('localhost', l.lport)
>>> _ = l.wait_for_connection()
>>> l.sendline('Hello')
>>> r.recvline()
'Hello\n'
>>> l = listen()
>>> l.spawn_process('/bin/sh')
>>> r = remote('localhost', l.lport)
>>> r.sendline('echo Goodbye')
>>> r.recvline()
'Goodbye\n'
close()[source]

Closes the tube.

spawn_process(*args, **kwargs)[source]

Spawns a new process having this tube as stdin, stdout and stderr.

Takes the same arguments as subprocess.Popen.

wait_for_connection()[source]

Blocks until a connection has been established.

canonname = None[source]

Canonical name of the listening interface

family = None[source]

Socket family

lhost = None[source]

Local host

lport = 0[source]

Local port

protocol = None[source]

Socket protocol

sockaddr = None[source]

Sockaddr structure that is being listened on

type = None[source]

Socket type (e.g. socket.SOCK_STREAM)

class pwnlib.tubes.server.server(port=0, bindaddr='0.0.0.0', fam='any', typ='tcp', callback=None, blocking=False, *args, **kwargs)[source]

Bases: pwnlib.tubes.sock.sock

Creates an TCP or UDP-server to listen for connections. It supports both IPv4 and IPv6.

Parameters:
  • port (int) – The port to connect to. Defaults to a port auto-selected by the operating system.
  • bindaddr (str) – The address to bind to. Defaults to 0.0.0.0 / ::.
  • fam – The string “any”, “ipv4” or “ipv6” or an integer to pass to socket.getaddrinfo().
  • typ – The string “tcp” or “udp” or an integer to pass to socket.getaddrinfo().
  • callback – A function to be started on incoming connections. It should take a pwnlib.tubes.remote as its only argument.

Examples

>>> s = server(8888)
>>> client_conn = remote('localhost', s.lport)
>>> server_conn = s.next_connection()
>>> client_conn.sendline('Hello')
>>> server_conn.recvline()
'Hello\n'
>>> def cb(r):
...     client_input = r.readline()
...     r.send(client_input[::-1])
...
>>> t = server(8889, callback=cb)
>>> client_conn = remote('localhost', t.lport)
>>> client_conn.sendline('callback')
>>> client_conn.recv()
'\nkcabllac'
close()[source]

Closes the tube.

canonname = None[source]

Canonical name of the listening interface

family = None[source]

Socket family

lhost = None[source]

Local host

lport = 0[source]

Local port

protocol = None[source]

Socket protocol

sockaddr = None[source]

Sockaddr structure that is being listened on

type = None[source]

Socket type (e.g. socket.SOCK_STREAM)