Making pwnlib.gdb.attach work under WSL2
I'm doing my CTFing under Windows. I used to spawn a VirtualBox or Hyper-V with Ubuntu from time to time when needed or used Digital Ocean's droplet but since WSL is in town and especially with the speed-up improvements that WSL2 brings I rarely do that. I do "all" my Linux part of CTF using WSL.
For RE (which is my main area of interest) it mostly boils down to running a binary or jumping into
gdb on occasion and for that I didn't need anything fancy. But, I've recently started to teach myself some pwn and for that the only logical choice is to use
The usual starting script is to create a local context and attach gdb from
Something along the lines:
And I did that, but instead attaching to gdb I got unexpected error
context.terminal set so we need to do that but what should it be in case of WSL?
My first idea was to pass
wsl.exe to this property, with additional option
-e to indicate that we want to execute the
context.terminal = ['wsl.exe','-e']
That worked, well partially, kinda.
And the process hangs. Maybe it did execute
gdb correctly but I did not get an extra window with the
gdb in it so for me it was like a fail.
Let's resort to duckduckgo and search for wsl terminal. The first link it gives was something that looks promising - wsl-terminal.
Installing the tool it gives a program - called
open-wsl that supposed to work as a terminal emulation under wsl. Let's point our
context.terminal to this new binary.
context.terminal = ['<path-to>/open-wsl.exe','-e']
Executing the script gives this
so still some kind of error, but this time we did get a new terminal window with
So a little bit of progress. Let's focus on the error we do have at the moment:
File "/home/ubuntu/.local/lib/python3.6/site-packages/pwnlib/util/proc.py", line 349, in wait_for_
l.error("debugger exited! (maybe check /proc/sys/kernel/yama/ptrace_scope)")
AttributeError: 'Progress' object has no attribute 'error'
If we would inspect the object
l, we wouldn't find a method
.error but it does have something close enough -
.failure. Maybe it is a bug and our
pwntools aren't updated to the latest. Updating
pwntools took few seconds but it didn't help.
Let's manually modify the file, so that in case of an exception it uses
.failure instead of
.error. Quick & dirty change so let's run it again.
And with that fix, our
.attach() to gdb works!
There's still an error that states that debugger exited! but I don't mind that, if I can use it with its' full power.
Final starting script would be:
Should we file an issue into
pwntools repo? Apparently this was know as it is fixed in the
dev branch but haven't been yet merged to stable.