from pwn import *

BINARY = '<path_to_binary>'
IP, PORT = '<ip>', 8080
LOCAL = True

if LOCAL:
	p = process(BINARY)				# Makes pipe fd
if not LOCAL
	p = remote(IP, PORT)			# Makes socket fd


p.recv(1024, timeout=3)				# Accepts 1024 bytes from 'p'
									# If the pipe/socket is closed, p with return EOF Error
									# After 3 seconds, execution will continue, except if EOF Error occurs

p.recvuntil('Zafirr', timeout=3)	# Accepts all bytes until string "Zafirr" is found
									# If the pipe/socket is closed, p with return EOF Error
									# After 3 seconds, execution will continue, except if EOF Error occurs

p.send("<3")						# Will send "<3" to 'p'
									# If the pipe/socket is closed, p with return EOF Error

p.sendline("<3")					# Will send "<3\n" to 'p'
									# If the pipe/socket is closed, p with return EOF Error

p.sendafter("Zafirr", "<3")			# Will send "<3" to 'p' IF AND ONLY IF "Zafirr" is recieved first
									# If the pipe/socket is closed, p with return EOF Error

p.sendlineafter("Zafirr", "<3")		# Will send "<3\n" to 'p' IF AND ONLY IF "Zafirr" is recieved first
									# If the pipe/socket is closed, p with return EOF Error

p.interactive()						# Will dup pipe/socket fd's to /dev/tty
									# Will run even is p is closed

p.close()							# Closes 'p'




p32(0x1)							# Equivalent to struct.pack("<I", 0x1)
									# Packs number to little endien equivalent
									# Returns 4 bytes long string

p64(0x1)							# Equivalent to struct.pack("<Q", 0x1)
									# Packs number to little endien equivalent
									# Returns 8 bytes long string

u32('asdf')							# Equivalent to struct.unpack("<I", 'asdf')
									# Unpacks string to integer equivalent
									# Must be 4 bytes long

u64('asdfasdf')						# Equivalent to struct.unpack("<Q", 'asdfasdf')
									# Unpacks string to long integer equivalent
									# Must be 8 bytes long

# Important
context.arch = 'i386'				# Sets architecture context to 32-bit
# Important
context.arch = 'amd64'				# Sets architecture context to 64-bit
# etc



shellcode = 'mov eax, 0'
asm(shellcode)						# Assembles assembly language into machine language

disasm('\x58')						# Disassembles machine language into assembly language



# Happy Pwning :)