It’s a tad bit clunky, but you need to use the stdout buffer:
python3 -c "import sys; sys.stdout.buffer.write(b'A'*5 + b'\xde\xad\xc0\xde')" | xxd
00000000: 4141 4141 41de adc0 de AAAAA....
When using pwntools
, you usually don’t need to care about the encoding back and forth, though. The tubes accept byte strings, by default. That way, you can (transparently) send binary data to a process’ stdin, a network socket, or whatever you need to communicate with.
E.g. for locally testing/developing an exploit, you can use something like:
from pwn import *
REMOTE=False # switch to True, once your exploit works locally
if REMOTE:
p = remote('vulnservice.web', 1234)
else:
p = process('./vuln-binary')
banner = p.read(1024)
buffer = b'A'*5 # padding to reach overflow
buffer += b'\xde\xad\xc0\xde' # return address of JMP ESP in glibc
buffer += fancy_shellcode
p.send(buffer)
...