-
Notifications
You must be signed in to change notification settings - Fork 0
/
helper.py
145 lines (118 loc) · 3.91 KB
/
helper.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
#!/usr/bin/env python
import sys
import struct
import socket
DEBUG = True
def u8(x):
return struct.unpack("<B", x)[0]
def u16(x):
return struct.unpack("<H", x)[0]
def u32(x):
return struct.unpack("<I", x)[0]
def u64(x):
return struct.unpack("<Q", x)[0]
def p8(x):
return struct.pack("<B", x)
def p16(x):
return struct.pack("<H", x)
def p32(x):
return struct.pack("<I", x)
def p64(x):
return struct.pack("<Q", x)
def log(x):
print(x)
def debug(x):
log("[*] {:s}".format(x)) if DEBUG else None
def ok(x):
log("[+] {:s}".format(x))
def err(x):
log("[-] {:s}".format(x))
def warn(x):
log("[!] {:s}".format(x))
def pattern_create(length = 8192, unicode = False):
pattern = ''
parts = ['A', 'a', '0'] if not unicode else ['A\x00', 'a\x00', '0\x00']
try:
if not isinstance(length, (int, long)) and length.startswith('0x'):
length = int(length, 16)
elif not isinstance(length, (int, long)):
length = int(length, 10)
except ValueError:
print 'ValueError'
sys.exit(254)
while len(pattern) != (length * (2 if unicode else 1)):
pattern += parts[(len(pattern) / (2 if unicode else 1)) % 3]
if len(pattern) % 3 == 0:
parts[2] = chr(ord(parts[2][:1]) + 1) + ('\x00' if unicode else '')
if parts[2][:1] > '9':
parts[2] = '0' + ('\x00' if unicode else '')
parts[1] = chr(ord(parts[1][:1]) + 1) + ('\x00' if unicode else '')
if parts[1][:1] > 'z':
parts[1] = 'a' + ('\x00' if unicode else '')
parts[0] = chr(ord(parts[0][:1]) + 1) + ('\x00' if unicode else '')
if parts[0][:1] > 'Z':
parts[0] = 'A' + ('\x00' if unicode else '')
return pattern
def pattern_offset(value, length = 8192):
original_value = value
try:
if value.startswith('0x'):
value = struct.pack('<I', int(value, 16))
except ValueError:
raise Exception('pattern_offset: invalid value ' + value)
pattern = pattern_create(length)
try:
return pattern.index(value)
except ValueError:
try:
index = pattern_create(length, True).index(value)
warn("Unicode pattern matching")
return index
except ValueError:
raise Exception('pattern_offset: ' + original_value + ' not found')
def generate_badchars(avoid = ''):
badchars = ''
badchars_print = ''
for i in range(0x20, 255):
if not chr(i) in avoid:
badchars += chr(i)
badchars_print += '\\x' + hex(i)[2:].rjust(2, '0')
print "generated badchars:"
print badchars_print
return badchars
def save_file(filename, content):
print 'generating %s.. [size: %d]' % (filename, len(content))
f = open(filename, 'w')
f.write(content)
f.close()
def fill(payload, total_length, filler = 'D'):
if (total_length - len(payload)) >= 0:
return 'D' * (total_length - len(payload))
else:
raise Exception('payload too big')
def connect_tcp(host, port):
print("[TCP] connected to %s:%d" %(host, port))
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((host, port))
return s
def connect_udp():
print("[UDP] create UDP socket")
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
return s
def print_help():
print 'Usage: %s create <buflen>' % sys.argv[0]
print 'Usage: %s offset <value> [buflen=8192]' % sys.argv[0]
sys.exit(-1)
def main():
if len(sys.argv) < 3 or sys.argv[1].lower() not in ['create', 'offset']:
print_help()
command = sys.argv[1].lower()
num_value = sys.argv[2]
if command == 'create':
print pattern_create(num_value)
elif len(sys.argv) == 4:
print pattern_offset(num_value, sys.argv[3])
else:
print pattern_offset(num_value)
if __name__ == '__main__':
main()