Created
May 18, 2018 05:02
-
-
Save k3170makan/2a053b493ed50856cbbf472e146e490b to your computer and use it in GitHub Desktop.
Simple python script to help with simple test strings for exploit development.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import sys | |
from optparse import OptionParser | |
NSEH = "90_90_0C_eb" | |
def string(len=1,char="A"): | |
return "".join([char for i in range(len)]) | |
def seh_string(len=1,rip="AAAA",char="A"): | |
return "".join([char for i in range(len-8)]) + tohex(NSEH) + tohex(rip) | |
def rip_string(len=1,rip="AAAA",char="A"): #should account for endianess | |
return "".join([char for i in range(len-4)]) + tohex(rip) | |
def tohex(string): | |
print "".join([ c for c in string.split("_") if len(c) != 0]) | |
return "".join([ chr(int(c,16)) for c in string.split("_") if len(c) != 0]) | |
def file_output(name,payload): | |
handle = open(name,'w') | |
handle.write(payload) | |
handle.flush() | |
handle.close() | |
def cmd_output(payload): | |
sys.stdout.write(payload) | |
sys.stdout.flush() | |
sys.stdout.close() | |
def usage(): | |
print "Usage : payloadgen [-o/--output output file ] [-i/--rip rip_address] [-l/--length payload length] [-c/--char fuzz char length ]" | |
if __name__=="__main__": | |
parser = OptionParser() | |
parser.add_option("-o","--output",dest="output_file",type="string",action="store") | |
parser.add_option("-l","--length",dest="length",type="string",action="store") | |
parser.add_option("-c","--char",dest="fuzz_char",type="string",action="store") | |
parser.add_option("-i","--rip",dest="rip_address",type="string",action="store") | |
parser.add_option("-s","--seh",dest="seh",action="store_true") | |
options,args = parser.parse_args() | |
if options.length == None: | |
usage() | |
sys.exit(1) | |
#only supports file output now | |
if options.output_file == None and (options.fuzz_char != None and options.length != None): | |
cmd_output(string(char=options.fuzz_char,len=int(options.length))) | |
elif options.fuzz_char != None and options.length != None: | |
file_output(options.output_file,string(char=options.fuzz_char,len=int(options.length))) | |
elif options.fuzz_char != None and options.length != None: | |
file_output(options.output_file,string(char=options.fuzz_char,len=int(options.length))) | |
elif options.length != None and options.rip_address != None and options.seh: | |
cmd_output(seh_string(rip=options.rip_address,len=int(options.length))) | |
elif options.length != None and options.rip_address != None: | |
cmd_output(rip_string(rip=options.rip_address,len=int(options.length))) | |
elif options.length != None: | |
cmd_output(string(int(options.length))) | |
else: | |
usage() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment