k3170makan/payloadgen.py

## payloadgen.py
import sys
from optparse import OptionParser
NSEH = "90_90_0C_eb"
def string(len=1,char="A"):
	return "".join([char for i in range(len)])
def seh_string(len=1,rip="AAAA",char="A"):
	return "".join([char for i in range(len-8)]) + tohex(NSEH) + tohex(rip)
def rip_string(len=1,rip="AAAA",char="A"): #should account for endianess
	return "".join([char for i in range(len-4)]) + tohex(rip)
def tohex(string):
	print "".join([ c for c in string.split("_") if len(c) != 0])
	return "".join([ chr(int(c,16)) for c in string.split("_") if len(c) != 0])
def file_output(name,payload):
	handle = open(name,'w')
	handle.write(payload)
	handle.flush()
	handle.close()

def cmd_output(payload):
	sys.stdout.write(payload)
	sys.stdout.flush()
	sys.stdout.close()

def usage():
	print "Usage : payloadgen [-o/--output output file ] [-i/--rip rip_address] [-l/--length payload length] [-c/--char fuzz char length ]"
if __name__=="__main__":
	parser = OptionParser()
	parser.add_option("-o","--output",dest="output_file",type="string",action="store")
	parser.add_option("-l","--length",dest="length",type="string",action="store")
	parser.add_option("-c","--char",dest="fuzz_char",type="string",action="store")
	parser.add_option("-i","--rip",dest="rip_address",type="string",action="store")
	parser.add_option("-s","--seh",dest="seh",action="store_true")

	options,args = parser.parse_args()
	if options.length == None:
		usage()
		sys.exit(1)
	#only supports file output now
	if options.output_file == None and (options.fuzz_char != None and options.length != None):
		cmd_output(string(char=options.fuzz_char,len=int(options.length)))
	elif options.fuzz_char != None and options.length != None:
		file_output(options.output_file,string(char=options.fuzz_char,len=int(options.length)))
	elif options.fuzz_char != None and options.length != None:
			file_output(options.output_file,string(char=options.fuzz_char,len=int(options.length)))
	elif options.length != None and options.rip_address != None and options.seh:
			cmd_output(seh_string(rip=options.rip_address,len=int(options.length)))
	elif options.length != None and options.rip_address != None:
			cmd_output(rip_string(rip=options.rip_address,len=int(options.length)))
	elif options.length != None:
			cmd_output(string(int(options.length)))
	else:
		usage()
	import sys
	from optparse import OptionParser
	NSEH = "90_90_0C_eb"
	def string(len=1,char="A"):
	return "".join([char for i in range(len)])
	def seh_string(len=1,rip="AAAA",char="A"):
	return "".join([char for i in range(len-8)]) + tohex(NSEH) + tohex(rip)
	def rip_string(len=1,rip="AAAA",char="A"): #should account for endianess
	return "".join([char for i in range(len-4)]) + tohex(rip)
	def tohex(string):
	print "".join([ c for c in string.split("_") if len(c) != 0])
	return "".join([ chr(int(c,16)) for c in string.split("_") if len(c) != 0])
	def file_output(name,payload):
	handle = open(name,'w')
	handle.write(payload)
	handle.flush()
	handle.close()

	def cmd_output(payload):
	sys.stdout.write(payload)
	sys.stdout.flush()
	sys.stdout.close()

	def usage():
	print "Usage : payloadgen [-o/--output output file ] [-i/--rip rip_address] [-l/--length payload length] [-c/--char fuzz char length ]"
	if __name__=="__main__":
	parser = OptionParser()
	parser.add_option("-o","--output",dest="output_file",type="string",action="store")
	parser.add_option("-l","--length",dest="length",type="string",action="store")
	parser.add_option("-c","--char",dest="fuzz_char",type="string",action="store")
	parser.add_option("-i","--rip",dest="rip_address",type="string",action="store")
	parser.add_option("-s","--seh",dest="seh",action="store_true")

	options,args = parser.parse_args()
	if options.length == None:
	usage()
	sys.exit(1)
	#only supports file output now
	if options.output_file == None and (options.fuzz_char != None and options.length != None):
	cmd_output(string(char=options.fuzz_char,len=int(options.length)))
	elif options.fuzz_char != None and options.length != None:
	file_output(options.output_file,string(char=options.fuzz_char,len=int(options.length)))
	elif options.fuzz_char != None and options.length != None:
	file_output(options.output_file,string(char=options.fuzz_char,len=int(options.length)))
	elif options.length != None and options.rip_address != None and options.seh:
	cmd_output(seh_string(rip=options.rip_address,len=int(options.length)))
	elif options.length != None and options.rip_address != None:
	cmd_output(rip_string(rip=options.rip_address,len=int(options.length)))
	elif options.length != None:
	cmd_output(string(int(options.length)))
	else:
	usage()