Create a gist now

Instantly share code, notes, and snippets.

Embed
Simple python script to help with simple test strings for exploit development.
import sys
from optparse import OptionParser
NSEH = "90_90_0C_eb"
def string(len=1,char="A"):
return "".join([char for i in range(len)])
def seh_string(len=1,rip="AAAA",char="A"):
return "".join([char for i in range(len-8)]) + tohex(NSEH) + tohex(rip)
def rip_string(len=1,rip="AAAA",char="A"): #should account for endianess
return "".join([char for i in range(len-4)]) + tohex(rip)
def tohex(string):
print "".join([ c for c in string.split("_") if len(c) != 0])
return "".join([ chr(int(c,16)) for c in string.split("_") if len(c) != 0])
def file_output(name,payload):
handle = open(name,'w')
handle.write(payload)
handle.flush()
handle.close()
def cmd_output(payload):
sys.stdout.write(payload)
sys.stdout.flush()
sys.stdout.close()
def usage():
print "Usage : payloadgen [-o/--output output file ] [-i/--rip rip_address] [-l/--length payload length] [-c/--char fuzz char length ]"
if __name__=="__main__":
parser = OptionParser()
parser.add_option("-o","--output",dest="output_file",type="string",action="store")
parser.add_option("-l","--length",dest="length",type="string",action="store")
parser.add_option("-c","--char",dest="fuzz_char",type="string",action="store")
parser.add_option("-i","--rip",dest="rip_address",type="string",action="store")
parser.add_option("-s","--seh",dest="seh",action="store_true")
options,args = parser.parse_args()
if options.length == None:
usage()
sys.exit(1)
#only supports file output now
if options.output_file == None and (options.fuzz_char != None and options.length != None):
cmd_output(string(char=options.fuzz_char,len=int(options.length)))
elif options.fuzz_char != None and options.length != None:
file_output(options.output_file,string(char=options.fuzz_char,len=int(options.length)))
elif options.fuzz_char != None and options.length != None:
file_output(options.output_file,string(char=options.fuzz_char,len=int(options.length)))
elif options.length != None and options.rip_address != None and options.seh:
cmd_output(seh_string(rip=options.rip_address,len=int(options.length)))
elif options.length != None and options.rip_address != None:
cmd_output(rip_string(rip=options.rip_address,len=int(options.length)))
elif options.length != None:
cmd_output(string(int(options.length)))
else:
usage()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment