Skip to content

Instantly share code, notes, and snippets.



Last active Mar 25, 2018
What would you like to do?
One liner determining whether Metasploit's msfpescan's output addresses are printable (contain only ascii characters) or not.
# Consider having following input gathered from Metasploit's msfpescan utility (msfpescan -M -p dump/ ):
# bash$ cat msfpescan.log
# [./6d210000.rng]
# 0x6d21185f pop edi; pop esi; ret
# 0x6d213ba2 pop esi; pop ebp; ret
# 0x6d213d2b pop esi; pop ebp; ret
# 0x6d213f03 pop edi; pop esi; ret
# 0x6d2140bf pop ebx; pop ebp; ret
# 0x6d2146ae pop esi; pop ebx; ret
# 0x6d214c66 pop ebx; pop ebp; ret
# 0x6d214d01 pop ebx; pop ebp; ret
# Now the task is to list those of the addresses, that are build from only printable characters. The output shall be:
# 0x6d21185f: printable = 0
# 0x6d213ba2: printable = 0
# 0x6d213d2b: printable = 1
# 0x6d213f03: printable = 0
# 0x6d2140bf: printable = 0
# 0x6d2146ae: printable = 0
# 0x6d214c66: printable = 1
# 0x6d214d01: printable = 0
IFS=$'\n'; for line in $(cat msfpescan.log); do echo -e "$line" | ADDR=$(awk '{printf $1}') python -c "import struct,os,string;addr=int(os.getenv('ADDR'),16);print '0x%x: printable =' % addr, int(all(c in string.printable for c in struct.pack('<I', addr)))" 2>/dev/null; done > printable.log
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.