Skip to content

Instantly share code, notes, and snippets.

@mgeeky

mgeeky/printable.sh

Last active Mar 25, 2018
Embed
What would you like to do?
One liner determining whether Metasploit's msfpescan's output addresses are printable (contain only ascii characters) or not.
#!/bin/bash
# Consider having following input gathered from Metasploit's msfpescan utility (msfpescan -M -p dump/ ):
# bash$ cat msfpescan.log
#
# [./6d210000.rng]
# 0x6d21185f pop edi; pop esi; ret
# 0x6d213ba2 pop esi; pop ebp; ret
# 0x6d213d2b pop esi; pop ebp; ret
# 0x6d213f03 pop edi; pop esi; ret
# 0x6d2140bf pop ebx; pop ebp; ret
# 0x6d2146ae pop esi; pop ebx; ret
# 0x6d214c66 pop ebx; pop ebp; ret
# 0x6d214d01 pop ebx; pop ebp; ret
#
# Now the task is to list those of the addresses, that are build from only printable characters. The output shall be:
# 0x6d21185f: printable = 0
# 0x6d213ba2: printable = 0
# 0x6d213d2b: printable = 1
# 0x6d213f03: printable = 0
# 0x6d2140bf: printable = 0
# 0x6d2146ae: printable = 0
# 0x6d214c66: printable = 1
# 0x6d214d01: printable = 0
#
IFS=$'\n'; for line in $(cat msfpescan.log); do echo -e "$line" | ADDR=$(awk '{printf $1}') python -c "import struct,os,string;addr=int(os.getenv('ADDR'),16);print '0x%x: printable =' % addr, int(all(c in string.printable for c in struct.pack('<I', addr)))" 2>/dev/null; done > printable.log
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.