Last active
March 25, 2018 01:19
-
-
Save mgeeky/a6846663ac5e9391e399048758769568 to your computer and use it in GitHub Desktop.
One liner determining whether Metasploit's msfpescan's output addresses are printable (contain only ascii characters) or not.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Consider having following input gathered from Metasploit's msfpescan utility (msfpescan -M -p dump/ ): | |
| # bash$ cat msfpescan.log | |
| # | |
| # [./6d210000.rng] | |
| # 0x6d21185f pop edi; pop esi; ret | |
| # 0x6d213ba2 pop esi; pop ebp; ret | |
| # 0x6d213d2b pop esi; pop ebp; ret | |
| # 0x6d213f03 pop edi; pop esi; ret | |
| # 0x6d2140bf pop ebx; pop ebp; ret | |
| # 0x6d2146ae pop esi; pop ebx; ret | |
| # 0x6d214c66 pop ebx; pop ebp; ret | |
| # 0x6d214d01 pop ebx; pop ebp; ret | |
| # | |
| # Now the task is to list those of the addresses, that are build from only printable characters. The output shall be: | |
| # 0x6d21185f: printable = 0 | |
| # 0x6d213ba2: printable = 0 | |
| # 0x6d213d2b: printable = 1 | |
| # 0x6d213f03: printable = 0 | |
| # 0x6d2140bf: printable = 0 | |
| # 0x6d2146ae: printable = 0 | |
| # 0x6d214c66: printable = 1 | |
| # 0x6d214d01: printable = 0 | |
| # | |
| IFS=$'\n'; for line in $(cat msfpescan.log); do echo -e "$line" | ADDR=$(awk '{printf $1}') python -c "import struct,os,string;addr=int(os.getenv('ADDR'),16);print '0x%x: printable =' % addr, int(all(c in string.printable for c in struct.pack('<I', addr)))" 2>/dev/null; done > printable.log |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment