Example #1
0
    def pattern_offset(args):
        pos = None
        pattern = ''
        size = 0
        int_params = 0
        cp = []
        for item in args['pattern_offset']:
            if item.isdigit():
                size = int(item)
                int_params += 1
            elif 'extended' == item:
                cp.append('extended')
            else:
                pattern = item

        if int_params > 1:
            #TODO: print("Incorrect number of integer params. Taking last
            #digit param as size for the pattern generation")
            pass
        cp.append(str(size))
        new_args = {'create_pattern': cp}
        if pattern:
            cpattern = ExploitUtils.create_pattern(new_args)
            if pattern.startswith('0x'):  # if we have a real address
                pattern = Utils.addr_to_byte(pattern)
            if pattern and pattern in cpattern:
                pos = cpattern.find(pattern)
        return pos
Example #2
0
 def pattern_offset(args):
     pos = None
     pattern = ''
     size = 0
     int_params = 0
     cp = []
     for item in args['pattern_offset']:
         if item.isdigit():
             size = int(item)
             int_params += 1
         elif 'extended' == item:
             cp.append('extended')
         else:
             pattern = item
     
     if int_params > 1:
         #TODO: print("Incorrect number of integer params. Taking last
         #digit param as size for the pattern generation")
         pass
     cp.append(str(size))
     new_args = {'create_pattern': cp}
     if pattern:
         cpattern = ExploitUtils.create_pattern(new_args)
         if pattern.startswith('0x'): # if we have a real address
             pattern = Utils.addr_to_byte(pattern)
         if pattern and pattern in cpattern:
             pos = cpattern.find(pattern)
     return pos
Example #3
0
    def payload(args):
        res = ''
        ret_addr = ''
        nop_op = '\x90'
        nops_num = 0
        ret_num = 0
        size = 0
        if 'nops_number' in args:
            # argparse returns a list with one item
            nops_num = args['nops_number'][0]
            if nops_num.isdigit():
                nops_num = int(nops_num)
            else:
                print('Number of NOPS parameter should be a digit.')
                return res
        if 'ret_number' in args:
            # argparse returns a list with one item
            ret_num = args['ret_number'][0]
            if ret_num.isdigit():
                ret_num = int(ret_num)
            else:
                print('Number of return address repetitions \
                        parameter should be a digit.')
                return res
        if 'ret_addr' in args:
            ret_addr = args['ret_addr']
            ret_addr = Utils.addr_to_byte(ret_addr, bo='le')
        if 'shellcode_type' in args:
            sc_args = args['shellcode_type']
            shellcode = ShellcodeHandler.handle(sc_args)
        if 'size' in args:
            # argparse returns a list with one item
            size = args['size'][0]
            if size.isdigit():
                size = int(size)
            else:
                print('Size parameter should be a digit.')
                return res

        res, warning = BasicStack.__build_payload(size, nop_op, nops_num,
                                                  ret_addr, ret_num, shellcode)

        if warning == 1:
            print('The complete size of the payload is bigger than the size \
                    specified as a parameter.')
            print('The nops and return address repetition parameters have \
                    priority over the size parameter.')
            nops = nop_op * nops_num
            rets = ret_addr * ret_num
            pl = nops + shellcode + rets
            print('''NOPs number: {0}, shell size: {1}, \
                    return address: {2} ==> Real payload size:  {3} \
                    Size parameter: {4}'''.format(len(nops), len(shellcode),
                                                  len(rets), len(pl), size))

        return res
Example #4
0
    def payload(args):
        res = ''
        ret_addr = ''
        nop_op = '\x90'
        nops_num = 0
        ret_num = 0
        size = 0
        if 'nops_number' in args:
            # argparse returns a list with one item
            nops_num = args['nops_number'][0]
            if nops_num.isdigit():
                nops_num = int(nops_num)
            else:
                print('Number of NOPS parameter should be a digit.')
                return res
        if 'ret_number' in args:
            # argparse returns a list with one item
            ret_num = args['ret_number'][0]
            if ret_num.isdigit():
                ret_num = int(ret_num)
            else:
                print('Number of return address repetitions \
                        parameter should be a digit.')
                return res
        if 'ret_addr' in args:
            ret_addr = args['ret_addr']
            ret_addr = Utils.addr_to_byte(ret_addr, bo='le')
        if 'shellcode_type' in args:
            sc_args = args['shellcode_type']
            shellcode = ShellcodeHandler.handle(sc_args)
        if 'size' in args:
            # argparse returns a list with one item
            size = args['size'][0]
            if size.isdigit():
                size = int(size)
            else:
                print('Size parameter should be a digit.')
                return res

        res, warning = BasicStack.__build_payload(size, nop_op, nops_num, 
                ret_addr, ret_num, shellcode)

        if warning == 1:
            print('The complete size of the payload is bigger than the size \
                    specified as a parameter.')
            print('The nops and return address repetition parameters have \
                    priority over the size parameter.')
            nops = nop_op * nops_num
            rets = ret_addr * ret_num
            pl = nops + shellcode + rets
            print('''NOPs number: {0}, shell size: {1}, \
                    return address: {2} ==> Real payload size:  {3} \
                    Size parameter: {4}'''.format(
                        len(nops), len(shellcode), len(rets), len(pl), size))

        return res