def strPython(self,
bits,
badBytes,
noTab=False,
paddingByteStr=None,
paddingLen=0):
if (noTab):
tab = ''
else:
tab = '\t'
if (not paddingByteStr and (paddingLen > 0)):
paddingByteStr = validByteStr(badBytes)
res = ""
res += tab + "# -------------------\n"
res += tab + "# " + string_exploit("Padding goes there\n")
res += tab + "# -------------------\n"
res += tab + "from struct import pack\n"
if (paddingLen == 0):
res += tab + "p = ''\n"
else:
res += tab + "p = '" + paddingByteStr + "' * " + str(
paddingLen) + '\n'
for i in range(0, len(self.ROPChains)):
info_string = tab + "# "+'-'*len(self.info[i])+'\n'\
+ tab + "# "+string_exploit(self.info[i]+'\n')\
+tab+"# "+'-'*len(self.info[i])
chain_string = self.ROPChains[i].strPython(
bits, badBytes, init=False, noTab=noTab) + "\n"
res += info_string + chain_string
return res
def strPython(self, bits, badBytes):
res = ""
res += "\t# -------------------\n"
res += "\t# " + string_exploit("Padding goes there\n")
res += "\t# -------------------\n"
res += "\tfrom struct import pack\n"
res += "\tp = ''\n"
for i in range(0, len(self.ROPChains)):
info_string = "\t# "+'-'*len(self.info[i])+'\n'\
+"\t# "+string_exploit(self.info[i]+'\n')\
+"\t# "+'-'*len(self.info[i])
chain_string = self.ROPChains[i].strPython(
bits, badBytes, init=False) + "\n"
res += info_string + chain_string
return res
def strConsole(self, bits, badBytes):
res = ""
for i in range(0, len(self.ROPChains)):
info_string = "\t"+'-'*len(self.info[i])+'\n'\
+string_exploit('\t'+self.info[i]+'\n')\
+"\t"+'-'*len(self.info[i])+'\n'
chain_string = self.ROPChains[i].strConsole(bits, badBytes) + '\n'
res += info_string + chain_string
return res
CMD_LOAD = "load"
CMD_CONFIG = "config"
CMD_EXIT = "exit"
CMD_SEARCH = "semantic"
CMD_EXPLOIT = "exploit"
helpStr = banner([
string_bold('Main Commands'),
string_special('(For more info about a command type <cmd -h>)')
])
helpStr += '\n\t' + string_bold(
CMD_LOAD) + ': \t\tload gadgets from a binary file'
helpStr += '\n\n\t' + string_semantic(string_bold(CMD_SEARCH)) + \
': \tEnter semantic-mode (Search for'+'\n\t\t\tgadgets and ROPChains)'
helpStr += '\n\n\t' + string_exploit(string_bold(CMD_EXPLOIT)) + \
': \tEnter exploit-mode (Automated exploit'+'\n\t\t\tgeneration features)'
helpStr += '\n\n\t' + string_bold(CMD_HELP) + ': \t\tprint available commands'
helpStr += '\n\t' + string_bold(CMD_EXIT) + ': \t\texit ROPGenerator'
def main():
print(string_ropg(string_bold(ASCII_art)))
initLogs()
finish = False
promptSession = PromptSession(ANSI(u"(" + string_ropg(u'main') + u")> "))
while (not finish):
try:
user_input = promptSession.prompt()
args = user_input.split()
argslen = len(args)
CMD_EXIT = "exit"
helpStr = banner([
string_bold('Exploit-Mode Commands'),
string_special('(For more info about a command type <cmd -h>)')
])
helpStr += '\n\t' + string_bold(CMD_PWN) + ': \t\tbuild an exploit'
helpStr += '\n\t' + string_bold(CMD_SYSCALL) + ': \tcall a system function'
helpStr += '\n\t' + string_bold(CMD_CALL) + ':\t\tcall a regular function'
helpStr += '\n\t' + string_bold(CMD_SHELLCODE) + ': \tmanage shellcodes'
helpStr += '\n\n\t' + string_bold(CMD_HELP) + ': \t\tshow this help'
helpStr += '\n\t' + string_bold(CMD_MAIN) + ': \t\treturn to the main menu'
helpStr += '\n\t' + string_bold(CMD_EXIT) + ': \t\texit ROPGenerator'
promptSession = PromptSession(ANSI(u"(" + string_exploit(u'exploit') + u")> "))
def exploit_mode():
"""
Returns
-------
True if ROPGenerator must continue
False if ROPGenerator must be closed
"""
finish = False
while (not finish):
try:
# Get command
user_input = promptSession.prompt()