diff options
| author | Malfurious <m@lfurio.us> | 2021-08-22 08:25:26 -0400 |
|---|---|---|
| committer | Malfurious <m@lfurio.us> | 2021-08-22 08:25:26 -0400 |
| commit | 89c13129a55ccbecda31614c83e88612972c11a6 (patch) | |
| tree | 3355a91dce4e827aea02d09cbdd7b5a164f6cad8 | |
| parent | 9a5f29e228846a2a7fda8497e72c94cad516376c (diff) | |
| download | lib-des-gnux-89c13129a55ccbecda31614c83e88612972c11a6.tar.gz lib-des-gnux-89c13129a55ccbecda31614c83e88612972c11a6.zip | |
Refactor genhex into shelltool
For convenience, I've rewritten my old shellcode parser program in
Python. It is moved to the shellcode templates dir and renamed to
shelltool.
As a new feature, shelltool will now check the result for NULL bytes and
newline bytes that may cause problems in an exploit.
Signed-off-by: Malfurious <m@lfurio.us>
| -rwxr-xr-x | templates/shellcode/shelltool.py | 30 | ||||
| -rw-r--r-- | tools/genhex.cpp | 33 |
2 files changed, 30 insertions, 33 deletions
diff --git a/templates/shellcode/shelltool.py b/templates/shellcode/shelltool.py new file mode 100755 index 0000000..b95a8cd --- /dev/null +++ b/templates/shellcode/shelltool.py @@ -0,0 +1,30 @@ +#!/usr/bin/env python + +# This script will convert shellcode disassembly into an escaped string literal +# and warn about problematic bytes in the payload. +# objdump -d elf | ./shelltool.py + +import sys + +name = None +bytecode = [] +badchars = [ 0x00, 0x0a ] + +for line in sys.stdin: + for tok in line.split(): + if name is None: + name = tok + if len(tok) == 2: + try: + bytecode.append(int(tok, base=16)) + except: + pass + +result = ''.join([ "\\x%02x"%(x) for x in bytecode ]) +result = f'{name}"{result}"' + +for x in badchars: + if x in bytecode: + result += f' **0x{"%02x"%(x)} detected**' + +print(result) diff --git a/tools/genhex.cpp b/tools/genhex.cpp deleted file mode 100644 index a37f91e..0000000 --- a/tools/genhex.cpp +++ /dev/null @@ -1,33 +0,0 @@ -#include <iostream> -#include <string> - -/* - * Read in all of stdin (should be piped from objdump), look for bytecode hex, - * and print this code, escaped in a C-string literal, to stdout. - * - * EG output: "\x01\x02\x03\x04" - */ - -int main() -{ - std::string tmp; - unsigned int hex; - - std::cout << "\""; - - while (true) - { - std::cin >> tmp; - - if (std::cin.eof()) - break; - - if (tmp.size() == 2 && - tmp.find(":") == std::string::npos && - sscanf(tmp.c_str(), "%x", &hex) > 0) - std::cout << "\\x" << tmp; - } - - std::cout << "\"\n"; - return 0; -} |