diff options
| author | Malfurious <m@lfurio.us> | 2023-03-30 02:46:44 -0400 |
|---|---|---|
| committer | dusoleil <howcansocksbereal@gmail.com> | 2023-03-31 22:23:34 -0400 |
| commit | dd243d60cf75813812ac0115b6373b108b6b0ed8 (patch) | |
| tree | d588d3e342dd69464e0870ecab8337ea3f8280bb | |
| parent | de95a406075f87704ac3a884f3750d3656058891 (diff) | |
| download | sploit-dd243d60cf75813812ac0115b6373b108b6b0ed8.tar.gz sploit-dd243d60cf75813812ac0115b6373b108b6b0ed8.zip | |
Allow control of named pipe location via command-line
Add the ability to select which location to create FIFOs when running in
pipes mode, by passing the directory name to sploit where a target
executable would usually go. This has been an API feature from the start,
but not exposed via the sploit runner command-line interface.
There are a couple new use-cases where this is very convenient, including
scriptifying sploit in pipes mode (testing, for example) and when running
sploit under Docker. If pipes are placed in the working directory, all
project files can be shared with a single bind mount.
Signed-off-by: Malfurious <m@lfurio.us>
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
| -rw-r--r-- | README.txt | 8 | ||||
| -rw-r--r-- | sploit/main.py | 29 |
2 files changed, 24 insertions, 13 deletions
@@ -35,6 +35,14 @@ and against any target source regardless of how it exposes its stdio. $ sploit exploit.py ``` +The pipe FIFOs are normally located in a temporary directory. However, if a +directory name is given, sploit will use that location instead. A particularly +useful way to use this is to store the pipes in the current directory for working +with Docker. +``` +$ sploit exploit.py . +``` + When running in Pipes mode, sploit will wait for something to connect on the FIFOs before actually executing the exploit script. Once it has finished, it will go back to waiting and run the script again the next time it connects. diff --git a/sploit/main.py b/sploit/main.py index d918418..6d71196 100644 --- a/sploit/main.py +++ b/sploit/main.py @@ -1,5 +1,6 @@ from argparse import ArgumentParser, REMAINDER import gc +from os.path import isdir import tempfile import traceback @@ -20,24 +21,26 @@ def print_banner(color, line1=__version__, line2='', line3=''): def main(): parser = ArgumentParser(description='Execute Sploit script against target') parser.add_argument('script', help='Exploit script to run') - parser.add_argument('target', nargs=REMAINDER, help='Target program to exploit') + parser.add_argument('target', nargs=REMAINDER, help='Target cmdline or pipes directory') args = parser.parse_args() - if(len(args.target)>0): - target(args.script, args.target) + if len(args.target) == 0: + with tempfile.TemporaryDirectory() as tmpdir: + pipe(args.script, tmpdir) + elif len(args.target) == 1 and isdir(args.target[0]): + pipe(args.script, args.target[0]) else: - pipe(args.script) + target(args.script, args.target) -def pipe(script): +def pipe(script, tmpdir): print_banner(ERROR, line3='Pipe Mode') - with tempfile.TemporaryDirectory() as tmpdir: - while(True): - try: - p = Pipes(tmpdir) - except KeyboardInterrupt: - break - runscript(script, Comm(p)) - del p + while True: + try: + p = Pipes(tmpdir) + except KeyboardInterrupt: + break + runscript(script, Comm(p)) + del p def target(script, target): print_banner(STATUS, line3='Subprocess Mode') |