Skip to content

Latest commit

 

History

History
97 lines (87 loc) · 3.6 KB

README.md

File metadata and controls

97 lines (87 loc) · 3.6 KB

script_tool

  • script tool python 2.7
  • script take input as option and arguments

how to use

[ help menu overview ]

usage: script.py [-h] [-c] [-r] [-a] [-A] [-H] [-l] [-s] [-G] [-F] [-D]

Usage: [OPtion] [arguments] [length] [arguments] Example: -c a -l 300

optional arguments:
  -h, --help         show this help message and exit
  -c , --char        to generate  A or B..etc char Example : -c a -l 220
  -r , --random      to generate random pattern Example : -r r -l 200
  -a , --alfa        to generate  AAAAtoZZZZ 32bit Example : -a x86 -l 26
  -A , --alfa_64     generate  AAAAAAAAtoZZZZZZZZ 64bit Example :-A x64 -l 26
  -H , --Hexdecode   to decode hex address Exampel: -H 0x00000000
  -l , --length      to give length of the pattern
  -s , --L_endian    to little-endian struct Example: -s 0x0876bf67
  -G , --libc        to grep from libc Library Example -G /bin/sh
  -F , --object      Select program dump Example: -F program.o -D ret
  -D , --dump        grep program addresses Example: -F Program -D pop

[ Pattern ]

  • wtih scripy.py can generate different kind of strings pattren
  • option -r r to give random pattern -l to give length for the pattren
 ~/script_tool# ./script.py  -r r -l 60
xvwbcigltvzcyrynipadtsjuukqlczgczwoxwjulmaidhijnveusieyfgzqz
  • wtih -c can generate char from a to b or any string like %
~/script_tool# ./script.py  -c a -l 50
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
~/script_tool# ./script.py  -c b  -l 70
BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
~/script_tool# ./script.py  -c %  -l 70
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
  • with -a x86 or -A x64 can generate English alphabet AAAA to ZZZZ or AAAAAAAA to ZZZZZZZZ
  • minimum '1' maximum '26'
~/script_tool# ./script.py  -a x86 -l 26
AAAABBBBCCCCDDDDEEEEFFFFGGGGHHHHIIIIJJJJKKKKLLLLMMMMNNNNOOOOPPPPQQQQRRRRSSSSTTTTUUUUVVVVWWWWXXXXYYYYZZZZ
~/script_tool# ./script.py  -A x64 -l 26
AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFFGGGGGGGGHHHHHHHHIIIIIIIIJJJJJJJJKKKKKKKKLLLLLLLLMMMMMMMMNNNNNNNNOOOOOOOOPPPPPPPPQQQQQQQQRRRRRRRRSSSSSSSSTTTTTTTTUUUUUUUUVVVVVVVVWWWWWWWWXXXXXXXXYYYYYYYYZZZZZZZZ

[ option -H ]

  • -H option to conver decode hex
  • and search for offset in pattren generate by script.py
~/script_tool# ./script.py  -H 0x6d7a7463

decode HEX is :  ctzm
Offset Found at  :  140

[ struck address ]

  • with option -s can convert address to little-endian
  • address will convert to array and as struct mode
~/script_tool# ./script.py  -s 0x6d7a7463
little_endian is :  "\x63\x74\x7a\x6d"
struck mode : struct.pack ('I', 0x6d7a7463 )

[ Return-to-libc ]

  • to grep from libc library use ./script.py -G /bin/sh # -G option grep folow with the string
  • ~/script_tool# ./script.py -G /bin/sh
  • grep _from _libc: 188406 /bin/sh

[ Return-oriented programming ROP ]

  • to grep pop ,ret from the program use -F and - D
~/script_tool# ./script.py  -F stack7 -D ret

 8048383:	c3                   	ret    
 8048494:	c3                   	ret    
 80484c2:	c3                   	ret    
 8048544:	c3                   	ret    
 8048553:	c3                   	ret    
 8048564:	c3                   	ret    
 80485c9:	c3                   	ret    
 80485cd:	c3                   	ret    
 80485f9:	c3                   	ret    
 8048617:	c3                   	ret

[for connect]