Use python to write exploit

When testing software vulnerabilities, I personally prefer to use python for exploit, which is simple and fast. I have seen many times of writing in perl, but I don't like it. Record some common methods.

Python has a concept called module, which contains defined functions for reuse. The statement for using the module is as follows:

Import Module name

The struct module has a very convenient function, pack, in the following format:

Struct. pack (format, parameter)

Convert the parameter content to the format specified in the format. When writing shellcode, we need to sort the overwrite addresses in reverse order (little-endian). For convenience, we can use this function. The specific format we want to use is "<L", in the unsigned long integer little-endian format.

0x7ffa4512 is the jmp esp address used to kill windows 2000/xp/2003. Take it as an example:

Import struct

Struct. pack ('<l', 0x7ffa4512)

During the overflow test, a long string is often generated to fill the buffer zone. In python, you can directly use a multiplication character string:

Shellcode = '\ x90' * 1000

After the command is executed, the shellcode value is 1000 \ x90.

You can also use the plus sign to operate the string. An example of connecting two strings is as follows:

Import struct

Buffer = 'A' * 100

Jmpesp = struct ('<l', 0x7ffa4512) # convert 0x7ffa4512 to \ x12 \ x45 \ xfa \ x7f format

Buffer + = jmpesp

In python, the usage of "+ =" is the same as that of "+ =" in C. buffer + = jmpesp is equivalent to buffer = buffer + jmpesp, which can also be expressed by the latter.



The ord function can be used to convert a specified character to an ASCIIi code. The function declaration is as follows:

Ord (character)

Example:

>>> Print ord ('A ')

65

Note that the ord function only accepts characters and cannot accept strings.



For programs that overflow when reading files, you need to generate a file with test code. Python provides convenient file operation functions.

Filename = 'test' # defines a variable and assigns a value to the name of the file to be opened.

Payload = 'A' * 5000 # generate five thousand

F = open (filename, 'w') # open the file in write mode

F. write (payload) # write five thousand A files

F. close # close

After the above code is executed, A file with A file name of 5000 A and A file named test is generated in the current directory.



Sometimes you need to test the security of network programs. python also provides socket programming. Use the socket template.

Import socket

Shellcode = 'A' * 1000

S = socket. socket (socket. AF_INET, socket. SOCK_STREAM) # create a socket object

S. connect ("127.0.0.1", 200) # connect to 127.0.0.1 and set the port to 200

S. send (shellcode) # send data (one thousand)

This example can be used in network programs such as FTP Server for testing.