OSED-scripts-2/stackstring.py at main · ksecurity45/OSED-scripts-2 · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
# Developed by Johan Hammond

from pwn import *

string = b"ws2_32.dll"

full = "eax"
half = "ax"
little = "al"


pieces = []
for i in range(0, len(string), 4):
    chunk = string[i : i + 4]
    pieces.append((hex(unpack(chunk, "all")), chunk.decode("utf-8")))

counter = 0
for each in pieces[::-1]:
    piece, value = each
    if len(piece) <= 10:
        register = full
    if len(piece) <= 6:
        print(f'"xor {full}, {full};" # zero out {full}')
        register = half
        print(f'"mov {register}, {piece}"; # ensure nullbyte')
        print(f"\"push {full};\" # end of string '{value}' with nullbyte")
        counter += 1
        continue
    if len(piece) <= 4:
        print(f'"xor {full}, {full};" # zero out {full}')
        register = little
        print(f'"mov {register}, {piece};" # ensure nullbyte')
        print(f"\"push {full};\" # end of string '{value}' with nullbyte")
        counter += 1
        continue
    if counter == 0:
        print(f'"xor {full}, {full};" # zero out {full}')
        print(f'"push {full};" # ensure nullbyte')

    print(f"\"push {piece};\" # push '{value}' onto stack")
    counter += 1