-
-
Save subat0mik/207bafd6824e827bd402bed8557daa76 to your computer and use it in GitHub Desktop.
Revisions
-
JohnHammond created this gist
Jun 20, 2021 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,46 @@ #!/usr/bin/env python3 """ # NOTE, you must change the string below for data you want. # This script does not take arguments in its current form. Sorry! """ from pwn import * string = b"foobar" full = "eax" half = "ax" little = "al" pieces = [] for i in range(0, len(string), 4): chunk = string[i : i + 4] pieces.append((hex(unpack(chunk, "all")), chunk.decode("utf-8"))) counter = 0 for each in pieces[::-1]: piece, value = each if len(piece) <= 10: register = full if len(piece) <= 6: print(f'"xor {full}, {full};" # zero out {full}') register = half print(f'"mov {register}, {piece}"; # ensure nullbyte') print(f"\"push {full};\" # end of string '{value}' with nullbyte") counter += 1 continue if len(piece) <= 4: print(f'"xor {full}, {full};" # zero out {full}') register = little print(f'"mov {register}, {piece};" # ensure nullbyte') print(f"\"push {full};\" # end of string '{value}' with nullbyte") counter += 1 continue if counter == 0: print(f'"xor {full}, {full};" # zero out {full}') print(f'"push {full};" # ensure nullbyte') print(f"\"push {piece};\" # push '{value}' onto stack") counter += 1