Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/python
- import sys
- import pwn
- import copy
- import os
- # brute force best force wins again
- # fuck trying to reverse this shit
- pwn.context.log_level = 'error'
- f = open("testrand","r")
- d = f.read()
- f.close()
- d_r = d.rstrip()
- orig_str = "AAAAAAAA"
- lock = [0,0,0,0,0,0,0,0]
- def bf_try(change_posn,change_char):
- global orig_str
- global lock
- data_to_send = bytearray(copy.copy(orig_str))
- data_to_send[change_posn] = change_char
- for lc in range(0,8):
- if lock[lc] != 0:
- data_to_send[lc] = lock[lc]
- i = 0
- p = pwn.process(["./qemu-mips","bender_patched"])
- try:
- p.recvuntil(d_r)
- # print "okay, received %s" % d.rstrip()
- p.sendline(data_to_send)
- p.wait_for_close()
- ret = p.poll(block=True)
- except:
- ret = 139
- del data_to_send
- return ret
- chars = "abcdefghijklmnopqrstuvwxyxABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
- def bf_harness(current_check):
- global lock
- for i in range(0,8):
- if lock[i] != 0:
- print " [<] attempting check %d, char %d locked, continuing" % (current_check,i)
- continue
- for c in chars:
- if i == 7:
- print "lock 7 (status %s) attempting mutation %d:%c" % (lock,i,c)
- ret = bf_try(i,c)
- crashcount = 0
- while ret == 139:
- crashcount += 1
- if crashcount > 2:
- print " [!] too many crashes i = %d (return = %d), breaking" % (i,ret)
- break
- print " [!] crashed while iterating i = %d (return = %d), retrying" % (i,ret)
- os.system("rm *.core")
- ret = bf_try(i,c)
- if ret == 139:
- print " [!] noping out"
- return
- if ret != current_check:
- print " [>] locking %d at %c" % (i,c)
- lock[i] = c
- return
- if __name__ == "__main__":
- for i in range(0,8):
- bf_harness(i)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
