Gallopsled / pwntools / 1

Committed 20 Aug 2023 06:49PM UTC coverage: 1.309% (-70.3%) from 71.623%

Build # 1

Build Type

push

github

Committed by

web-flow

Commit Message

plt: remove stale MIPS workaround (#2256)

Fixes #2042

Run Details

2 of 5878 branches covered (0.03%)

221 of 16886 relevant lines covered (1.31%)

0.03 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.0

/pwnlib/commandline/shellcraft.py

#!/usr/bin/env python2
from __future__ import absolute_import
from __future__ import division

import argparse
import os
import six
import sys
import types

import pwnlib.args
pwnlib.args.free_form = False

from pwn import *
from pwnlib.commandline import common


#  ____  _          _ _                 __ _
# / ___|| |__   ___| | | ___ _ __ __ _ / _| |_
# \___ \| '_ \ / _ \ | |/ __| '__/ _` | |_| __|
#  ___) | | | |  __/ | | (__| | | (_| |  _| |_
# |____/|_| |_|\___|_|_|\___|_|  \__,_|_|  \__|

def _string(s):
    out = []
    for co in bytearray(s):
        c = chr(co)
        if co >= 0x20 and co <= 0x7e and c not in '/$\'"`':
            out.append(c)
        else:
            out.append('\\x%02x' % co)
    return '"' + ''.join(out) + '"\n'


p = common.parser_commands.add_parser(
    'shellcraft',
    help = 'Microwave shellcode -- Easy, fast and delicious',
    description = 'Microwave shellcode -- Easy, fast and delicious',
)


p.add_argument(
    '-?', '--show',
    action = 'store_true',
    help = 'Show shellcode documentation',
)

p.add_argument(
    '-o', '--out',
    metavar = 'file',
    type = argparse.FileType('wb'),
    default = getattr(sys.stdout, 'buffer', sys.stdout),
    help = 'Output file (default: stdout)',
)

p.add_argument(
    '-f', '--format',
    metavar = 'format',
    choices = ['r', 'raw',
               's', 'str', 'string',
               'c',
               'h', 'hex',
               'a', 'asm', 'assembly',
               'p',
               'i', 'hexii',
               'e', 'elf',
               'd', 'escaped',
               'default'],
    default = 'default',
    help = 'Output format (default: hex), choose from {e}lf, {r}aw, {s}tring, {c}-style array, {h}ex string, hex{i}i, {a}ssembly code, {p}reprocssed code, escape{d} hex string',
)

p.add_argument(
    'shellcode',
    nargs = '?',
    help = 'The shellcode you want',
    type = str
)

p.add_argument(
    'args',
    nargs = '*',
    metavar = 'arg',
    default = (),
    help = 'Argument to the chosen shellcode',
)

p.add_argument(
    '-d',
    '--debug',
    help='Debug the shellcode with GDB',
    action='store_true'
)

p.add_argument(
    '-b',
    '--before',
    help='Insert a debug trap before the code',
    action='store_true'
)

p.add_argument(
    '-a',
    '--after',
    help='Insert a debug trap after the code',
    action='store_true'
)

p.add_argument(
    '-v', '--avoid',
    action='append',
    help = 'Encode the shellcode to avoid the listed bytes'
)

p.add_argument(
    '-n', '--newline',
    dest='avoid',
    action='append_const',
    const='\n',
    help = 'Encode the shellcode to avoid newlines'
)

p.add_argument(
    '-z', '--zero',
    dest='avoid',
    action='append_const',
    const='\x00',
    help = 'Encode the shellcode to avoid NULL bytes'
)

p.add_argument(
    '-r',
    '--run',
    help="Run output",
    action='store_true'
)

p.add_argument(
    '--color',
    help="Color output",
    action='store_true',
    default=sys.stdout.isatty()
)

p.add_argument(
    '--no-color',
    help="Disable color output",
    action='store_false',
    dest='color'
)

p.add_argument(
    '--syscalls',
    help="List syscalls",
    action='store_true'
)

p.add_argument(
    '--address',
    help="Load address",
    default=None
)

p.add_argument(
    '-l', '--list',
    action='store_true',
    help='List available shellcodes, optionally provide a filter'
)

p.add_argument(
    '-s', '--shared',
    action='store_true',
    help='Generated ELF is a shared library'
)

def get_template(name):
    func = shellcraft
    for attr in name.split('.'):
        func = getattr(func, attr)
    return func

def is_not_a_syscall_template(name):
    template_src = shellcraft._get_source(name)
    return '/syscalls' not in template_src

def main(args):
    if args.list:
        templates = shellcraft.templates

        if args.shellcode:
            templates = filter(lambda a: args.shellcode in a, templates)
        elif not args.syscalls:
            templates = filter(is_not_a_syscall_template, templates)

        print('\n'.join(templates))
        exit()

    if not args.shellcode:
        common.parser.print_usage()
        exit()

    try:
        func = get_template(args.shellcode)
    except AttributeError:
        log.error("Unknown shellcraft template %r. Use --list to see available shellcodes." % args.shellcode)

    if args.show:
        # remove doctests
        doc = []
        in_doctest = False
        block_indent = None
        caption = None
        lines = func.__doc__.splitlines()
        i = 0
        while i < len(lines):
            line = lines[i]
            if line.lstrip().startswith('>>>'):
                # this line starts a doctest
                in_doctest = True
                block_indent = None
                if caption:
                    # delete back up to the caption
                    doc = doc[:caption - i]
                    caption = None
            elif line == '':
                # skip blank lines
                pass
            elif in_doctest:
                # indentation marks the end of a doctest
                indent = len(line) - len(line.lstrip())
                if block_indent is None:
                    if not line.lstrip().startswith('...'):
                        block_indent = indent
                elif indent < block_indent:
                    in_doctest = False
                    block_indent = None
                    # re-evalutate this line
                    continue
            elif line.endswith(':'):
                # save index of caption
                caption = i
            else:
                # this is not blank space and we're not in a doctest, so the
                # previous caption (if any) was not for a doctest
                caption = None

            if not in_doctest:
                doc.append(line)
            i += 1
        print('\n'.join(doc).rstrip())
        exit()

    defargs = len(six.get_function_defaults(func) or ())
    reqargs = six.get_function_code(func).co_argcount - defargs
    if len(args.args) < reqargs:
        if defargs > 0:
            log.critical('%s takes at least %d arguments' % (args.shellcode, reqargs))
            sys.exit(1)
        else:
            log.critical('%s takes exactly %d arguments' % (args.shellcode, reqargs))
            sys.exit(1)

    # Captain uglyness saves the day!
    for i, val in enumerate(args.args):
        try:
            args.args[i] = util.safeeval.expr(val)
        except ValueError:
            pass

    # And he strikes again!
    list(map(common.context_arg, args.shellcode.split('.')))
    code = func(*args.args)


    if args.before:
        code = shellcraft.trap() + code
    if args.after:
        code = code + shellcraft.trap()


    if args.format in ['a', 'asm', 'assembly']:
        if args.color:
            from pygments import highlight
            from pygments.formatters import TerminalFormatter
            from pwnlib.lexer import PwntoolsLexer

            code = highlight(code, PwntoolsLexer(), TerminalFormatter())

        print(code)
        exit()
    if args.format == 'p':
        print(cpp(code))
        exit()

    assembly = code

    vma = args.address
    if vma:
        vma = pwnlib.util.safeeval.expr(vma)

    if args.format in ['e','elf']:
        args.format = 'default'
        try: os.fchmod(args.out.fileno(), 0o700)
        except OSError: pass


        if not args.avoid:
            code = read(make_elf_from_assembly(assembly, vma=vma, shared=args.shared))
        else:
            code = asm(assembly)
            code = encode(code, args.avoid)
            code = make_elf(code, vma=vma, shared=args.shared)
            # code = read(make_elf(encode(asm(code), args.avoid)))
    else:
        code = encode(asm(assembly), args.avoid)

    if args.format == 'default':
        if args.out.isatty():
            args.format = 'hex'
        else:
            args.format = 'raw'

    arch = args.shellcode.split('.')[0]

    if args.debug:
        if not args.avoid:
            proc = gdb.debug_assembly(assembly, arch=arch, vma=vma)
        else:
            proc = gdb.debug_shellcode(code, arch=arch, vma=vma)
        proc.interactive()
        sys.exit(0)

    if args.run:
        proc = run_shellcode(code, arch=arch)
        proc.interactive()
        sys.exit(0)

    if args.format in ['s', 'str', 'string']:
        code = _string(code)
    elif args.format == 'c':
        code = '{' + ', '.join(map(hex, bytearray(code))) + '}' + '\n'
    elif args.format in ['h', 'hex']:
        code = pwnlib.util.fiddling.enhex(code) + '\n'
    elif args.format in ['i', 'hexii']:
        code = hexii(code) + '\n'
    elif args.format in ['d', 'escaped']:
        code = ''.join('\\x%02x' % c for c in bytearray(code)) + '\n'
    if not sys.stdin.isatty():
        args.out.write(getattr(sys.stdin, 'buffer', sys.stdin).read())

    if not hasattr(code, 'decode'):
        code = code.encode()
    args.out.write(code)

if __name__ == '__main__':
    pwnlib.commandline.common.main(__file__)

1	#!/usr/bin/env python2
2	from __future__ import absolute_import	×
3	from __future__ import division	×
4
5	import argparse	×
6	import os	×
7	import six	×
8	import sys	×
9	import types	×
10
11	import pwnlib.args	×
12	pwnlib.args.free_form = False	×
13
14	from pwn import *	×
15	from pwnlib.commandline import common	×
16
17
18	# ____ _ _ _ __ _
19	# / ___\|\| \|__ ___\| \| \| ___ _ __ __ _ / _\| \|_
20	# \___ \\| '_ \ / _ \ \| \|/ __\| '__/ _` \| \|_\| __\|
21	# ___) \| \| \| \| __/ \| \| (__\| \| \| (_\| \| _\| \|_
22	# \|____/\|_\| \|_\|\___\|_\|_\|\___\|_\| \__,_\|_\| \__\|
23
24	def _string(s):	×
25	out = []	×
26	for co in bytearray(s):	×
27	c = chr(co)	×
28	if co >= 0x20 and co <= 0x7e and c not in '/$\'"`':	×
29	out.append(c)	×
30	else:
31	out.append('\\x%02x' % co)	×
32	return '"' + ''.join(out) + '"\n'	×
33
34
35	p = common.parser_commands.add_parser(	×
36	'shellcraft',
37	help = 'Microwave shellcode -- Easy, fast and delicious',
38	description = 'Microwave shellcode -- Easy, fast and delicious',
39	)
40
41
42	p.add_argument(	×
43	'-?', '--show',
44	action = 'store_true',
45	help = 'Show shellcode documentation',
46	)
47
48	p.add_argument(	×
49	'-o', '--out',
50	metavar = 'file',
51	type = argparse.FileType('wb'),
52	default = getattr(sys.stdout, 'buffer', sys.stdout),
53	help = 'Output file (default: stdout)',
54	)
55
56	p.add_argument(	×
57	'-f', '--format',
58	metavar = 'format',
59	choices = ['r', 'raw',
60	's', 'str', 'string',
61	'c',
62	'h', 'hex',
63	'a', 'asm', 'assembly',
64	'p',
65	'i', 'hexii',
66	'e', 'elf',
67	'd', 'escaped',
68	'default'],
69	default = 'default',
70	help = 'Output format (default: hex), choose from {e}lf, {r}aw, {s}tring, {c}-style array, {h}ex string, hex{i}i, {a}ssembly code, {p}reprocssed code, escape{d} hex string',
71	)
72
73	p.add_argument(	×
74	'shellcode',
75	nargs = '?',
76	help = 'The shellcode you want',
77	type = str
78	)
79
80	p.add_argument(	×
81	'args',
82	nargs = '*',
83	metavar = 'arg',
84	default = (),
85	help = 'Argument to the chosen shellcode',
86	)
87
88	p.add_argument(	×
89	'-d',
90	'--debug',
91	help='Debug the shellcode with GDB',
92	action='store_true'
93	)
94
95	p.add_argument(	×
96	'-b',
97	'--before',
98	help='Insert a debug trap before the code',
99	action='store_true'
100	)
101
102	p.add_argument(	×
103	'-a',
104	'--after',
105	help='Insert a debug trap after the code',
106	action='store_true'
107	)
108
109	p.add_argument(	×
110	'-v', '--avoid',
111	action='append',
112	help = 'Encode the shellcode to avoid the listed bytes'
113	)
114
115	p.add_argument(	×
116	'-n', '--newline',
117	dest='avoid',
118	action='append_const',
119	const='\n',
120	help = 'Encode the shellcode to avoid newlines'
121	)
122
123	p.add_argument(	×
124	'-z', '--zero',
125	dest='avoid',
126	action='append_const',
127	const='\x00',
128	help = 'Encode the shellcode to avoid NULL bytes'
129	)
130
131	p.add_argument(	×
132	'-r',
133	'--run',
134	help="Run output",
135	action='store_true'
136	)
137
138	p.add_argument(	×
139	'--color',
140	help="Color output",
141	action='store_true',
142	default=sys.stdout.isatty()
143	)
144
145	p.add_argument(	×
146	'--no-color',
147	help="Disable color output",
148	action='store_false',
149	dest='color'
150	)
151
152	p.add_argument(	×
153	'--syscalls',
154	help="List syscalls",
155	action='store_true'
156	)
157
158	p.add_argument(	×
159	'--address',
160	help="Load address",
161	default=None
162	)
163
164	p.add_argument(	×
165	'-l', '--list',
166	action='store_true',
167	help='List available shellcodes, optionally provide a filter'
168	)
169
170	p.add_argument(	×
171	'-s', '--shared',
172	action='store_true',
173	help='Generated ELF is a shared library'
174	)
175
176	def get_template(name):	×
177	func = shellcraft	×
178	for attr in name.split('.'):	×
179	func = getattr(func, attr)	×
180	return func	×
181
182	def is_not_a_syscall_template(name):	×
183	template_src = shellcraft._get_source(name)	×
184	return '/syscalls' not in template_src	×
185
186	def main(args):	×
187	if args.list:	×
188	templates = shellcraft.templates	×
189
190	if args.shellcode:	×
191	templates = filter(lambda a: args.shellcode in a, templates)	×
192	elif not args.syscalls:	×
193	templates = filter(is_not_a_syscall_template, templates)	×
194
195	print('\n'.join(templates))	×
196	exit()	×
197
198	if not args.shellcode:	×
199	common.parser.print_usage()	×
200	exit()	×
201
202	try:	×
203	func = get_template(args.shellcode)	×
204	except AttributeError:	×
205	log.error("Unknown shellcraft template %r. Use --list to see available shellcodes." % args.shellcode)	×
206
207	if args.show:	×
208	# remove doctests
209	doc = []	×
210	in_doctest = False	×
211	block_indent = None	×
212	caption = None	×
213	lines = func.__doc__.splitlines()	×
214	i = 0	×
215	while i < len(lines):	×
216	line = lines[i]	×
217	if line.lstrip().startswith('>>>'):	×
218	# this line starts a doctest
219	in_doctest = True	×
220	block_indent = None	×
221	if caption:	×
222	# delete back up to the caption
223	doc = doc[:caption - i]	×
224	caption = None	×
225	elif line == '':	×
226	# skip blank lines
227	pass	×
228	elif in_doctest:	×
229	# indentation marks the end of a doctest
230	indent = len(line) - len(line.lstrip())	×
231	if block_indent is None:	×
232	if not line.lstrip().startswith('...'):	×
233	block_indent = indent	×
234	elif indent < block_indent:	×
235	in_doctest = False	×
236	block_indent = None	×
237	# re-evalutate this line
238	continue	×
239	elif line.endswith(':'):	×
240	# save index of caption
241	caption = i	×
242	else:
243	# this is not blank space and we're not in a doctest, so the
244	# previous caption (if any) was not for a doctest
245	caption = None	×
246
247	if not in_doctest:	×
248	doc.append(line)	×
249	i += 1	×
250	print('\n'.join(doc).rstrip())	×
251	exit()	×
252
253	defargs = len(six.get_function_defaults(func) or ())	×
254	reqargs = six.get_function_code(func).co_argcount - defargs	×
255	if len(args.args) < reqargs:	×
256	if defargs > 0:	×
257	log.critical('%s takes at least %d arguments' % (args.shellcode, reqargs))	×
258	sys.exit(1)	×
259	else:
260	log.critical('%s takes exactly %d arguments' % (args.shellcode, reqargs))	×
261	sys.exit(1)	×
262
263	# Captain uglyness saves the day!
264	for i, val in enumerate(args.args):	×
265	try:	×
266	args.args[i] = util.safeeval.expr(val)	×
267	except ValueError:	×
268	pass	×
269
270	# And he strikes again!
271	list(map(common.context_arg, args.shellcode.split('.')))	×
272	code = func(*args.args)	×
273
274
275	if args.before:	×
276	code = shellcraft.trap() + code	×
277	if args.after:	×
278	code = code + shellcraft.trap()	×
279
280
281	if args.format in ['a', 'asm', 'assembly']:	×
282	if args.color:	×
283	from pygments import highlight	×
284	from pygments.formatters import TerminalFormatter	×
285	from pwnlib.lexer import PwntoolsLexer	×
286
287	code = highlight(code, PwntoolsLexer(), TerminalFormatter())	×
288
289	print(code)	×
290	exit()	×
291	if args.format == 'p':	×
292	print(cpp(code))	×
293	exit()	×
294
295	assembly = code	×
296
297	vma = args.address	×
298	if vma:	×
299	vma = pwnlib.util.safeeval.expr(vma)	×
300
301	if args.format in ['e','elf']:	×
302	args.format = 'default'	×
303	try: os.fchmod(args.out.fileno(), 0o700)	×
304	except OSError: pass	×
305
306
307	if not args.avoid:	×
308	code = read(make_elf_from_assembly(assembly, vma=vma, shared=args.shared))	×
309	else:
310	code = asm(assembly)	×
311	code = encode(code, args.avoid)	×
312	code = make_elf(code, vma=vma, shared=args.shared)	×
313	# code = read(make_elf(encode(asm(code), args.avoid)))
314	else:
315	code = encode(asm(assembly), args.avoid)	×
316
317	if args.format == 'default':	×
318	if args.out.isatty():	×
319	args.format = 'hex'	×
320	else:
321	args.format = 'raw'	×
322
323	arch = args.shellcode.split('.')[0]	×
324
325	if args.debug:	×
326	if not args.avoid:	×
327	proc = gdb.debug_assembly(assembly, arch=arch, vma=vma)	×
328	else:
329	proc = gdb.debug_shellcode(code, arch=arch, vma=vma)	×
330	proc.interactive()	×
331	sys.exit(0)	×
332
333	if args.run:	×
334	proc = run_shellcode(code, arch=arch)	×
335	proc.interactive()	×
336	sys.exit(0)	×
337
338	if args.format in ['s', 'str', 'string']:	×
339	code = _string(code)	×
340	elif args.format == 'c':	×
341	code = '{' + ', '.join(map(hex, bytearray(code))) + '}' + '\n'	×
342	elif args.format in ['h', 'hex']:	×
343	code = pwnlib.util.fiddling.enhex(code) + '\n'	×
344	elif args.format in ['i', 'hexii']:	×
345	code = hexii(code) + '\n'	×
346	elif args.format in ['d', 'escaped']:	×
347	code = ''.join('\\x%02x' % c for c in bytearray(code)) + '\n'	×
348	if not sys.stdin.isatty():	×
349	args.out.write(getattr(sys.stdin, 'buffer', sys.stdin).read())	×
350
351	if not hasattr(code, 'decode'):	×
352	code = code.encode()	×
353	args.out.write(code)	×
354
355	if __name__ == '__main__':	×
356	pwnlib.commandline.common.main(__file__)	×

Gallopsled / pwntools / 1

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous