minor doc
parent
001641dfb9
commit
908248905a
27
sins/run.py
27
sins/run.py
|
@ -6,10 +6,26 @@ from random import randint
|
|||
import binascii
|
||||
import ctypes
|
||||
import logging
|
||||
import subprocess
|
||||
import mmap
|
||||
|
||||
seed_shell = b'\x55\x90\x48\x89\xe5\x90\x48\x89\x7d\xf8\x90\x48\x8b\x45\xf8\x90\x5d\x90\xc3'
|
||||
template_shell = b''.join([
|
||||
b'\x55', # push rbp
|
||||
b'\x48\x89\xe5', # mov rbp,rsp
|
||||
b'\x48\x89\x7d\xf8', # mov QWORD [rbp-0x8],rdi
|
||||
b'\x48\x8b\x45\xf8', # mov rax,QWORD [rbp-0x8]
|
||||
b'\x5d', # pop rbp
|
||||
b'\xc3']) # ret
|
||||
|
||||
seed_shell = b''.join([
|
||||
b'\x55',
|
||||
b'\x48\x89\xe5',
|
||||
b'\x90' * randint(8, 64),
|
||||
b'\x48\x89\x7d\xf8',
|
||||
b'\x90' * randint(8, 64),
|
||||
b'\x48\x8b\x45\xf8',
|
||||
b'\x5d',
|
||||
b'\xc3'])
|
||||
|
||||
|
||||
def shell_func(shellcode: bytes):
|
||||
prot = mmap.PROT_READ | mmap.PROT_WRITE | mmap.PROT_EXEC
|
||||
|
@ -68,10 +84,11 @@ def sins():
|
|||
with seed.open('rb') as seed_file:
|
||||
seed_data = seed_file.read()
|
||||
|
||||
logger.info(f'seed_data\n{seed_data}')
|
||||
logger.info(f'seed_len: {len(seed_data)}')
|
||||
seed_len = ctypes.c_uint(len(seed_data))
|
||||
logger.info(f'seed_data\n{binascii.b2a_hex(seed_data)}')
|
||||
logger.info(f'seed_len: {seed_len}')
|
||||
|
||||
seed = shell_func(seed_shell)
|
||||
ret_val = seed(ctypes.c_uint(len(seed_data)))
|
||||
ret_val = seed(seed_len)
|
||||
|
||||
logger.info(f'ret_val: {ret_val}')
|
||||
|
|
Loading…
Reference in New Issue