User Controls

Exploit Parsing.

  1. #1
    Sophie Pedophile Tech Support
    Sup niggas. I'm working on a tool that will automate the generation of shell code and compilation of Asm and C exploits that already exist.

    For the exploits that already exist i am using data from Exploit DB. I got the source code of the exploits on my box already but i have info on all of them stored in a JSON file. I want to be able to search my big ass JSON files and retrieve for instance the path of where the source code for exploit X is located.

    Consider the following in JSON.

    "SEARCH": "Linux",
    "DB_PATH_EXPLOIT": "~/tool/shellcodes",

    {"Title":"Linux/x86_64 - Reverse ( Shell (/bin/sh) + Password (pass) Shellcode (120 bytes)",
    "Author":"Gonçalo Ribeiro",

    {"Title":"Linux/x86_64 - Wget Linux Enumeration Script Shellcode (155 Bytes)",
    "Author":"Kağan Çapar",

    I know JSON and Python go very well together, and i know how to load a JSON file, but i am kind of fuzzy on how i am going to select for a certain item from each entry, say the "Path" item for instance. Is it easier to use regex, or iteration over the items with a `for` loop, or both?

    Of course i'll be working on this while this thread is up, but i figured i'd post this here so i can later come back to it to see if anyone has left some insightful comments.

    Oh BTW while i am here, i am building a mini OffSec framework as well that will be both compatible with Windows and Linux. The windows version will be deployed via windows installer. I can make a simple installer with NSIS easy enough but i want it to look professional and be able to customize what the installation script does. To that end i got AppDeploy and AppDeploy Repackager in order to write an MSI installer, as far as i am aware it can build chain installers and the scripting language is VSIX or MSIX, but don't quote me on that.

    If you have any experience with those or anything similar i would love to hear about them.

    Also i will be signing my Windows binaries with CVE-2020-0601, they won't be malicious but signed stuff has more clout even if it's spoofed. Also if you didn't know you could fake sign your windows and linux binaries complete with certs and all, well now you know. I got a shell script to automate the process if you are interested.
  2. #2
    gadzooks Dark Matter [keratinize my mild-tasting blossoming]
    You almost certainly shouldn't need regex for this.

    As long as the JSON is valid JSON, you can load it as a dict using the built-in json.loads.

    import json

    lst = json.loads(json_string)

    for exploit in lst['RESULTS_EXPLOIT']:
    ## outputs:
    # ~/tool/shellcodes/linux_x86-64/47291.c
    # ~/tool/shellcodes/inux_x86-64/47151.c

    def search_by_platform(platform):
    return [exploit['Path'] for exploit in lst['RESULTS_EXPLOIT'] if exploit['Platform'] == platform]

    ## outputs:
    # ['~/tool/shellcodes/linux_x86-64/47291.c', '~/tool/shellcodes/inux_x86-64/47151.c']

    The first example iterates over each entry and outputs (prints) the path.

    I threw in a list comprehension there as well - the search_by_platform() function - for selecting particular entries by indicating a particular platform (obviously that could be customized to search by date, author, or any other key in each entry/dict).

    And of course, if the json is in a separate file...

    lst = json.loads(open('path/to/file.json').read())

    But do note, however, that I had to make the tiniest modification to the JSON string for Python to accept it...

    Trailing commas after the last entry in an array/list within JSON breaks it, for whatever reason.
    The following users say it would be alright if the author of this post didn't die in a fire!
  3. #3
    Sophie Pedophile Tech Support
    Yee, thanks for that. The idea is i have the location data pulled from the JSON file, and/or any other interesting details the user might want. And then just compile from the path to the output directory i set up. And yeah i know a comma indicates the end of a single item in the list/dict in Python, i just grabbed those examples from somewhere down the middle of my json file that's why the comma is there. I forgot to remove it.
Jump to Top