2007-03-16

simple python brute force script

This is a simple python script to brute force a buffer.

#!/usr/bin/python
# simple buffer brute force tool
# syndrowm 2007-03-16

import sys
import os

def usage():
print 'Usage: %s <program> [lower] [higher]' % sys.argv[0]
sys.exit(0)

if len(sys.argv) - 1 < 1:
usage()

try:
program = sys.argv[1]
lower = int(sys.argv[2])
higher = int(sys.argv[3])
higher = higher + 1
except:
print 'Using default range 1 100'
lower = 1
higher = 101

if (os.access(program, os.X_OK)) != 1:
print '%s does not exist' % program
usage()

n = range(lower,higher)

for x in n:
b = "A"*x
#print x, b
e = os.system('%s %s' % (program, b))
if e != 0:
if e == 139:
print x, e, "Segmentation fault \m/:(|)\m/"
else:
print x, e, "Unknown"
...
dsl@0[exploitmes]$ brute.py
Usage: brute.py [lower] [higher]
dsl@0[exploitmes]$ brute.py ./01_exploitme01 256 290
268 139 Segmentation fault \m/:(|)\m/
269 139 Segmentation fault \m/:(|)\m/

2.6.20-1.2925.fc6 and vmware


$ sudo vmware-config.pl
...
In file included from /tmp/vmware-config1/vmmon-only/linux/driver.c:80:
/tmp/vmware-config1/vmmon-only/./include/compat_kernel.h:21: error: expected declaration specifiers or ‘...’ before ‘compat_exit’
/tmp/vmware-config1/vmmon-only/./include/compat_kernel.h:21: error: expected declaration specifiers or ‘...’ before ‘exit_code’
/tmp/vmware-config1/vmmon-only/./include/compat_kernel.h:21: warning: type defaults to ‘int’ in declaration of ‘_syscall1’
make[2]: *** [/tmp/vmware-config1/vmmon-only/linux/driver.o] Error 1
make[1]: *** [_module_/tmp/vmware-config1/vmmon-only] Error 2
make[1]: Leaving directory `/usr/src/kernels/2.6.20-1.2925.fc6-i686'
make: *** [vmmon.ko] Error 2
make: Leaving directory `/tmp/vmware-config1/vmmon-only'
Unable to build the vmmon module.
The Fix
$ cd /usr/lib/vmware/modules/source
$ sudo cp vmmon.tar vmmon.tar.orig
$ vi vmmon-only/include/compat_kernel.h
...
static inline _syscall1(int, compat_exit, int, exit_code);
...
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
static inline _syscall1(int, compat_exit, int, exit_code);
#endif
...
$ sudo rm vmmon.tar
$ sudo tar cf vmmont.tar vmmon-only
$ sudo vmware-config.pl