ScriptMaker

0x00 前言

 pwn脚本千篇一律，之前也是保存了一份模板，每次都用它，但还是觉得每次都复制一次各种名字还是有的累，于是就写了一份脚本生成器

0x01 ScriptMaker

#!/usr/bin/env python
# coding: UTF-8
import sys
from sys import *

def make():
    data = """
#!/usr/bin/env python2
# -*- coding:utf-8 -*-
from pwn import *
import os, sys

DEBUG = 1

elf = ELF('./""" + argv[1] + """')


if DEBUG:
    libc = ELF('/home/moonagirl/moonagirl/libc/libc_local_x64')
    p = process('./""" + argv[1] + """')
    context.log_level = 'debug'

else:
    libc = ELF('./libc-2.23.so')
    www = '47.90.103.10'  
    port =  6000
    p = remote(www,port)

system_libc = libc.symbols['system']
success('system_libc:'+hex(system_libc))


def pwn():
    p.interactive()
    
if __name__ == '__main__':
    pwn()
    """
    py = "%s.py" % argv[1]
    
    f = open("./%s" % py, "wb")
    f.write(data)
    f.close()

if __name__ == '__main__':
    if len(sys.argv) > 1:
        make()

0x02 将ScriptMaker加入系统路径

将保存ScriptMaker的路径加入到home下的.profile文件PATH中，如下图，我的路径为/moonagirl/libc/python

➜  ~ cat .profile
# ~/.profile: executed by the command interpreter for login shells.
# This file is not read by bash(1), if ~/.bash_profile or ~/.bash_login
# exists.
# see /usr/share/doc/bash/examples/startup-files for examples.
# the files are located in the bash-doc package.

# the default umask is set in /etc/profile; for setting the umask
# for ssh logins, install and configure the libpam-umask package.
#umask 022

# if running bash
if [ -n "$BASH_VERSION" ]; then
    # include .bashrc if it exists
    if [ -f "$HOME/.bashrc" ]; then
	. "$HOME/.bashrc"
    fi
fi

# set PATH so it includes user's private bin directories
PATH="$HOME/bin:$HOME/.local/bin:$HOME/moonagirl/libc/python:$PATH"

然后重启系统就可以直接在命令台下执行ScriptMaker了，以后有什么新的需求直接修改ScriptMaker文件就行

➜  ~ ScriptMaker Test