[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] hooking python send()

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: [Full-Disclosure] hooking python send()
From: ned <nd@xxxxxxxxxxxxxxxx>
Date: Thu, 18 Sep 2003 23:42:40 -0700 (PDT)

hello,
attached is a patch to timeoutsocket.py which records all the data that is 
parsed to a socket to be sent. timeoutsocket.py already does this but only 
to make sure that the send or recv or connect doesn't time out. download 
and patch timeoutsocket.py from here:

http://www.timo-tasi.org/python/timeoutsocket.py

anyway...why would i want to see what is been sent? it's perfect for 
capturing packet data that is sent via a binary protocol, like DCERPC or  
NetBIOS or SMB and it's perfect for building payload-only exploits which 
can be distributed without worrying about copyrights. yes, although im am 
still unsure about some of the licenses, it is fine to distribute exploits 
that dont contain routines that are copyrighted. after all its the 
physical (code) thats proprietory and not the impulses it creates!

have a good one,
- nd

---- 
http://felinemenace.org/~nd/HOONCGI.html

-bash-2.05b$ diff -u timeoutsocket.py timeouthacked.py
--- timeoutsocket.py    2003-06-26 01:18:34.000000000 -0700
+++ timeouthacked.py    2003-09-18 23:18:25.000000000 -0700
@@ -166,6 +166,7 @@
     def __init__(self, sock, timeout):
         self._sock     = sock
         self._timeout  = timeout
+        self.count     = 0
     # end __init__

     def __getattr__(self, key):
@@ -229,6 +230,7 @@
         # ONLY if dumbhack indicates this is pass number one.
         #   If select raises an error, we pass it on.
         #   Is this the right behavior?
+        self.count = 0
         if not dumbhack:
             r,w,e = select.select([], [sock], [], timeout)
             if w:
@@ -289,6 +291,7 @@
                 #no raising for me!
                 return 0
                 raise Timeout("Send timed out")
+            self.dump(data)
         return sock.send(data, flags)
     # end send

@@ -314,6 +317,25 @@
         else:
             self._copies = self._copies -1
     # end close
+
+    def dump(self,data):
+        t = ""
+        single = 0
+        self.count += 1
+        for x in data:
+            t += "0x%2.2x " % ord(x)
+            if single == 8:
+                t += "\n"
+                single = 0
+            else:
+                single += 1
+        f = "\n[HEXDUMP] ----------------------------------- [%d]\n" % 
(self.count)
+        q = "\n[ASCII] ------------------------------------ [%d]\n" % 
(self.count)
+        t = f + t + q + data
+        handle = open("data.txt","a")
+        handle.write(t)
+        handle.close()
+

 # end TimeoutSocket

@@ -426,3 +448,4 @@
 del socket
 socket = timeoutsocket
 # Finis
+

Prev by Date: [Full-Disclosure] [SECURITY] [DSA-386-1] New libmailtools-perl packages fix input validation bug
Next by Date: Re: [Full-Disclosure] Verisign abusing .COM/.NET monopoly, BIND releases new
Previous by thread: [Full-Disclosure] [SECURITY] [DSA-386-1] New libmailtools-perl packages fix input validation bug
Next by thread: [Full-Disclosure] Remote root in LSH
Index(es):
- Date
- Thread