Option "-v VARNAME" not working in combination with "-f python" and "-c"

Question

Option "-v VARNAME" not working in combination with "-f python" and "-c"

Closed this issue 7 years ago · 1 comments

Using "-f ruby-array" with "-c" and "-v" works as expected:

echo -ne "\x54\x58\x2D\x1a\x01\x00\x00\xFF\xE0" | sickle.py -s -f ruby-array -v test123 -c
Payload size: 9 bytes
test123 = ""
test123 << "\x54"                        # push esp
test123 << "\x58"                        # pop eax
test123 << "\x2d\x1a\x01\x00\x00"        # sub eax, 0x11a
test123 << "\xff\xe0"                    # jmp eax

Using "-f python" with "-c" and "-v" on the other hand does not:

echo -ne "\x54\x58\x2D\x1a\x01\x00\x00\xFF\xE0" | sickle.py -s -f python -v test123 -c 
Payload size: 9 bytes
"\x54"                                   # push esp
"\x58"                                   # pop eax
"\x2d\x1a\x01\x00\x00"                   # sub eax, 0x11a
"\xff\xe0"                               # jmp eax

If I remove the "-c" comments option the varname appears again:

echo -ne "\x54\x58\x2D\x1a\x01\x00\x00\xFF\xE0" | sickle.py -s -f python -v test123   
Payload size: 9 bytes
test123 = ""
test123 += "\x54\x58\x2d\x1a\x01\x00\x00\xff\xe0"

EDIT: The same happens with "-f perl" and possibly others.

P.S.: Very handy tool, thanks!

Answer 1 · 2018-02-03T04:52:29.000Z

Nice catch, I went ahead and pushed changes to fix this issue.

root@kali:~/Desktop# echo -ne "\x54\x58\x2D\x1a\x01\x00\x00\xFF\xE0" | sickle -s -f ruby-array -v test123 -c
Payload size: 9 bytes
test123 = ""
test123 << "\x54"                        # push esp
test123 << "\x58"                        # pop eax
test123 << "\x2d\x1a\x01\x00\x00"        # sub eax, 0x11a
test123 << "\xff\xe0"                    # jmp eax
root@kali:~/Desktop# echo -ne "\x54\x58\x2D\x1a\x01\x00\x00\xFF\xE0" | sickle -s -f python -v test123 -c
Payload size: 9 bytes
test123 = ""
test123 += "\x54"                        # push esp
test123 += "\x58"                        # pop eax
test123 += "\x2d\x1a\x01\x00\x00"        # sub eax, 0x11a
test123 += "\xff\xe0"                    # jmp eax
root@kali:~/Desktop# echo -ne "\x54\x58\x2D\x1a\x01\x00\x00\xFF\xE0" | sickle -s -f perl -v test123 -c
Payload size: 9 bytes
my $test123 =
"\x54".                                  # push esp
"\x58".                                  # pop eax
"\x2d\x1a\x01\x00\x00".                  # sub eax, 0x11a
"\xff\xe0";                              # jmp eax
root@kali:~/Desktop# echo -ne "\x54\x58\x2D\x1a\x01\x00\x00\xFF\xE0" | sickle -s -f c -v test123 -c
Payload size: 9 bytes
unsigned char test123[] = 
"\x54"                                   // push esp
"\x58"                                   // pop eax
"\x2d\x1a\x01\x00\x00"                   // sub eax, 0x11a
"\xff\xe0";                              // jmp eax

I'm glad your enjoying the tool 😁.