--show-payloads turns my terminal green

OWASP / ZSC

OWASP ZSC - Shellcode/Obfuscate Code Generator https://www.secologist.com/

https://www.secologist.com/

Other

646 stars 217 forks source link

--show-payloads turns my terminal green #109

Closed sizzop closed 7 years ago

sizzop commented 8 years ago

When executing python zsc.py --show-payloads, the output is shown as expected however my terminal input on OSX continues to be colored green.

screen shot 2016-10-25 at 4 54 16 pm

Ali-Razmjoo commented 8 years ago

Hi Brian,

Thanks for your report, First I want just notice that you can grep the payloads by witn own zsc command

python zsc.py --show-payloads linux_x86

here are more samples:

Search windows_x86 shellcodes: python zsc.py --show-payloads windows_x86 (this need exact os name or you can use pattern) or search a word with pattern:

python zsc.py -l windows*
python zsc.py -l *exec*
python zsc.py -l *xor_random

That's weird, I don't have problem with python zsc.py --show-payloads *linux_x86/system/none, but using grep will makes the problem!

notice: to search a specific payload please use one or two star(s) *

python zsc.py --show-payloads *linux_x86/system/none
python zsc.py --show-payloads linux_x86/system/none*
python zsc.py --show-payloads *linux_x86/system/none*

Ali-Razmjoo commented 8 years ago

Hi Brian again, I've found this problem in here, it's because of \n is end of the printing line.

the line is info(payload+'\n') , if we go inside of info() we can see:

def info(content):
    sys.stdout.write(color.color('yellow') + '[+] ' + color.color('green') +
                     content + color.color('reset'))
    return

it's color + content + color but in our case is color + content + \n + color, by using grep we could catch the line which is including out search pattern linux_x86/system/none and our lines are same:

color + content
reset color + color + content
reset color + color + content
reset color + color + content

as I referred this problem could be solved by using zsc --show-payloads *linux_x86/system/none* or any solution for fixing this in info()?

I was thinking about replacing \n with reset color+\n but it's not a good idea...

@sizzop @jowasp @Pratik151 @paraschetal @CodeMaxx any idea ?

CodeMaxx commented 7 years ago

~~@Ali-Razmjoo I'm unable to reproduce this.~~ Ok now I can.

CodeMaxx commented 7 years ago

@Ali-Razmjoo What we can do is to modify the info() function to remove \ns at the end of content and add same no. of \n after color.color('reset')

Ali-Razmjoo commented 7 years ago

Hey Akash, I think one solution could be like this (check the last char if it's \n and replace it with color.color('reset') + '\n' ):

def info(content):
    content =  content[:-1] + color.color('reset') + '\n' if (content[-1] == '\n') else content
    sys.stdout.write(color.color('yellow') + '[+] ' + color.color('green') +
                     content + color.color('reset'))
    return

I think content = content[:-1] + color.color('reset') + '\n' if (content[-1] == '\n') else content should be add to all stdout functions, or if anyone have better idea ?

CodeMaxx commented 7 years ago

@Ali-Razmjoo Yeah thats exactly what I mean ... except that we count the newline characters at the end of content because if there are multiple newlines then we need to remove all of them.

Number of newline chars at the end = len(content) - len(content.rstrip("\n"))

Ali-Razmjoo commented 7 years ago

Thanks @CodeMaxx.