Like many projects, the last script I wrote was born from frustration and misery. I was navigating the exploitation module of the OSCP course when I got to using Metasploit’s pattern_create and pattern_offset scripts. I’d used them before, and knew I was about to experience the same frustration of copying endless lines of unique strings from a terminal to an entirely separate Windows VM all over again.
Sure, VM Tools works, but when I’m in exploitation mode, I don’t want to be flipping back and forth between VMs, copying strings with my mouse like a prehistoric animal. I don’t want to recite the “address” that EIP is trying to execute 50 times in my head just to forget it by the time I remember where pattern_offset is even located on my box!
So first I re-implemented Phillips321’s to work as a function, so that inserting a unique pattern of arbitrary length was as easy as:
import pattern_tools junk = pattern_tools.pattern_create(1000)
I went on to replicate pattern_offset. An offset can be located using:
import pattern_tools print pattern_tools.pattern_offset('AccessViolationAddressHere')
import pattern_tools print pattern_tools.pattern_offset('69413269') [*] Exact match at offset 247
In case you’re the type that likes to prefix your addresses with 0x, it supports that as well. You can download pattern_tools from my github. Feel free to do a pull request if you see an error, and leave a comment below if it helped you!