Results 1 to 3 of 3

Thread: byteme.py

Hybrid View

  1. #1
    Just burned his ISO
    Join Date
    Feb 2011
    Posts
    1

    Default byteme.py

    Hello guys,

    Just curious to know if you would like to include this tool I made into bt.

    Why was this tool created?
    One day I did a pentest that required me to bypass some filters and I failed to understand some encoding tricks. I decided to spend the time and research UTF8 and built a tool based on that knowledge.

    What does it do?
    byteme.py is a tool to encode ascii characters in different formats so that a pentester can possibly bypass a WAF or specfic application filters.

    Who would use it?
    This tool is specfically designed for the manual pentester targeting a web application with a known flaw and trying to bypass WAF's/filter.

    Example:
    Code:
    [mr_me@pluto utf8]$ ./byteme.py
    
    	 ---------------------------------------
    	   / /  __ __/ /____ __ _  ___ 	 
    	  / _ \/ // / __/ -_)  ' \/ -_) 0x00 _  
    	 /_.__/\_, /\__/\__/_/_/_/\__/  0x7f	 
    	      /___/				 
    	 ---------------------------------------
    	 the ascii payload encoder (<=0x7f)	 
    	 written by 0x53746576656e205365656c6579
    
    Usage: ./byteme.py [<options>] -s [true string] -t [target] -d [directory]
    Example 1: ./byteme.py -s '<script>'
    Example 2: ./byteme.py -H 00
    
    Options:
      -h, --help  show this help message and exit
      -s STRING   Specify an ASCII string value to encode
      -H HEX      Specify a Hex character to encode
    [mr_me@pluto utf8]$ ./byteme.py -s "<script>"
    
    	 ---------------------------------------
    	   / /  __ __/ /____ __ _  ___ 	 
    	  / _ \/ // / __/ -_)  ' \/ -_) 0x00 _  
    	 /_.__/\_, /\__/\__/_/_/_/\__/  0x7f	 
    	      /___/				 
    	 ---------------------------------------
    	 the ascii payload encoder (<=0x7f)	 
    	 written by 0x53746576656e205365656c6579
    
    (+) Encoding string value '<script>'
    
    -----------[ Encoding results ]-----------
    
    (+) Standard hex: %3c%73%63%72%69%70%74%3e
    
    (+) Double percent: %253c%2573%2563%2572%2569%2570%2574%253e
    
    (+) Double nibble: %%33%63%%37%33%%36%33%%37%32%%36%39%%37%30%%37%34%%33%65
    
    (+) First nibble: %%33c%%373%%363%%372%%369%%370%%374%%33e
    
    (+) Second nibble: %3%63%7%33%6%33%7%32%6%39%7%30%7%34%3%65
    
    (+) UTF-8 2 byte: %c0%bc%c1%b3%c1%a3%c1%b2%c1%a9%c1%b0%c1%b4%c0%be
    
    (+) UTF-8 3 byte: %e0%80%bc%e0%81%b3%e0%81%a3%e0%81%b2%e0%81%a9%e0%81%b0%e0%81%b4%e0%80%be
    
    (+) UTF-8 4 byte: %f0%80%80%bc%f0%80%81%b3%f0%80%81%a3%f0%80%81%b2%f0%80%81%a9%f0%80%81%b0%f0%80%81%b4%f0%80%80%be
    
    [mr_me@pluto utf8]$
    Download: http://net-ninja.net/blog/wp-content...byteme.py_.txt

  2. #2
    Just burned his ISO
    Join Date
    Sep 2008
    Posts
    10

    Default Re: byteme.py

    Nice!

    Add more encodings from CAL9000/HackVector if you wish.


    http://yehg.net/lab/pr0js/pentest/CAL9000/
    http://hackvertor.co.uk/public

  3. #3
    Just burned his ISO
    Join Date
    Nov 2010
    Posts
    17

    Default Re: byteme.py

    So quick question, is this for use in conjunction with manual SQLi, and bypassing WAF?

    i.e. WAF is clearly in place so you can encode the statements you wish to use with one of these types of encoding, to bypass the WAF?

    Thanks a lot!

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •