VimScript Automation

go back / p4p1


Created on Sun. 09 Oct 2022



Over the past 2-3 weeks I've been working on getting most of my work organised and my blog more streamlined so that I can work on it better in the future. I also have been working on reverse engineering vim to find my first CVE.

After working on those two today I though maybe I should add a contact section to receive feedback from my posts. I've been adding little adds and more but no contacts. After the creation of my contact email so that you reading can contact me. I wanted to add it to all my blog posts.

Vim arguments

While reverse engineering vim I discovered the different modes vim offer and what functionality other than just opening and editing manually I can use to write / edit files faster.

The main ones I discovered that where pretty cool to mess around with where diff mode which basically opens a diff in a split and lets you see differences in files (Surprisingly good for batch scanning output).

Through my research I also had a look at how CVE's where run on vim and discovered that most of them are run with specific arguments. For example (CVE-2022-1942):

The main thing here that we will focus on is the -s section where we can specify a file with normal mode commands. Which can then be executed by vim and automatically modify a file.

Vim script

Now basically I can use the normal commands that I use regularly for editing files and string them together in a script file to do the edits for me.

In my case I wanted to append to every file this bit of code:

          
            <div class="card my-4">
              <h5 class="card-header">Questions / Feedback</h5>
              <div class="card-body">
                For any questions or feedback you can contact me on <a href="mailto:contact@leosmith.xyz">contact@leosmith.xyz</a>
              </div>
            </div>
          
        

If you look at the code of my template (here) it's actually pretty simple to do. At the end of the section where I have the little cards I have a /.row string which I just have to search for and edit above to add the string in questions.

Now running this script with a file in question the edits will be done automatically and I won't need to spend as much time going through every file again.


That was a quick blog post I hope you enjoyed it and now you can send me feedback through the email address so do not hesitate :)

Categories
XSS_BOMB
xss bomb app

A mobile app made to notify you when your xss payload is executed on a remote target built by me. Available for free on github opensource.

store | repo
Questions / Feedback
For any questions or feedback you can contact me on contact@leosmith.xyz