This Python script exploits a buffer overflow vulnerability in a web application running on 192.168.100.24:8081. By crafting a malicious HTTP POST request, the script sends a payload designed to execute a reverse shell on the target system.
This script is intended for educational purposes only. Use it responsibly and only on systems you own or have explicit permission to test. Unauthorized use is illegal and unethical.
- Buffer Overflow Exploit: Exploits a buffer overflow in the web application’s login functionality.
- Reverse Shell Payload: Sends a reverse shell payload that connects back to the attacker’s system.
- Buffer Overflow: Sends a crafted payload that overwrites the stack and redirects execution to the malicious payload.
- Return Address Overwrite: Overwrites the return address with a memory address pointing to a NOP sled and payload.
- Payload Execution: Executes the reverse shell payload (
buf), which connects back to the attacker's system.
- Python 3: The script requires Python 3.
- Network Access: Ensure connectivity to the target system (
192.168.100.24:8081).
-
Set Up the Listener:
Start a listener on your attacking machine to capture the reverse shell connection. Use a tool like
nc(Netcat):nc -lvnp 443
-
Run the Exploit:
Execute the script on your attacking machine:
python3 exploit.py
- Offset: Fills the buffer with
b"A" * 780to reach the return address. - Return Address: Overwrites the return address with
b"\x83\x0C\x09\x10". - NOP Sled: Adds
b"\x90" * 32NOP instructions for reliable payload execution. - Reverse Shell: A Metasploit-generated payload (
buf) to open a reverse shell.
This script is intended for educational purposes only. The author does not take responsibility for any damages caused by the misuse of this script. Always ensure you have explicit permission before testing systems for vulnerabilities.
Written by tyto.