To run exploit, the pywebdav server needs to be run at localhost:8008, with the
following env vars set:

DUMMY_EXE = \path\to\any\valid\executable PYTHONPATH = \the\pywebdav\dir

And run:

python pywebdav/server/server.py -D \any\tmp\path -n

This server has been patched to return the contents of DUMMY_EXE every time any
path that ends with ".hax" is requested.

Then, run nvstream_exploit_0. It should sleep.

And run nvstream_exploit. Note that it has quite a few hardcoded offsets (rop
gadgets and struct member offsets), so it most likely won't work as is. This
should pop a SYSTEM cmd if it works.
