首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全工具>攻击程序>软件详细
软件名称:  ethboom.zip
文件类型:  
界面语言:  简体中文
软件类型:  国产软件
运行环境:  WinNT/2K/Xp
授权方式:  共享软件
软件大小:  6K
软件等级:  ★★★★☆
发布时间:  2004-03-26
官方网址: http://aluigi.altervista.org 作者:aluigi
演示网址:
软件说明:  
Remote proof of concept exploit for Etherlords I versions 1.07 and below and Etherlords II versions 1.03 and below that causes a crash. Related advisory http://vfocus.net/file/list.asp?id=351.  Homepage: http://aluigi.altervista.org. By Luigi Auriemma.
Application:  - Etherlords I
                http://www.etherlords.com/etherlords1/
              - Etherlords II
                http://www.etherlords.com
Versions:     Etherlords I   <= 1.07
              Etherlords II  <= 1.03
Platforms:    Windows
Bug:          reading of unallocated memory (crash)
Risk:         medium
Exploitation: remote, versus server and client
Date:         25 Mar 2004
Author:       Luigi Auriemma
              e-mail: aluigi@altervista.org
              web:    http://aluigi.altervista.org

1) Introduction

Etherlords is a 3D turn based game developed by Nival
(http://www.nival.com).
Etherlords I was released at November 2001 while the second game has
been released at October 2003.

2) Bug

The packet signed by the number 3 is usually sent by the server to the
client and contains a 16 bit value at offset 9 used to specify the size
of the data block that follows it.

If this number is too big the game will read also the unallocated
memory after the packet and will crash immediately.

The following memcpy() instruction comes from Etherlords II 1.03 and
is exactly where the bug happens:

:0076FD4B C1E902                  shr ecx, 02
:0076FD4E F3A5                    rep movsd
:0076FD50 8BCA                    mov ecx, edx
:0076FD52 83E103                  and ecx, 003
:0076FD55 F3A4                    rep movsb

The nice thing is that the packet 3 can also be used versus the server
that in fact will manage it just as the client does and will crash.

3) The Code

http://aluigi.altervista.org/poc/ethboom.zip

    
下载地址: 进入下载地址列表
下载说明: ☉推荐使用网际快车下载本站软件,使用 WinRAR v3.10 以上版本解压本站软件。
☉如果这个软件总是不能下载的请点击报告错误,谢谢合作!!
☉下载本站资源,如果服务器暂不能下载请过一段时间重试!
☉如果遇到什么问题,请到本站论坛去咨寻,我们将在那里提供更多 、更好的资源!
☉本站提供的一些商业软件是供学习研究之用,如用于商业用途,请购买正版。
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热门软件
·qwks.cpp(MS03-049)
·ms05039.rar
·fsie.rar
·Serv-U FTP溢出漏洞利用工具
·NBSI2破解版
·MS08-067.rar
·提权大杀器(2010黑帽大会公布的
·Churrasco.zip
·tfn2k.tgz
·ms04-011.rar
·SMBdie
·KiTrap0D.zip
  相关软件
·PSOProxy-exp.c
·vz-eSignal76.pl
·xp_ws_ftp_server.rar
·picobof.zip
·557iss_pam_exp.c
·crafty.zip
·ex_putlvcb_aix433_limited.pl
·03.28.305ether.c
·kmod.c
·ex_getlvcb_aix433_limited.pl
·x_make_aix433_limited.pl
·cdpexpl.tgz
 
  推荐广告
CopyRight © 2002-2021 VFocuS.Net All Rights Reserved